d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 21:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
Size

10.4MB
MD5

f45119882b698abcd9c4495776abee74
SHA1

6dbb34dbcf6f67c13c9ba8230a828cdaa0d931dd
SHA256

d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57
SHA512

6539885c45d609c0581331b67193c1bfa068f17a15776179afb26765c6406f3cd6579ffd4b674da650306c6b6cf9b5cf91284de3bfeab9009f41cf2af5fea098
SSDEEP

196608:gUZWC2SSJ7PbDdh0HtQba8z1sjzkAilU4I4:gUZB25J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 53 IoCs

pid	Process
2544	ybEF5E.tmp
1424	setup.exe
2776	setup.exe
2596	setup.exe
904	service_update.exe
1552	service_update.exe
2984	service_update.exe
2124	service_update.exe
2052	service_update.exe
2328	service_update.exe
2472	Yandex.exe
1732	clidmgr.exe
1692	clidmgr.exe
2912	browser.exe
3032	browser.exe
2600	browser.exe
2868	browser.exe
2344	browser.exe
2004	browser.exe
1536	browser.exe
1896	browser.exe
2284	browser.exe
2472	browser.exe
2120	browser.exe
2876	browser.exe
2700	browser.exe
2652	browser.exe
1580	browser.exe
2532	browser.exe
2816	browser.exe
1904	browser.exe
1212	browser.exe
2428	browser.exe
1912	browser.exe
320	browser.exe
1248	browser.exe
2536	browser.exe
2652	browser.exe
320	browser.exe
2568	browser.exe
2360	browser.exe
1716	browser.exe
1912	browser.exe
1680	browser.exe
2140	browser.exe
1808	browser.exe
2036	browser.exe
2032	browser.exe
2292	browser.exe
2956	browser.exe
2764	browser.exe
2368	browser.exe
1344	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
2544	ybEF5E.tmp
1424	setup.exe
1424	setup.exe
1424	setup.exe
2776	setup.exe
2776	setup.exe
2776	setup.exe
904	service_update.exe
904	service_update.exe
904	service_update.exe
904	service_update.exe
904	service_update.exe
2984	service_update.exe
2984	service_update.exe
2052	service_update.exe
2776	setup.exe
2776	setup.exe
2776	setup.exe
2776	setup.exe
2776	setup.exe
2472	Yandex.exe
2776	setup.exe
2776	setup.exe
2776	setup.exe
2912	browser.exe
3032	browser.exe
2912	browser.exe
2600	browser.exe
2868	browser.exe
2600	browser.exe
2868	browser.exe
2344	browser.exe
2344	browser.exe
2868	browser.exe
2868	browser.exe
2868	browser.exe
2004	browser.exe
2004	browser.exe
1536	browser.exe
1536	browser.exe
1896	browser.exe
2284	browser.exe
2472	browser.exe
2472	browser.exe
2120	browser.exe
1896	browser.exe
2876	browser.exe
2120	browser.exe
2876	browser.exe
2284	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe
2700	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\debug.log	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 55 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ybEF5E.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexFB2.TINVKE73O5TGAL42NDT2FAIATU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexSWF.TINVKE73O5TGAL42NDT2FAIATU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexWEBP.TINVKE73O5TGAL42NDT2FAIATU\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexEPUB.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexBrowser.crx\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexCSS.TINVKE73O5TGAL42NDT2FAIATU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexINFE.TINVKE73O5TGAL42NDT2FAIATU\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexSVG.TINVKE73O5TGAL42NDT2FAIATU\Application\AppUserModelId = "Yandex.TINVKE73O5TGAL42NDT2FAIATU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexTXT.TINVKE73O5TGAL42NDT2FAIATU\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search\Icon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexCSS.TINVKE73O5TGAL42NDT2FAIATU\ = "Yandex Browser CSS Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexGIF.TINVKE73O5TGAL42NDT2FAIATU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexCSS.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexPDF.TINVKE73O5TGAL42NDT2FAIATU\Application\AppUserModelId = "Yandex.TINVKE73O5TGAL42NDT2FAIATU"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexCRX.TINVKE73O5TGAL42NDT2FAIATU\ = "Yandex Browser CRX Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexHTML.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexEPUB.TINVKE73O5TGAL42NDT2FAIATU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexWEBM.TINVKE73O5TGAL42NDT2FAIATU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexXML.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.xml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexCSS.TINVKE73O5TGAL42NDT2FAIATU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.css	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search\ = "Поиск по картинке"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexINFE.TINVKE73O5TGAL42NDT2FAIATU\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexSWF.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexGIF.TINVKE73O5TGAL42NDT2FAIATU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-107"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexSVG.TINVKE73O5TGAL42NDT2FAIATU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexEPUB.TINVKE73O5TGAL42NDT2FAIATU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexGIF.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexHTML.TINVKE73O5TGAL42NDT2FAIATU\Application\AppUserModelId = "Yandex.TINVKE73O5TGAL42NDT2FAIATU"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexPDF.TINVKE73O5TGAL42NDT2FAIATU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-112"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.shtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexGIF.TINVKE73O5TGAL42NDT2FAIATU\Application\AppUserModelId = "Yandex.TINVKE73O5TGAL42NDT2FAIATU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.crx\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\SystemFileAssociations\.bmp\shell\image_search\command	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexFB2.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.html	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexXML.TINVKE73O5TGAL42NDT2FAIATU\ = "Yandex Browser XML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.mhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\SystemFileAssociations\.tif	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexGIF.