6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Size

10.4MB
MD5

2e784cdab6b1f0e6cc0ef4b620354bfd
SHA1

4f1f5f252804720aa2c94682d0af141bc9c8584e
SHA256

6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad
SHA512

2303c0c89824babee763944a74c8f77a94ff6185e00819942fc29fe54658185c5eec8ccbc7bc702406f938a28bbfdc5ee7e3314421e717ca2c27f3c8a8dd7aca
SSDEEP

196608:gUZWC2SSJ7PbDdh0HtQba8z1sjzkAilU4I4:gUZB25J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 58 IoCs

pid	Process
2636	yb3F51.tmp
2204	setup.exe
1412	setup.exe
2936	setup.exe
1704	service_update.exe
1652	service_update.exe
1896	service_update.exe
400	service_update.exe
1672	service_update.exe
2492	service_update.exe
1792	Yandex.exe
972	clidmgr.exe
2924	clidmgr.exe
2524	browser.exe
1016	browser.exe
2224	browser.exe
2424	browser.exe
2620	browser.exe
1704	browser.exe
1676	browser.exe
1868	browser.exe
1848	browser.exe
2416	browser.exe
2468	browser.exe
1216	browser.exe
1932	browser.exe
2680	browser.exe
772	browser.exe
448	browser.exe
2820	browser.exe
1548	browser.exe
780	browser.exe
2964	browser.exe
2576	browser.exe
2916	browser.exe
2368	browser.exe
1492	browser.exe
2588	browser.exe
3172	browser.exe
2684	browser.exe
372	browser.exe
3076	browser.exe
3660	browser.exe
3280	browser.exe
3952	browser.exe
600	browser.exe
2420	browser.exe
3260	browser.exe
1692	browser.exe
3432	browser.exe
3488	browser.exe
3460	browser.exe
3756	browser.exe
2940	browser.exe
3192	browser.exe
1208	browser.exe
3188	browser.exe
3356	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
2636	yb3F51.tmp
2204	setup.exe
2204	setup.exe
2204	setup.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe
1704	service_update.exe
1704	service_update.exe
1704	service_update.exe
1704	service_update.exe
1704	service_update.exe
1896	service_update.exe
1896	service_update.exe
1672	service_update.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe
1792	Yandex.exe
1412	setup.exe
1412	setup.exe
1412	setup.exe
2524	browser.exe
1016	browser.exe
2524	browser.exe
2224	browser.exe
2224	browser.exe
2620	browser.exe
2424	browser.exe
2620	browser.exe
2424	browser.exe
1704	browser.exe
1676	browser.exe
1676	browser.exe
1868	browser.exe
1704	browser.exe
1868	browser.exe
2424	browser.exe
2424	browser.exe
2424	browser.exe
1848	browser.exe
2416	browser.exe
2468	browser.exe
1848	browser.exe
2468	browser.exe
1216	browser.exe
1216	browser.exe
2416	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe
1932	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 5 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\debug.log	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 59 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yb3F51.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexSWF.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.epub\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexFB2.3AB5LUMEAZFF3GJA6GWROLZY64	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexFB2.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexJPEG.3AB5LUMEAZFF3GJA6GWROLZY64\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-109"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.tif	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexHTML.3AB5LUMEAZFF3GJA6GWROLZY64\ = "Yandex Browser HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexINFE.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexWEBM.3AB5LUMEAZFF3GJA6GWROLZY64\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexFB2.3AB5LUMEAZFF3GJA6GWROLZY64\ = "Yandex Browser FB2 Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexGIF.3AB5LUMEAZFF3GJA6GWROLZY64\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexWEBM.3AB5LUMEAZFF3GJA6GWROLZY64	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.png\shell\image_search\ = "Поиск по картинке"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.gif\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexCRX.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexTIFF.3AB5LUMEAZFF3GJA6GWROLZY64	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexWEBP.3AB5LUMEAZFF3GJA6GWROLZY64\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexSWF.3AB5LUMEAZFF3GJA6GWROLZY64\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.tiff\shell	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexSVG.3AB5LUMEAZFF3GJA6GWROLZY64\Application\AppUserModelId = "Yandex.3AB5LUMEAZFF3GJA6GWROLZY64"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexXML.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexJS.3AB5LUMEAZFF3GJA6GWROLZY64\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexTIFF.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yabrowser\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexCSS.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexHTML.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexWEBP.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexGIF.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\yabrowser\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.bmp\shell\image_search\ = "Поиск по картинке"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexPNG.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexPDF.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.html\OpenWithProgids\YandexHTML.3AB5LUMEAZFF3GJA6GWROLZY64	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.gif\shell\image_search	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexEPUB.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexINFE.3AB5LUMEAZFF3GJA6GWROLZY64\Application\AppUserModelId = "Yandex.3AB5LUMEAZFF3GJA6GWROLZY64"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search\command	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexPNG.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.crx\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\ = "Поиск по картинке"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.gif\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexINFE.3AB5LUMEAZFF3GJA6GWROLZY64\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexWEBP.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexXML.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexJPEG.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.infected	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexPNG.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexSVG.3AB5LUMEAZFF3GJA6GWROLZY64\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.webm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexJS.3AB5LUMEAZFF3GJA6GWROLZY64\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-126"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexPNG.3AB5LUMEAZFF3GJA6GWROLZY64	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexXML.3AB5LUMEAZFF3GJA6GWROLZY64	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexFB2.3AB5LUMEAZFF3GJA6GWROLZY64\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexFB2.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.svg	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.mhtml\OpenWithProgids\YandexHTML.3AB5LUMEAZFF3GJA6GWROLZY64	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search\ = "Поиск по картинке"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexHTML.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexPNG.3AB5LUMEAZFF3GJA6GWROLZY64\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexPDF.3AB5LUMEAZFF3GJA6GWROLZY64\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.htm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\YandexBrowser.crx\Application\AppUserModelId = "Yandex.3AB5LUMEAZFF3GJA6GWROLZY64"	setup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1412	setup.exe
1412	setup.exe
2524	browser.exe
2524	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe
Token: SeShutdownPrivilege	2524	browser.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe
2524	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
2524	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2948	2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	30
PID 2408 wrote to memory of 2948	2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	30
PID 2408 wrote to memory of 2948	2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	30
PID 2408 wrote to memory of 2948	2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	30
PID 2408 wrote to memory of 2948	2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	30
PID 2408 wrote to memory of 2948	2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	30
PID 2408 wrote to memory of 2948	2408	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	30
PID 2948 wrote to memory of 2636	2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	32
PID 2948 wrote to memory of 2636	2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	32
PID 2948 wrote to memory of 2636	2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	32
PID 2948 wrote to memory of 2636	2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	32
PID 2948 wrote to memory of 2636	2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	32
PID 2948 wrote to memory of 2636	2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	32
PID 2948 wrote to memory of 2636	2948	6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe	32
PID 2636 wrote to memory of 2204	2636	yb3F51.tmp	33
PID 2636 wrote to memory of 2204	2636	yb3F51.tmp	33
PID 2636 wrote to memory of 2204	2636	yb3F51.tmp	33
PID 2636 wrote to memory of 2204	2636	yb3F51.tmp	33
PID 2636 wrote to memory of 2204	2636	yb3F51.tmp	33
PID 2636 wrote to memory of 2204	2636	yb3F51.tmp	33
PID 2636 wrote to memory of 2204	2636	yb3F51.tmp	33
PID 2204 wrote to memory of 1412	2204	setup.exe	34
PID 2204 wrote to memory of 1412	2204	setup.exe	34
PID 2204 wrote to memory of 1412	2204	setup.exe	34
PID 2204 wrote to memory of 1412	2204	setup.exe	34
PID 2204 wrote to memory of 1412	2204	setup.exe	34
PID 2204 wrote to memory of 1412	2204	setup.exe	34
PID 2204 wrote to memory of 1412	2204	setup.exe	34
PID 1412 wrote to memory of 2936	1412	setup.exe	35
PID 1412 wrote to memory of 2936	1412	setup.exe	35
PID 1412 wrote to memory of 2936	1412	setup.exe	35
PID 1412 wrote to memory of 2936	1412	setup.exe	35
PID 1412 wrote to memory of 2936	1412	setup.exe	35
PID 1412 wrote to memory of 2936	1412	setup.exe	35
PID 1412 wrote to memory of 2936	1412	setup.exe	35
PID 1412 wrote to memory of 1704	1412	setup.exe	37
PID 1412 wrote to memory of 1704	1412	setup.exe	37
PID 1412 wrote to memory of 1704	1412	setup.exe	37
PID 1412 wrote to memory of 1704	1412	setup.exe	37
PID 1412 wrote to memory of 1704	1412	setup.exe	37
PID 1412 wrote to memory of 1704	1412	setup.exe	37
PID 1412 wrote to memory of 1704	1412	setup.exe	37
PID 1704 wrote to memory of 1652	1704	service_update.exe	38
PID 1704 wrote to memory of 1652	1704	service_update.exe	38
PID 1704 wrote to memory of 1652	1704	service_update.exe	38
PID 1704 wrote to memory of 1652	1704	service_update.exe	38
PID 1704 wrote to memory of 1652	1704	service_update.exe	38
PID 1704 wrote to memory of 1652	1704	service_update.exe	38
PID 1704 wrote to memory of 1652	1704	service_update.exe	38
PID 1896 wrote to memory of 400	1896	service_update.exe	40
PID 1896 wrote to memory of 400	1896	service_update.exe	40
PID 1896 wrote to memory of 400	1896	service_update.exe	40
PID 1896 wrote to memory of 400	1896	service_update.exe	40
PID 1896 wrote to memory of 400	1896	service_update.exe	40
PID 1896 wrote to memory of 400	1896	service_update.exe	40
PID 1896 wrote to memory of 400	1896	service_update.exe	40
PID 1896 wrote to memory of 1672	1896	service_update.exe	41
PID 1896 wrote to memory of 1672	1896	service_update.exe	41
PID 1896 wrote to memory of 1672	1896	service_update.exe	41
PID 1896 wrote to memory of 1672	1896	service_update.exe	41
PID 1896 wrote to memory of 1672	1896	service_update.exe	41
PID 1896 wrote to memory of 1672	1896	service_update.exe	41
PID 1896 wrote to memory of 1672	1896	service_update.exe	41
PID 1672 wrote to memory of 2492	1672	service_update.exe	42