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexTIFF.TINVKE73O5TGAL42NDT2FAIATU\ = "Yandex Browser TIFF Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexTIFF.TINVKE73O5TGAL42NDT2FAIATU\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexWEBP.TINVKE73O5TGAL42NDT2FAIATU\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexBrowser.crx\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexBrowser.crx\ = "Yandex Browser Extra"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexBrowser.crx\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.xhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.crx	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexWEBM.TINVKE73O5TGAL42NDT2FAIATU\ = "Yandex Browser WEBM Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\ = "Поиск по картинке"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexFB2.TINVKE73O5TGAL42NDT2FAIATU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexINFE.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexWEBP.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexEPUB.TINVKE73O5TGAL42NDT2FAIATU\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexSWF.TINVKE73O5TGAL42NDT2FAIATU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.gif	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexHTML.TINVKE73O5TGAL42NDT2FAIATU\ = "Yandex Browser HTML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexPNG.TINVKE73O5TGAL42NDT2FAIATU\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\.png	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexEPUB.TINVKE73O5TGAL42NDT2FAIATU\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_CLASSES\YandexXML.TINVKE73O5TGAL42NDT2FAIATU\shell\open	setup.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2776	setup.exe
2776	setup.exe
2912	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe
Token: SeShutdownPrivilege	2912	browser.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe
2912	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
2912	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 468	2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	31
PID 2372 wrote to memory of 468	2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	31
PID 2372 wrote to memory of 468	2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	31
PID 2372 wrote to memory of 468	2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	31
PID 2372 wrote to memory of 468	2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	31
PID 2372 wrote to memory of 468	2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	31
PID 2372 wrote to memory of 468	2372	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	31
PID 468 wrote to memory of 2544	468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	33
PID 468 wrote to memory of 2544	468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	33
PID 468 wrote to memory of 2544	468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	33
PID 468 wrote to memory of 2544	468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	33
PID 468 wrote to memory of 2544	468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	33
PID 468 wrote to memory of 2544	468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	33
PID 468 wrote to memory of 2544	468	d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe	33
PID 2544 wrote to memory of 1424	2544	ybEF5E.tmp	34
PID 2544 wrote to memory of 1424	2544	ybEF5E.tmp	34
PID 2544 wrote to memory of 1424	2544	ybEF5E.tmp	34
PID 2544 wrote to memory of 1424	2544	ybEF5E.tmp	34
PID 2544 wrote to memory of 1424	2544	ybEF5E.tmp	34
PID 2544 wrote to memory of 1424	2544	ybEF5E.tmp	34
PID 2544 wrote to memory of 1424	2544	ybEF5E.tmp	34
PID 1424 wrote to memory of 2776	1424	setup.exe	35
PID 1424 wrote to memory of 2776	1424	setup.exe	35
PID 1424 wrote to memory of 2776	1424	setup.exe	35
PID 1424 wrote to memory of 2776	1424	setup.exe	35
PID 1424 wrote to memory of 2776	1424	setup.exe	35
PID 1424 wrote to memory of 2776	1424	setup.exe	35
PID 1424 wrote to memory of 2776	1424	setup.exe	35
PID 2776 wrote to memory of 2596	2776	setup.exe	36
PID 2776 wrote to memory of 2596	2776	setup.exe	36
PID 2776 wrote to memory of 2596	2776	setup.exe	36
PID 2776 wrote to memory of 2596	2776	setup.exe	36
PID 2776 wrote to memory of 2596	2776	setup.exe	36
PID 2776 wrote to memory of 2596	2776	setup.exe	36
PID 2776 wrote to memory of 2596	2776	setup.exe	36
PID 2776 wrote to memory of 904	2776	setup.exe	38
PID 2776 wrote to memory of 904	2776	setup.exe	38
PID 2776 wrote to memory of 904	2776	setup.exe	38
PID 2776 wrote to memory of 904	2776	setup.exe	38
PID 2776 wrote to memory of 904	2776	setup.exe	38
PID 2776 wrote to memory of 904	2776	setup.exe	38
PID 2776 wrote to memory of 904	2776	setup.exe	38
PID 904 wrote to memory of 1552	904	service_update.exe	39
PID 904 wrote to memory of 1552	904	service_update.exe	39
PID 904 wrote to memory of 1552	904	service_update.exe	39
PID 904 wrote to memory of 1552	904	service_update.exe	39
PID 904 wrote to memory of 1552	904	service_update.exe	39
PID 904 wrote to memory of 1552	904	service_update.exe	39
PID 904 wrote to memory of 1552	904	service_update.exe	39
PID 2984 wrote to memory of 2124	2984	service_update.exe	41
PID 2984 wrote to memory of 2124	2984	service_update.exe	41
PID 2984 wrote to memory of 2124	2984	service_update.exe	41
PID 2984 wrote to memory of 2124	2984	service_update.exe	41
PID 2984 wrote to memory of 2124	2984	service_update.exe	41
PID 2984 wrote to memory of 2124	2984	service_update.exe	41
PID 2984 wrote to memory of 2124	2984	service_update.exe	41
PID 2984 wrote to memory of 2052	2984	service_update.exe	42
PID 2984 wrote to memory of 2052	2984	service_update.exe	42
PID 2984 wrote to memory of 2052	2984	service_update.exe	42
PID 2984 wrote to memory of 2052	2984	service_update.exe	42
PID 2984 wrote to memory of 2052	2984	service_update.exe	42
PID 2984 wrote to memory of 2052	2984	service_update.exe	42
PID 2984 wrote to memory of 2052	2984	service_update.exe	42
PID 2052 wrote to memory of 2328	2052	service_update.exe	43