C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
"C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe
  "C:\Users\Admin\AppData\Local\Temp\6e287dca83f3b909f15275b9f5f832fee327f5a9c9a5903450e75abbcb9ef2ad.exe" --parent-installer-process-id=2408 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\a6ec7da9-ddc9-450a-9190-67dc89b66c73.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --progress-window=131526 --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\509c1ee2-bda9-4eba-a6ca-da7b1ba046df.tmp\" --verbose-logging"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\yb3F51.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb3F51.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\a6ec7da9-ddc9-450a-9190-67dc89b66c73.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=47 --install-start-time-no-uac=273399200 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131526 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\509c1ee2-bda9-4eba-a6ca-da7b1ba046df.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\a6ec7da9-ddc9-450a-9190-67dc89b66c73.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=47 --install-start-time-no-uac=273399200 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131526 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\509c1ee2-bda9-4eba-a6ca-da7b1ba046df.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\a6ec7da9-ddc9-450a-9190-67dc89b66c73.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=47 --install-start-time-no-uac=273399200 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131526 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\509c1ee2-bda9-4eba-a6ca-da7b1ba046df.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=328061600
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1412 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0xc29d28,0xc29d34,0xc29d40
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2936
      - C:\Windows\TEMP\sdwra_1412_218273959\service_update.exe
        
        "C:\Windows\TEMP\sdwra_1412_218273959\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1704
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --install
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:972
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1412_1823373910\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2924

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1896 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x14fd784,0x14fd790,0x14fd79c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:400
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2492

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=131526 --install-start-time-no-uac=273399200
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2524
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=2524 --annotation=metrics_client_id=bbb5f1651e8a46c29f10fa29a758d891 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x73ac9a14,0x73ac9a20,0x73ac9a2c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1016
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1724,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2424
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1776,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1732 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2224
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2052,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2068 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2620
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2256,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2368 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1676
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=2708,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2400 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1704
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2908,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2904 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1868
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3380,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2416
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3556,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3568 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1848
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3712,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1216
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3844,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3852 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2468
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1756,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1932
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1908,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4052 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2680
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3968,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:772
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3788,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:448
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5008,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4544,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1548
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=5180,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5188 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:780
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5220,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5268 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2964
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5248,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5256 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2576
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1928,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2696 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2916
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1916,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2012 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1992,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5608 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2684
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1996,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5628 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1492
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1988,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5728 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:372
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1960,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1980 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2588
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6028,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5964 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3076
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5448,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6148 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3172
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5460,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5452 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3280
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5892,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5888 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3660
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=2912,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2920 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3952
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=5340,i,11411239110574858692,10372489465453851134,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=560 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3356

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={6555B6E3-633F-4FBB-91CC-807F7B430FE8}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:600
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724009573 --annotation=last_update_date=1724009573 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=600 --annotation=metrics_client_id=bbb5f1651e8a46c29f10fa29a758d891 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73ac9a14,0x73ac9a20,0x73ac9a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2420
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1784,i,7703863608945190636,13070332897704994065,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3260
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1980,i,7703863608945190636,13070332897704994065,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1928 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1692

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={B8E3B26E-CEB8-423A-8C6F-921E08DABB6F}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:3432
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724009573 --annotation=last_update_date=1724009573 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3432 --annotation=metrics_client_id=bbb5f1651e8a46c29f10fa29a758d891 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73ac9a14,0x73ac9a20,0x73ac9a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3488
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1820,i,3661510989632138498,7416202203641865827,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3460
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1884,i,3661510989632138498,7416202203641865827,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1828 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3756

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={B5278BE2-44CA-4950-9259-AD8151E2BA26}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:2940
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724009573 --annotation=last_update_date=1724009573 --annotation=launches_after_update=3 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2940 --annotation=metrics_client_id=bbb5f1651e8a46c29f10fa29a758d891 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73ac9a14,0x73ac9a20,0x73ac9a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3192
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1740,i,16374560633376265753,2387002098623330096,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1208
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=25E45AD0-3DCD-4B3A-A26A-B43DFCD36E26 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1948,i,16374560633376265753,2387002098623330096,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2004 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
714B

MD5
5d2f1b24802b57ffaa3cddb952d76625

SHA1
a63faf3f9f678b5abb49f1e2b654a1ef81e63a2d

SHA256
d50ea5184d6ef43d439c849af9839678b9920ebbd34a57cca78eb3ff98bf8fe6

SHA512
41f1c6f5ac0de92bdbcb98b1aa34dd42c334079da4914aeb0efde1ab2c7320177acfc57ab2cf5a55f4de1e875a1e86f97b5eb21caa8b04609b895b7297b632f1

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
962dd56315e863fadefeee48df91f032

SHA1
1e49cfeb59adb3a7bba01a1f344ebfcd1e033db9

SHA256
197afcac87ec97ca79618ba559657ef5c47da50533d363b5121c1ffc6d118218

SHA512
7888b9692da9cdb07546b11cd995e0fb41ad36d00f0ca5a1dc772f98ba27d785235acb8ef934f0c6f929d78a0afa7091404dfec0d2bd021c48c8458beefce98b

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
cbe16df61ef965851350ed458541b03a

SHA1
330e8b5685a5c83a4558902101c5d646d9f72d70

SHA256
c05f5f61b19855f1cadc3fcda63b6e7094c36fb08eef4874f02cc1e5f8b362ee

SHA512
a0817c6bc38ab3c5a57261f20f7d09ce0efd8b4f1818305e5c5f2db0fdb74f3dc813d7094362e30330d01f56eaf776ea0b0e625c5f157453e974da24dd7bd52c

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
31b8553121e2c589076ffd82a54c2515

SHA1
7eca994b13f098030ce4b6bfffcc40ae8a2f4a76

SHA256
cb06e47fb6b9674be19fb21e13870100e3f75c29acd668e1739abc92e13cfca8

SHA512
acfb18d4c5aecf68efac851cb2b32bc71b0c0be3f5d4f52b1a10dc03efcf1017051dad12aaa5de4adca34b058a4be9a9657d945811bee246baf517e28993e900