C:\Users\Admin\AppData\Local\Temp\d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
"C:\Users\Admin\AppData\Local\Temp\d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe
  "C:\Users\Admin\AppData\Local\Temp\d5abaef561982d3c70131475c0c04b2799f5b2020636063377ad9a293fa05a57.exe" --parent-installer-process-id=2372 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\7d4054c0-5b07-4290-a143-77eedac5085c.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --progress-window=131620 --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\c38f0d3f-0cf6-4913-acad-cd71d823295b.tmp\" --verbose-logging"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:468
- - C:\Users\Admin\AppData\Local\Temp\ybEF5E.tmp
    "C:\Users\Admin\AppData\Local\Temp\ybEF5E.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7d4054c0-5b07-4290-a143-77eedac5085c.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=56 --install-start-time-no-uac=252033800 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131620 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\c38f0d3f-0cf6-4913-acad-cd71d823295b.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7d4054c0-5b07-4290-a143-77eedac5085c.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=56 --install-start-time-no-uac=252033800 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131620 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\c38f0d3f-0cf6-4913-acad-cd71d823295b.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7d4054c0-5b07-4290-a143-77eedac5085c.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=56 --install-start-time-no-uac=252033800 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131620 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\c38f0d3f-0cf6-4913-acad-cd71d823295b.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=317507000
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2776 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x10c9d28,0x10c9d34,0x10c9d40
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2596
      - C:\Windows\TEMP\sdwra_2776_330499904\service_update.exe
        
        "C:\Windows\TEMP\sdwra_2776_330499904\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:904
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --install
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2776_2097763111\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1692

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2984 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x3dd784,0x3dd790,0x3dd79c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2124
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2328

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=131620 --install-start-time-no-uac=252033800
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2912
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=2912 --annotation=metrics_client_id=eec7746b17f14d949cf6d22ee15461bc --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x738b9a14,0x738b9a20,0x738b9a2c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3032
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1788,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1664 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2868
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1716,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1872 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2600
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2120,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2132 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2344
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2288,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2316 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2004
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=2784,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2820 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1536
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3324,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1896
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3476,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2284
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3284,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3624 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2472
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3744,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3756 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2120
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3908,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2876
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1896,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3296 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2700
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3684,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3632 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2652
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=3936,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4548 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1580
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4704,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4664 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2532
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4804,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2816
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5112,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5132 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1904
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5128,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5260 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1212
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5340,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2428
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5144,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5216 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1912
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5380,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5408 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:320
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5532,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5580 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1248
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4724,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2536
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=1980,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1972 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2652
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4712,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5100 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:320
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5428,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5424 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2568
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5492,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2000 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2360
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=2056,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5616 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1912
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5556,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5560 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1716
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4764,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1680
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=3780,i,2863072755633252797,462460483478846634,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3540 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2036

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={8F943391-86EE-4E60-8DA9-02055FBDFA51}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:2140
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724104148 --annotation=last_update_date=1724104148 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2140 --annotation=metrics_client_id=eec7746b17f14d949cf6d22ee15461bc --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x738b9a14,0x738b9a20,0x738b9a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1808
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1816,i,4363971395631771918,15656768328229511786,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2032
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1924,i,4363971395631771918,15656768328229511786,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1824 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2292