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
b66c70ae2d4f6cec78f835bd305adac8

SHA1
11920f7b13d7988dbdad4df51f08c03343220bca

SHA256
71f9694f6866bfb20858b7215394fc6a83e9ec0c3f1a296e6ab01b8aedff0964

SHA512
8b87661604a2e8277e1683d87bebf73013e11493e42fb57ad90d62416468b465a7c941af2efef6c7469b9d072476a8b2b3a0de8daee21058e2b70db20193d049

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
b23c1181ad5edb6a76913791f9381a40

SHA1
43edfb8018e87e1ff22c814bad3b9943f6004fe4

SHA256
a160535dd71d8f3987d5c9a5d5ced63591167eb1fbafacbae1fec77e95f906d8

SHA512
1643d78136fbc597574b08518833695ee54fd5e15c6ec8958b206b64c89bb56f8d00d46b697aacf78af70289b8de3ba0f23f4374edd7f7e9839c356ec729c4a9

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
1d3ed61a43d0c35b29399e297f1d3353

SHA1
8242c3589b3fc2f301b95760b26f972eedea8a57

SHA256
6e14b1c287a3da7ecf681fe586efe2d0aa85b441ad919e34424d516bed4a2200

SHA512
c8119309869dc9ef37ebd20addac0b7db1113660fe0d4c1863768f17e5b0d1b2d0734cf5651e56ed2c46dcd6b53a1339733f8fedfb07766e2e8c541252d821bd

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
6421569c3fee4db00090d19a973cbbad

SHA1
7a436ab3abcc2807cdd703b49d36593a21397313

SHA256
bc1ee04bd387ce476cb055d326623c5bd0633e36044617ba483e19ed95688379

SHA512
adb610f3043250ef3a3a4404983cc970820146c95f30fd385e175a636f094e04219eeeba893f7f8c1bb6e4ee9d2240c475f539528acd3ac139f1bc5e70a868ea

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
6KB

MD5
d61231b26339d84d7bee8cc330ae3d4a

SHA1
9f98933ec6bc60a6a48e4fdaf834ee963e58ea17

SHA256
2ec3948b74842c5c73a6329b66e0e3cbd3bd6f9f662f52f29212cdb8fdbd4363

SHA512
f5c4fbc937865f47389b080ee8a63f277d939c99fb41e166615e7ad5b2e944f686565dd37e9cf3635ee407f680b6161631019870e0cfce7f3f6c7760aa7c18d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
43635593143f640172003fb63ccb038f

SHA1
af5482293bf633453e8bc07d139f1021fb4ccc96

SHA256
398729442d0f833c3e9cfeb4ed2e70d3b12001c6f313d822ef1a655de0418f69

SHA512
439835461d4d179d3c917e4841d2d748585ff00850ef201205c8751d8bfcc221e7b70931e12350cad90dda5530487706168af8096385836c705ae95e6b802006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
7fc01bb6ef7a098a7b74a276e7ee7f20

SHA1
350645f9f4d2fcd260527fc5917a8d6ea3f354ee

SHA256
985bed20e276e2276e8e1639cfd9f39dd79b4b4e5f90435962ccdf1204506992

SHA512
4c2c591cf063c0b0af0874c00c29e7cba5bab2da35ff2de35b9889d14cfeb221537379926caa55f6fd8cd755cb301befc900b2880db4835681dd4c72242c1e52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
6369ffae2415881ce9a3fb29eda0f29e

SHA1
997231175a87d034da05622fe2e2a020ef21d828

SHA256
03328d11da6b032ff40de14de033375820484189a933022d338534fef8c8a945

SHA512
148bd607f9065009e0b1a8b12ac20590f3c7f553e1e5fcec306345f8a06719c62c73f19e27abdfcebb9e074171a0f80aba848bcca463da20d7c07a56ca78f912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
b59722057e0d9a836066ef2a0ae711f5

SHA1
88fdadd1925137c536e2f9593cea38de0aa68fc0

SHA256
25c0e4abd0cc1ec99d21581db0ec6441801279e7307c2a51d1f89ff061c011c5

SHA512
df53c9d3b6f68b1338bd8e197d1a860a6443b4527d2f328e0ed9ef074e89334dae37455b23a94d4d87176b1573261961bacca20e535818335c2b155bfe1dcf6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
9290f43f35799bb315e91b08ed00965a

SHA1
93c68a5b0405c707dfebeafc7acb60305ebdc8ed

SHA256
2c0fa956ea237a1b1f31b50c0d6e35d361f0ee22bdf74cd6df936d4a1029fb08

SHA512
7786ac8efb8b2be6402c5452a14f86f45f6b3d8248f2c73a96a922a1f3fc46d2d60aa11051214df79600e2102a6510b26acf0551726b0d61e0b519819eecb273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43a832a411ecb0c15ad791b952fe426a

SHA1
54f52dce6480bdf260b95c20c04d61d7ee43b952

SHA256
a3afecc1df592c8a43dfc6deb382e20959d313c741111ad140bf22799fce5304

SHA512
8028c0a5b647eff1223db7445aad20f03a0ee1610e8dee167d9c3b8b02da239c6963e62ad09964e38ea18ce38add4918273d78091c1bd8f4190a0fd5e9b0c7e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11a0e0b1183b9ff9c5752548a85af2a0