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={A7874078-B9DA-4DB7-B1D2-A908068FB10F}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:2956
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724104148 --annotation=last_update_date=1724104148 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2956 --annotation=metrics_client_id=eec7746b17f14d949cf6d22ee15461bc --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x738b9a14,0x738b9a20,0x738b9a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2764
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1692,i,3246080758929955810,16277771087816020759,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1688 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2368
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=B12B10AC-EE22-4CC6-B881-A575F4148DE6 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1940,i,3246080758929955810,16277771087816020759,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1956 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
706B

MD5
8877c10ff68fec9896b3f94c3159e5bb

SHA1
f10bf2780c439d84d0c1859e68134e5238ca23ab

SHA256
5321efc3c575f9dfd37befcf9741b07f1241e2120ecf47388cf421dd97866b01

SHA512
75d51bf028f82038ad5f96fe982359c58b508dbf32ea308583a4746bb9921d4045f031f3f8dbec6ff82988552a1b2f6466df5f3b1a15a80170f9d0b0c098a8fd

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
fbb6a8443da452e99ec1935d1b91215d

SHA1
301ee8f180e43393622c8aa6dd8373b278a4e805

SHA256
31ae7f4ba5f90934a4a2fa2f3284abc827e02729b8e8884e31f85f8e1c091a06

SHA512
cba277a8274d108c39d7f80838ec60c21901d1d5c1194ad672875a39bdf5e04c7cd0a189765f7855319c6c1211b6354e6db151c7b290d06adc85191ee7f8d80a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
3a83f3c71c4706b3d090202f26d7b2f9

SHA1
1cb7ab1f35e42a813a8d18ff975e84731e2f6f33

SHA256
c2ac7cf231068e16dc54ebc1dc976dbe6f805b47cbca452c9e00c15336ec357a

SHA512
29bbcb21588e3c4562c58b3cb5f96455d87740dcf100fb87f65f03fcd47767ec4b43a4e08cb0f613a6e406492e6aed491a586b2f3c50113d41fb489ba927b819

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
03e4fa895951a2f059593851047bedca

SHA1
494562b5523235d041fa1387318b34a84ee615e6

SHA256
f44e168ee461e049312eb0fd8158a7a23ef286cba8c3a69f8b054ce07bc936a9

SHA512
6f91b045e250115f900c38a63f1fdf4bf772ff740616428db20c4cb0694bc2c2fd038e29bd65cfbf570de3faf9668de8950225b273b3d497fff84af0cdcb7203

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
70314249700e9d7be99f6fbc33325cdf

SHA1
0df38508bdf12c5899dae64efece4e8b27bf4c06

SHA256
7ba522f056b7be746d23bf8b192570f09b2a75def3706510572861e0b0dd5d5d

SHA512
c0205a65c392e3b09a353ffd585745415edf68534c484fe604ffbd575a07a7e7d415fe9f7f2ee10bbdd1e23611d91021dc2ca59fe93a8c2cd64148327647133a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
e505c84cb4fb04952fb9e5ba0cea8592

SHA1
40e73477df0a8032ef7bda0534dc93f1bfe30434

SHA256
0b245b716b4c756adf3f75bae6126b51861828930f96864b6dbe014ea4afe525

SHA512
ee9edf6b312aae4c3a2c1d4dd56b593713ae810f61d70bb16a3f6d6e00deeb5b6a5793c20521fb194ee36f8b284156d20999b8a84835fb5d25984aed2cd3b238

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
a2656657b7bde9aa2d38bfa972951354

SHA1
2e6daa5380c1d230ae7916a2a7c3ce02ced8d92e

SHA256
5631198f988f24264ab1a90b63844befd8ca1d9c9b2947e609f4d63f9f0f6796

SHA512
88edcde00f0ddfe94efecd82aba37c7dc0ac08c9dd358ecca20fb9806370d4007436e14081ba92b417b797bf04946debe2d61349d9b5a4e3576ca21e13b2ee9e

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
6KB

MD5
6850259c6e0b5f16c109c1960428c2a9

SHA1
5041c6e96946ab84c9836cb8bdeca3c12aab1784

SHA256
4c955f9be07db5cfdc442b67b280257fc75843e2a3501736be540c52c53a3f36

SHA512
509c0da6da73d0989359748161a86368ecfbed21c2a9387bcb2efcb8cde0a730356be13c67cb984cda1d9143b4109fe0777da202f26074b0d4810302c94b6a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcee38ac75cf0444fa5fcc3786ea9a39

SHA1
5d7553314daf2e06577c70bf4ddc796e5a5ec7a3

SHA256
f76c2a53e6482baf280301c8b50e0e5cf24121efb049c5e29214cdea65524565

SHA512
a7661c801818668ab1c506e35019e2eb84f653b50cd340654bb621e65d0b902cc59e9d837f4f561773d578a2a4abff6e6af448d5102df97c952750fdfa1a7f72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4cac53732a550c8607a1674cf36646e

SHA1
e62510e5d7db97e5b4b4ccb5f0dfa1701d1f550d

SHA256
20858c79bf670d98d3ac70a6fed2445ce112657c0871b9fe6a8c28367c51b109

SHA512
aa4c893270cad50e9036c50ce2776ae225c4cdfcb4224b5b52d6db8d2fa52a97c9f29e64917cd424cae1668e42a654c3162352a864d6e498f6478b8d1ba124fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6ef837b073c9760f76be6daf6875a35

SHA1
06e67411e50b178c4e2b3831709f2efddd5a0668

SHA256
7eb2c179e9c480efca12fad134bbf1d7b1bf1ab4c251dfec36a082239eeaf71e

SHA512
a62e2c96e4eaf11d8a72e6a6e1992bdd71973926e837b51fcd6c7a83bd125ccf047df3fd331faa98da92e65e0b1e16d2bb1e33a0d78ac6525a3956532f8fe02d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
340dcdcee502c3cdda85b9034b1b5e1c

SHA1
adbf9bb94182f6216397818d8732df1129b7d9eb

SHA256
bf9953390ad18dac262652e39408de60506bf33f1bb92091e10dd3b8f7813071

SHA512
1d99e37ae57e0366ca6e06be0f44f91fd8b73872f45a52e12d174b3706e4e873c1f1279c53455cba217788238854d111b7b65319879cc740bacac3e97d98dd83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
85997529aab9f42338ea1034d31d204d

SHA1
3a5f53bee43eed8bc7c6c40f14395de63b555782

SHA256
5bc86b2af733af67fdd9d9fba80d67dfdc4f08faafa7971e24698c6ca533f7d6

SHA512
45f608f5046b663e6218cfb27ef1fb4948e1c924c04f16770ae79ada6d6225d62bd50fd764e3d3dd62a199f21e52d4a753eeb4afff81387ffe38dd3c387660fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD4A1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
f609e719d46e21530ee972ebfb083393

SHA1
e5c0b8f5ada4034bd34831ded6fe8d06f6a9941e

SHA256
80cbec2da26291caa67309c161c288b99d4cbca16970bc37311ae309a065235d

SHA512
aaa01d9c7b3b0547826c8099998f0df5b86dbbc1d3a26d8787cea8e0c9af69a12df2d295098b5df1d4d30a9c14b6a01bd4d645957e073f580b4fff01409adf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD6C6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
029f648eff2e627f79e67f4cbe600a4c

SHA1
daccf3b56f8381fbc46209a1083ff6fcd7e019b0

SHA256
60a386409430fdb330edaaded4fd611ef3598c9263521f516caa58e4b0cebcc6

SHA512
c7160587ed0c7c5331c483f5959c50b8582c07545183f789f928ba6c6565743a102f8afbbd645a074f25c218ce95c21e6b2d73ef9d182ba084aef52bb33a14c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\brand_yandex

Filesize
1.8MB

MD5
15875781db4aa2cfc22342277bfd0fde

SHA1
33dab1129fe59a74ca3cf619eb658dc091369b68

SHA256
d68b20b086b29afef9cdd016b8b042b7a5e2ee5fdbcc6f2e99715933143ff1e9

SHA512
fee63f0b80c8d624dcbba5f8ad0cea17a9d6e030ee16f8b76df13d7c8419129c6ce6e1379b046a4406504d312943752fe513728092931cd193fde639aeefb732

Download Submit
C:\Users\Admin\AppData\Local\Temp\clids.xml

Filesize
580B

MD5
94767e5bd3c7d598c990dcba9e0abf8b

SHA1
c4ae03d2480a773b24ad9716472426c47c7355f2

SHA256
e1f801c2623eca1d2ef8c5beb325b64d3eecd2a36e92e8c2bcfcf9315f9773af

SHA512
c0fff8d20d2ad2182c9e3fdab72cc2384beb97af3fc4964a831e9605fc8cb711e3de9af0f1589f1399eb6b4a940f0d2a6caaac81bd7ddbee071a10265fce4685