SHA1
ddb14042fa1bc74539647ab2e2c9355eccc38198

SHA256
81505567498876e60c17ecd25d5377d6cecf2aa14b007fca293f24e3e24c9c01

SHA512
15074735a0a18e3ab05cf52756d9295730321199f15e912a2e46d1ca94ef713fcf06784317d636877e8247b26b80934cbc45fc657615431a6eed1b65f4fef8a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcf6d74c178b9c266dcd2c1ea04340c2

SHA1
4b289623df0dd725d3939d9e63ede7c0cbc14a72

SHA256
0f0063da437b77fbc9114e86c31fd179ef8c837b03f880160dee5deb22f60d65

SHA512
b31d896573a0c21c44f0f31645088e86a4ba608067701cc261b8bdbc4777f9d70488ca92b6ca54d7ae7cd4581c74525baeae96f20d2fda27ab5cf4c72c8b889b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
681fcb2c481f8bfd1ad9ae19b0f10cd0

SHA1
92404138f5655295ff1c1528b3438fea756d4903

SHA256
4b040b65f9ec12baa7ca921fa6e181fc68ca0dc340767e0c9f092fc73f4200a0

SHA512
8392c5009815c07ac72264ad18a0ba197aa63c17bedacabe789853b3af6cf5b823093c68f4e082ec3588011f5ddaae4caf968a924e0d1ef0cd0dd1608d85aed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00cfebcd5993a1eb604aa5d44d34f401

SHA1
05f056d442530d3b13ba40f2a45a630c647e8732

SHA256
70887d6249231f9b0353d7bb0d59cdffc39d79c068a0a04cd42c10d716327bb3

SHA512
68431804f8799e2ef3c67d3ea85cdc844e85f7107a28715fee77b2759233f66237d4873c941cb6c653a1171bcce67349cce0e2ccfa01d0e591f77724752d7078

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
5cc802fb5b92932d6475d7704782f1eb

SHA1
628ca32ae854e29faa3211ecd44f4baf7b2ecf07

SHA256
72b257627219ff27d6fa4b7a607fbe95de1cf5cc060bcecfca541c3ecf1433ba

SHA512
9b80fa057272f023ad97bd6f54c8ed81a1d284167f307550b4e9dffe5e226627589d6a8117e94ba6c453c6ed4f1819811fd6d6ba734d37484111f5bcea02818b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9a566cc44339a409554be68e03f9ef6a

SHA1
c8c7603205d91e7232db89b02be3adc167f5a503

SHA256
380e7370a9b85cd8dbe0ace5838410278cddfe81e3a388cd8e6eb4f7a7493c25

SHA512
9d2fa2064a41261bee93cd9e1c7795b4a167928d5dde97068043de66cf874a7e6084b5d56c71d1572ec626f1ff6359e10175e732f088ed3a8f5b793a77b6ddb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFD65.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
f609e719d46e21530ee972ebfb083393

SHA1
e5c0b8f5ada4034bd34831ded6fe8d06f6a9941e

SHA256
80cbec2da26291caa67309c161c288b99d4cbca16970bc37311ae309a065235d

SHA512
aaa01d9c7b3b0547826c8099998f0df5b86dbbc1d3a26d8787cea8e0c9af69a12df2d295098b5df1d4d30a9c14b6a01bd4d645957e073f580b4fff01409adf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE23.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
029f648eff2e627f79e67f4cbe600a4c

SHA1
daccf3b56f8381fbc46209a1083ff6fcd7e019b0

SHA256
60a386409430fdb330edaaded4fd611ef3598c9263521f516caa58e4b0cebcc6

SHA512
c7160587ed0c7c5331c483f5959c50b8582c07545183f789f928ba6c6565743a102f8afbbd645a074f25c218ce95c21e6b2d73ef9d182ba084aef52bb33a14c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\brand_yandex

Filesize
1.8MB

MD5
15875781db4aa2cfc22342277bfd0fde

SHA1
33dab1129fe59a74ca3cf619eb658dc091369b68

SHA256
d68b20b086b29afef9cdd016b8b042b7a5e2ee5fdbcc6f2e99715933143ff1e9

SHA512
fee63f0b80c8d624dcbba5f8ad0cea17a9d6e030ee16f8b76df13d7c8419129c6ce6e1379b046a4406504d312943752fe513728092931cd193fde639aeefb732

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
362B

MD5
a38a1469944e7502b653ac6f879494cd

SHA1
eb092ab1c4b8eeefa3daa0a2a93f7e78cc20019e

SHA256
f8da764ee24cd2b144f64b0d2e0f8849199b9840477dcee89b31ddb8d2480c79

SHA512
b6f1c8e3869849e19e35a7c87e7f8a173c5bdf36419615b9703a21cd563fd8e029d39b31d36364aae97d19b480380ab202d40b0775e4922c40ade457d4a3ad88

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
41bb6a5622cb6679f75274d3791297ef

SHA1
e27317c8d2ecf8708620112fd1be3aedbb748351

SHA256
5bfa75e71a1ab6e79eb7404202bb1daac070d766b804d856e6007cf3af7b1dc0

SHA512
7a5dd8653d8f38060ccb80f0429ebad40c7de94669269ee3b6be742a89b5d66ff3ec3e92bbaf46535f398b35340df7bf4e182fb00b4505286d9eb8c8f56db519

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
3fa142a08109de9f128ecfefedb8376a

SHA1
4f17959c7528d65ed14b605c454c255e67897d68

SHA256
b814b0d394d251f3b509c863bbb2275a015d34d1f5b3a57bcdc4f2485371bcce

SHA512
01641d721953e310c4b74a32c81d03fc8a2b773ebe09966892f5ab8345a9acbf8bbac182314697554327c63399e381f3dca31efbfcd36bb2b074a5e4a10e5fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
61f1b850d7f85990396d92b5b9525872