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
362B

MD5
57f8864afee017116de5f8e750a19431

SHA1
3448f6fa0e6e243a03fe319ee168702660232bac

SHA256
3841afbb80eca60c047aa3300234dc2244fe4c938b78d4a2496ef88673448e9f

SHA512
2b632b496149bdd62199329f38ea76bf73f28418eed3205cae7fc7b052adb324fa4019e423b0f6823a9599f42f830afb7ac4f519ad7d3f30524d0a00bffb9a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
2c9105c6764a380227fe03ca75d20ffe

SHA1
29547b635c17c89a67b78c907ddac72b5be427da

SHA256
d754b348b205ef8f3fff16a5256a42c77e9c0c7bb32f5b26a6abf0c9ffb0b38c

SHA512
9cf027ba690a1046cb9f8b25a68e77a01f2b62727d39f6138af5f2d22d2f351d8350532bea8a69b2dd86e050f76613d3963acba4e35c903afc9afb06ebfa8920

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
66a247e2a46f4caaae228a3f1c7b468a

SHA1
118d307a81e27291029f7731427bb20f4ca4c3d3

SHA256
7f1c0fe9c65df194d720593d458990c0c489f36364f5c7ab3ef03aa75f583daf

SHA512
f0acf31bb245540a32c415af3796536064cace0d63228f98040ab152088c83dc64416dc868c8baf90a7868a988e1d232966dc3f4947a1c6392ac4bbdfa4a72ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
e2a7dd7277b42ea2e65889d6921e0e1c

SHA1
43ccb171e6c26d507b63c870b02179a2c0eab336

SHA256
cead44b57844bf9a3e6349b73731a4fc930a4525fdddc6f5a2ebd25aa7ac5dc1

SHA512
363f26f7a8299e4c063aa7ee193fd6cb845030a4809361a56edfb1e933c6802cec2678ca81df56ad871694f46877f87f1c2a1cfddf2e84b13fb7c57806a0a54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
9KB

MD5
fb46c293d64a5ab4411d6a65c5ab480a

SHA1
127bf167c51ce035909dbfd0a754db23bba8a0b5

SHA256
3407da915cbfbb90a4c3027703d31759c7f71ba97bbdf4d63e9f357bf45da8b4

SHA512
9ef03da3bd8a7a01457e8c5b14516a8d8c79010e4d9547824d1af92f4dee05c73dc8367e814ddec7fbe08860d8c777a19905a6629423486b74c6ae73220682b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
34KB

MD5
0cff7763c071330daa1485ca2e1aba0e

SHA1
7d07dca0e01e6f07e59deebfc7a37b02a6a074fb

SHA256
76ab1d79fab7d3cf58a62cc1485475030897cc816d5dcb97c277cb3e68ccc1d7

SHA512
d6a724dd5538af53db77b709e10572063427146a35edfbc892bdf0e77f464cc07651fd7253fe803611ba5c2af16c80d67b9bde671ab08987c646bc21c6aaf1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
34KB

MD5
d5dfa8bd362f41e315684c9fe439ca03

SHA1
89bd12dd057059cb4a69bb119cc22ec56c604090

SHA256
1f0bc9d85d2bdec79211777e00998cbadf1a5f79a1abbe77224ea2ce6f335b1a

SHA512
9e6924b2fb4a4f6ef2a5cd153bb73d733bdcf7317121326f12bb621ab35ffcf77ed0316da8a41497654ec384c34f56eabfdf765623a1c62de7fea688360eaa5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
3a2fc253fb320ed2434634267fd66a06

SHA1
5705c70e0fe44eb359d2022938ee69bc1635e542

SHA256
808141fc7fd533e08fe7bf80cc2bed88dda2e7f35e2da7526b9593b9e730d96e

SHA512
cd6bf9816abe160603f285fefaaf9da04e3108dae64878a5bec97d3e95c90dceef5f931dd9b097907115e0bae8e41462761b52f695e72c773fcf6dffe2fac76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
73a5559c9745ff90c829c67162367e54

SHA1
5a563415246db7755354946143a91b0eca6c8772

SHA256
5a1f461f04b4192b2d1f848ca1df74bc69ab9cd40db8ba71ea5a066cfa758d7e

SHA512
9c1d24d03577dc0b2c9e94388dc2ca751fbb08091c3eb384b65b5a59bd00253d65fcb4e57bc4d860998342c943798a4621a7fa73c34101d6610e8af6a715d807

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
7169a055847b3356c9035279867101a4

SHA1
3ce0b6055fc9eae5b59f5f32b744a47e7fb8d53d

SHA256
7ea3df7fd979a59df4cfa7438da3138f774e3a00101695242d4208df373af9b4

SHA512
13f6157df8a54d1b41bf66375441d84eaf23e77f9ebcbf678a2afe35254508398138bf98d888855bb1f0d7be2088e6ffbeb8a0c1498fd9ff8704fec10b97d98a