SHA1
f56c0a92471518894666a04a68823cd6e918a999

SHA256
67d27b9bde5f9e20bc94bbd80d251581b271f0b9093c0a493e486db7e8252ce0

SHA512
6a731035ac86956d9a4d4fd288301863e8b77ec06c8f31341e97d8ae9d0fca78d2c6525005946df1e5c4c3da559755386689ad46f1eb866cdb3c7f8eaae727b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
36KB

MD5
5ee2c87467b0310e9d8c2b66c2d1f39c

SHA1
4d24943de4a0a849a6fb2f91b9fe5736b8776ce4

SHA256
80c3504999878904d9fc8db3498eddbfa70d15fb6b6e724cb3352ab5d81c1837

SHA512
b5bb339a14fc5130b7d222965c39b97955bda70e9dd4bd39acad8f2b77c0151b015ff37389e23c4299c64e6eb51fb390bfd9933d5614d24d7fdd45f27d08b167

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
37KB

MD5
06417fd4e42d0f48b17ceda8bd0e1e5a

SHA1
99caf79b481ef99cbf2bbb77166d78c7f3250e58

SHA256
81e5dbca0cc5ee1cc38016399a3d59fedf107d2d168f78144eb6a41c57399636

SHA512
c85797091a6868178ee78c7e232ac27689a3b9af23d7372ea90e7fd0f1467c16c2be9407f7c08e4c4b726597bd080d6a72c006ada45b62c995be6a06d334c79c

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
3a2fc253fb320ed2434634267fd66a06

SHA1
5705c70e0fe44eb359d2022938ee69bc1635e542

SHA256
808141fc7fd533e08fe7bf80cc2bed88dda2e7f35e2da7526b9593b9e730d96e

SHA512
cd6bf9816abe160603f285fefaaf9da04e3108dae64878a5bec97d3e95c90dceef5f931dd9b097907115e0bae8e41462761b52f695e72c773fcf6dffe2fac76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
eaf79fc85f2e6cd5611913efcc45e5eb

SHA1
e5f930ea3c63c7b9d12be5ba6e73df467562a4d6

SHA256
f5be12c5ff932654eb6aec054f56a10dbf09b00d088043229fd7330f56721415

SHA512
60e8ff74bca539b7e3138fb953d54b5bfb1d920fcbd63b9066b98b5a11aa1eb548c3dd8dccb7611f0885fd5c4d626742fe971352a57b688ae42d150cfc54f28c

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
46fbe888211ed01f56bae9959eb056d5

SHA1
1c8b3302870cd44a14eba50ad1d4657f73e86ab3

SHA256
dc6a767abe9abaa75da12c94f96f7c4363f2f27cd901de74b83d59b5b6983c05

SHA512
30f675fd2d0b8b495f08106a3b3c170dc67754d612a0d4ab6889919c89363052ed089f962074d9fe1a00b1e9b0715e878abb2994d57c579474624c34c58e31f3

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
615KB

MD5
7eac404e89b37ba4aa20d441ee8f1f90

SHA1
544600812448c45e880ddab40b03e28a413ff3c6

SHA256
615561923960480b0a4951a758be36cfd859199205a2adc13d5940b8bde44de9

SHA512
eb29037fd9b5465cb70dac2478a7b42ee3287f5c539016ee3badd95fa3977565899e6a5eecd731c8e0ad315e22a079a0d610b4b5d5e918d4c7255c3a5b6e1bf6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
1KB

MD5
8a03725b4a6aea45034eba670e75234e

SHA1
89aeea71efe3b1777253614bfd67c8af13afa899

SHA256
3151e1790b43e7b838933c9a6fb4e73bece0ec41b745efb683986ac4593706c5

SHA512
034d98b91386c7da3d823c3e9ac95432ae6b83c12b7c1e833bd26eedf57f714af9de4b89f8df10f7518f2c693977993da5c6e4ff86af6f4cdb475d358326d3fc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\brand_config

Filesize
8KB

MD5
c64949ff239a0a9beb4114a1b27e0d81

SHA1
94983a5b27544b3b5f8c7c265816feb7c248b835

SHA256
4d944422a8ad8e97d23f0a1d17acce76115831a6bf5e1e7466da919104d4ba92

SHA512
2e50c4888012373ccbd7d81d936e322a2131e4f66e5f6e8fcb869b7c85eff23c463510550a4b0f895ba6df6a7b00db5ddc153fcca5cc04c820485e427ab85ebd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\partner_config

Filesize
692B

MD5
807c3202f4ee1c6e7c2c34e7ee224e6d

SHA1
0df6a74ea5677b26f52ac9b06643f47afb4015d6

SHA256
9fe5e97cd8eeafccf0ce63e997c8a5ff37998308dd7c57f1fe5b319b3c3b1ff1

SHA512
6467b26a30684252ec4a8c5fe39a614c68fec396204890f467522cf21cc38f6e1e3a66f8223cf0f0f33f75f2ba8564d2c75f4f6ac16530cd16743c4dfd28bde5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
3.8MB

MD5
c93e65a71b9f191f2e64fb5fc1d99441

SHA1
c527616d8bf2b30b37ed89a3fb7d1da68e8a72ee

SHA256
fa5ec822987d5eabceaf880839e34736fa1b4c0e5085e96fc1cd1588b9084066

SHA512
77628258bde4603ba9e35dc70fc5d065cff09da166a08169d7f91d8eec3a0d2501d72fe54885cf96bf3bbdd037bd10816f411b6a3ca3ba10b9cb20cbeca21e3f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
9fcee819605754601647c1eb9d278b8d