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
1KB

MD5
fc09cddb077f0af5859f02793ba6274a

SHA1
35e58788392b7fe6d96b1ce93500ddf152af42d3

SHA256
32c5ce406653ae7f4293f56da303032116150b9c4d0e22efa87eb25cb9059661

SHA512
2e60ff46963f0331ac107973773b891583709ccadf672de33252bb8b54c7ab4dfaf16876f8069c92281ce4d9d2add3c4be01886495a81335677d5f0f0593d598

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\brand_config

Filesize
8KB

MD5
c64949ff239a0a9beb4114a1b27e0d81

SHA1
94983a5b27544b3b5f8c7c265816feb7c248b835

SHA256
4d944422a8ad8e97d23f0a1d17acce76115831a6bf5e1e7466da919104d4ba92

SHA512
2e50c4888012373ccbd7d81d936e322a2131e4f66e5f6e8fcb869b7c85eff23c463510550a4b0f895ba6df6a7b00db5ddc153fcca5cc04c820485e427ab85ebd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\partner_config

Filesize
692B

MD5
807c3202f4ee1c6e7c2c34e7ee224e6d

SHA1
0df6a74ea5677b26f52ac9b06643f47afb4015d6

SHA256
9fe5e97cd8eeafccf0ce63e997c8a5ff37998308dd7c57f1fe5b319b3c3b1ff1

SHA512
6467b26a30684252ec4a8c5fe39a614c68fec396204890f467522cf21cc38f6e1e3a66f8223cf0f0f33f75f2ba8564d2c75f4f6ac16530cd16743c4dfd28bde5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
7fda892b069f89beb2af12cca387bdf4

SHA1
d56078ab6bcfe0b47837c7aa00089554f1af1d49

SHA256
56ee84da66c07cb8acc97599b2cdf690a767eda3ab6af76d95172abe54831cad

SHA512
fc34006c3f536f0088b79e9c59aafa0f6c51a84be64640fbc6058839e927e6a9946024279ae376ba1cfaabdb23d825363ae894bed64f4501faadf28051ac9f9d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\configs\all_zip

Filesize
650KB

MD5
849cc75f9772e37306aaf9980b7b33ba

SHA1
c784d80bfef09853850960a37b330f93427fda7d

SHA256
7dc09ee9fcb4ef4fdbb718fdcd7fa93982897ea812073defb234ad2df96475e9

SHA512
61a2d951a445dba6b72045c7675f19f4010a08a6fb217ee7239dd88186d81be0323243fb7921f57de33d76a485625dfe72dac844c7cc6b3922a5fd092b990c49

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
0d1ea84d8c22eaf8f4c9db1ca4ca5906

SHA1
3f8a9b7d685e798f0b053a4be2ef99c13d3893c7

SHA256
71db9224bddbae61b73b1a10b5df93bb9e0abe5f4570e12bdee5fb9c3dde9eb6

SHA512
2ac20603e72e41a4d4f68291af300d8f2ffafce9ef5aa1f97a5091c73efe1ae154080431eca9c459f785e1ead1e39578a47b8402dff82070aa89686e7c00e9a6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\1f3e5915-bcc9-4a32-9a0d-c84ffcf60d10.tmp

Filesize
16KB

MD5
51b0ed003d43d040a4bdf16b27501fe3

SHA1
b17f1b88e947027008b80126024b989556929b69

SHA256
ed506fd5855dedae311e961bc7b29eefeba7fc4dd8302d68d36b96eccd49e784

SHA512
5c20dc8c26f45344c2660829ba0e646ffb3009d8ec83b53f97084b9170fbb4f370c37e1879c6255e9c09f3b9c4e218e9451f9395cd2b5ce0047d6c02b501b651

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\51d44c46-7202-4c0d-ac61-0b1f198f27d0.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\5fa18e0d-bf86-4508-9167-655a83576ba7.tmp

Filesize
38KB

MD5
2a03cce78e1989445a865c26cfc6c915

SHA1
abadefe0894fd76d7086d030a5fba1a8ed359d20

SHA256
a4a8c2dfb24185571063435ca99cd7994addc03f34fd4245d22d9a8209d90cc5

SHA512
851e118389534613d9069a71cdc90cda697d2a6a9cc64bbc535355773b244ec0c3bfd34062e56240fe7407f9b1c8d9e084e805924e6c980941eab09ce92c364b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7d49bd615bcc5a44a3772d72ff211813

SHA1
da409980d23abc2b29bc6a738905903bea10e873

SHA256
01f9554c445a4ff7c6df294582f4bffe638ca7d7920fe855167b0d72ca174107

SHA512
213979b489c92e1b37959a2e453c46d9452178b3fe3ae95073917c2612262f128bd05a9a1d5884b401c117e17b61de0fae249a667afb9c3513e9153da08f8f26