SHA1
352adb54d51993e5919afb1c0b276b5bf613dd5f

SHA256
bfe9467c8158ac0919d7846e8172717d2287ed615973e54295107caf74cca7cb

SHA512
77bb8dec4269939770b95732620fff9fdc718566c80cb4013ce0fa4eaa01c38dfbb39a25d61c5051fd008f7b1a6328a1b8d8f9f6c60f174e32cb6a4878b841ae

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\configs\all_zip

Filesize
650KB

MD5
849cc75f9772e37306aaf9980b7b33ba

SHA1
c784d80bfef09853850960a37b330f93427fda7d

SHA256
7dc09ee9fcb4ef4fdbb718fdcd7fa93982897ea812073defb234ad2df96475e9

SHA512
61a2d951a445dba6b72045c7675f19f4010a08a6fb217ee7239dd88186d81be0323243fb7921f57de33d76a485625dfe72dac844c7cc6b3922a5fd092b990c49

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\0dd5ee3a-b760-48b8-b660-8107e33e25a7.tmp

Filesize
191KB

MD5
a708d2cc547545426fb8d7de660f30aa

SHA1
89b3b18cd00e2fae66d0b2b92cff6710c1520914

SHA256
36706e347abda18f8b8a36c59656fd611d53bd73ffcfe038035ebf8d0df56e4a

SHA512
dc8b0682d7a0b2ae14979a93e8e354a989dbd2b0a76a0ecdc6444c1459df88a55128d2923f868f339a51da424d26ea3b7dd68769ec53d4eaa7ba0815834fa115

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
fc07c516ab2325cc74669ccd279dc9cf

SHA1
555ae86f4839dc0c7b1750764b53cc2ecb0757bb

SHA256
d84335328a5738c459a0af97334c0ca3bf576bb645d965f12a1886ed88402ea3

SHA512
6904b5925ac366890f5abd7f448fef511361a8392ab9015655d475074a49e072623ce37ddcb733785f16d7deae23141e731efe5f7f6dc8c1b91f0a5ef512512a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\8398516b-0dce-4e11-bff3-37023f56b69e.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
05da49fb2cc0222a29066f9fd5302c67

SHA1
4ff834039e6e19eda276489891c8dab8dccf8dc2

SHA256
c0f8ffcb7d9b494cb60310c3eca68f4c796d84c1d777775e64039cc5e393c61c

SHA512
2a0a3d7c8fd4f86bfea74013738a910636405ef35db170ab1902aa8e9dbbf1677aa08c3408d6e7b71486a5905386943533fe3714c22803a217ba7c5c0cdb0377

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_1

Filesize
8KB

MD5
259e7ed5fb3c6c90533b963da5b2fc1b

SHA1
df90eabda434ca50828abb039b4f80b7f051ec77

SHA256
35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09

SHA512
9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9995067397b33ffadd0d09fc61c21c60

SHA1
fda44624bcf6e61e71634dde26a06cd7632c0dfc

SHA256
0bb86248f6b0ef1ad7c64355e565b1ff4838178007d3ffd3dfaca302f1e59d39

SHA512
12ab37f45b752d3fb720ff139be846a57a912a2fc4a278bead7fbf1c40aec786a4050e2ade7e4302254d11950542d4a9156677b43b66d298ec63a975fd00a092

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02e8a00b3ffbe4ab8922c26390b0f503

SHA1
2bc33d0a915a6a1c1086a21454aa4d8211f14ac2

SHA256
47575a41cce39ba74566e31763f97432760dcb1a3307e4cbf72604f139c75e3f

SHA512
58b1f165f83e9ec5a253afe2a12bfec68afc9e0260d0a3f3f2cd79fd05da3ba9f922917f471a529d1cad7431787ed5d7b227edcd455207fbba28444703c075ec

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8efdf89b944213e8ed99784e74c2be57

SHA1
8545b5fed71760a6ce2ee843f32798a928b24049

SHA256
6772e36198ac4b1289b1cf5e9f4c19e76f38c8c39cfa919186e097e8c9556fb9

SHA512
6c34c8c4c71317998a50414893387ecdf5f87ff713ed42292244e097fa44952b1f3ab2e1744f5ab1f5ddbebbd4c88aa6a1d584388a31a12511cf0b5d6bc34c9a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
648a7f9c183cc2f86715700513ad6556

SHA1
4648bc1fc5b4c6a36170b8eec26e2c46c2d06bb6

SHA256
32e035fd7e7fb30c96863990701a62a3b7ee28332d4ad04fa4e9e2ff01d76869

SHA512
6a3ee471e79be96d4c7aa6a58c466bf5096f1acc7c93433a1e87d34347d33b5963481c9bcdf81d16c43fc0b21649f3ddac0424e8cae08ae9d8bc016ed96b647e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
12KB

MD5
0c0a0abf61f3f29514f9cf46b8fd4221

SHA1
291e7aa625930ae0d8e22a72bac8fef6681133ff

SHA256
82f0e3386759bb66daf03002756d61e0d27d6474bb16addd09dbba95e2d8fbc4

SHA512
245c1b32ab813bc00e138531750a810125fa307f317b2f24416b1b9410727c1fd55da54d3ec53deb7c1b02ef1c5ed9f2fe5b9f59762c5330b65da0cc0a066d44

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
8f05d1077d66eced72d65da593fcdb3b

SHA1
0219a30e920a39f7b2af18f1f59a09a32f0911ed

SHA256
9d1514dc21e3dc2d031ac73e5643e9d8200951324192fa9b31d29deaa3c71c95

SHA512
cb19661c125ec4b74a545ca32654d0c27c14ade33a7d71a1da7b2895338e02375a37bcc7167b47a1da7d3f0de8ca4a0ceb57788ebfb25c7c991b674d7b71273c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf78585d.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\f1e8791e-5131-4079-8f43-c1216856ed38\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13368483176056800

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13368483176056800

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\c29953ac-00ec-4d19-989c-35be4da25be5.tmp

Filesize
14KB

MD5
5edc26703a20dd355bc46c7a1b8856f4

SHA1
485e035c18ebf1a185ebba17ca6d70270c07eeb5

SHA256
bdf83717d067c4da2f489eef09b7fcd4fcc953390ffb4fc6d3191da481a67e9a

SHA512
d0ca5e3dfaff5a13609d83aa6eb555c8e5a76055f5f2f65a08d22a6e701c2964f30aecbdcd7749be11cd1cb2659ae1e33ab52ae3ce807c4b2ccf7e5062938e54

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\ddc4e055-9080-4f72-9af1-8db510587c09.tmp

Filesize
38KB

MD5
f03b6714602c1e71fd66addf98dbc6a6

SHA1
17df43ae00cb9c1b117011c87d47670947fb101c

SHA256
afbf52f0c8c4727e96e60b302bd36ab8f6c41cbb9ba301566769f55e8b66a714

SHA512
75d97c7c531c44f0cdce69733fd6c2fa15fd76d9d19834049d950978b4dc10c47ab19f38fed388ba1fc01d0287a11f998ea7f537fc6a6b04c0376a614d575c0d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

Filesize
13.5MB

MD5
5d9ad58399fbef9be94190d149c2f863

SHA1
45f3674f0425d58d9ffc5d9001ff6754f357543c

SHA256
2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

SHA512
9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
0348fbc791fdd3fd66e499a31de07bdb

SHA1
046221ab67a577563a4497a24df46ed0778f9864

SHA256
72e98eaa404c2fbe8a9ac0275dd4f3a5276c51aa492c42826185f2b35e7302d4

SHA512
04ce55129c77d0e49c2de9b14e9a80f4cc2b709a1ad89fce472610b135700b1129f3509bf4a7d889b9b955a6265479950720e5fc6c6645232a5fa9a291a63173

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
441c4273b942f13eb7b2874f80ff35c4

SHA1
907169c172f71877cd3646148c3ef416625731eb

SHA256
8048c9dda56c13df05b3da23b1883a5a9dc53f0379f266cd88d5a6f07bf40259

SHA512
c100b8b5d9dd08e1b88005c11ed8f653c4b040ed770400e4abcbae27b4135e313dc1c3b95ca39bb1c08064e6a266e9677596f67473254eb673f83b652ef68dee

Download Submit
\Users\Admin\AppData\Local\Temp\YB_11E47.tmp\setup.exe

Filesize
3.9MB

MD5
e3e9c5e3744543d4e8ee0d048c0d2644

SHA1
f9fa67357d8358520d0ff0d2efaf359d2a683324

SHA256
42b10a2ba3570330ab5f7ce9b7c6348771fff576c857c6e24b3647ab01ece760

SHA512
dacd65df09c9d1949486f477a0c88e1665a338d044a7271e089722b181b8ff8f4a868aa190beda318e44b0205211c7652dc13498a9da0615b893317b4747e211

Download Submit
\Windows\Temp\sdwra_1412_218273959\service_update.exe

Filesize
2.3MB

MD5
e48068b2bbd922a2038b1954a52c6eab

SHA1
f1c18c37e26003969adb8e0d271a6797a92e194c

SHA256
da3bcf9de331db50c62cbcee5147653c7c2f87fa31df1463c5828bab4da7d555

SHA512
c612f98d2203adc83fff9b23013b0a7b0a16f253a33094b0ee9542b4e40ec4b3dd8471c14669a5c7a89124918e0466e918e31ae8609cea86c5abdc01dcde179a

Download Submit
memory/448-2482-0x00000000018E0000-0x00000000028E0000-memory.dmp

Filesize
16.0MB

Download
memory/1412-1444-0x0000000000770000-0x0000000000772000-memory.dmp

Filesize
8KB

Download
memory/1932-2544-0x0000000006E30000-0x0000000006E31000-memory.dmp

Filesize
4KB

Download
memory/1932-2547-0x0000000006E40000-0x0000000007455000-memory.dmp

Filesize
6.1MB

Download
memory/1932-2548-0x0000000007460000-0x0000000007461000-memory.dmp

Filesize
4KB

Download
memory/1932-2545-0x0000000006E40000-0x0000000007455000-memory.dmp

Filesize
6.1MB

Download
memory/1932-2546-0x0000000006E40000-0x0000000007455000-memory.dmp

Filesize
6.1MB

Download
memory/2224-1586-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2424-1626-0x0000000002D40000-0x0000000003D40000-memory.dmp

Filesize
16.0MB

Download
memory/2940-3301-0x00000000029C0000-0x00000000039C0000-memory.dmp

Filesize
16.0MB

Download
memory/3432-3145-0x0000000002A20000-0x0000000003A20000-memory.dmp

Filesize
16.0MB

Download