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a8f9f05f33cba2d2af18d0af1c0a7145

SHA1
610774385bcdc64d922bc338ad4cb3d266ef274f

SHA256
782263d87bf316f7234f34bdf12a321716a63249b77f3cc189faf420492e37ce

SHA512
3d26708d9b62429d424fa56f39d960359559e38a23025bf2cb065b8230691a58a2c564399c6d984e290fcad92394bda0c0c45669749e32c55b5d56c654baa882

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
62f1b4aee750d7a2c802b1b2a6272fcd

SHA1
fb7f7d45b8e28b7985311019aac76f0b98a37cb1

SHA256
74a4c234893c9546fd72ba472c2f8942a008d125659a7a2cb432c15d1196bece

SHA512
7583c1e0b9813f9540c42394a426f3601d9c1e1ffd1a466558bc698b197635da6a1d14a089c9557e46d85c53c32c87ff1839b808c94a2093cbfb9edbd6eb4fdf

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
b4fd30919c043b73d0fe0898ffe1b733

SHA1
079cfa86c15dc43020cb4f65e9cafc24cb2e12c4

SHA256
70365662464defbf2240af45d01d20703f74ce4981bec1e58d4a0b3af5c42ee3

SHA512
419df3d86a4e543794aa40faa97aa9e0774905c6b4e0c3cde7c6e50b2c060825f56a005eecebf6e3509e66b88161a7e23b8767f8b877ee92eb547e10188d7d65

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
3815d9889fa86507180dd4ddc7f8be7a

SHA1
06426e926086f5ada8eeff0f65ab2c6f84af3c59

SHA256
733e6265256cb06d37aebe51c990537d7d8682656b678eb94a9471a7378a9ac9

SHA512
ffaaf7977920cce04b5850d4883fcc5919d5f1e9c864b73ea1aa71a6bf22662477bba5bbaa8bba578966ba2c212224fc5c60d69ca9dbab270f7503cf7dd917c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
aab7e28d0dffebaf213d465111c1cc37

SHA1
9f8eb0c1ccb04ff048286da25bb875e929a9a333

SHA256
7735254bbbd6a41451b8273b4d065702ef6db45166e46b9e94fd8cf2a5104ce0

SHA512
09a6ef8e200e8b6ddf0e0e4742803af7ac9870d175ef25bde210258dd1da1dadfea56d7e6db5b146d8974ffc7ace030842aa509f2bcf21124e7af538e2d76407

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

Filesize
10KB

MD5
da29a642cc94f9333a3a5d444f214ce2

SHA1
43180f7d1bb756d70e7c6d08dd9a896d42723ceb

SHA256
4a32bbedda36fac8c0a0701a0d15750ecd606a69ae7a86846209efec0e80c5d4

SHA512
ef081e1e23b97562357c0262a5b1e0717a40c6e63f7d5b8f5a49568fd88eefa24946ee6494e4a912d4d5720a2e2724a2626599950f41177861ea28ba81ad9377

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\825e8020-683e-4507-82be-332db5349823\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13368577750493600

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13368577750493600

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\b490748b-b5eb-4048-ac6b-3ee92f61e12c.tmp

Filesize
192KB

MD5
c14564d72050bb0e3d63472c8205176f

SHA1
50aa12cc3ef74d813534ec36b98148b7361c83bf

SHA256
cddfbabfec8b87a32410a320fade4169253fb4dd49563697e360766186e2e1c1

SHA512
993686e0b3b536518fcda604d992baabfe9a26d560ff6cfd28b788d8f0a09b2f945b38d197919b9433a30a79830ef21219db9c1754d9c036e5d41d7aad647258

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

Filesize
13.5MB

MD5
5d9ad58399fbef9be94190d149c2f863

SHA1
45f3674f0425d58d9ffc5d9001ff6754f357543c

SHA256
2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

SHA512
9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
37bc7da90830586ccb855b7028e11850

SHA1
68c579a73c13cdf38a1c1d585509a30fddf64434

SHA256
b76253a7dbcfed1221c02db9da47d7c9631fc5b140372b8b071ffa4d30aa34f7

SHA512
935ebe17846438d6c075a38c51a8c0cf853603eb4a8bf0dddca4a6c65eacd34c7a92b1ee41ca2b98c22ce40bd595a147d1dbdc4d3c35e58adb77c3ce99330c61

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
99a16cd71c6e5a508b305b9f4cfed552

SHA1
f8220afdba2fa35f2e01bbda00654ddf3933205f

SHA256
876d8e151f8a371c116a851f25406208e4b5ee722a81b5ea766dd66ff6e2092d

SHA512
d35118b463f73862ee762f7da0a77ff359dde101c53c886b07e7eb2a697dfcbad710cec2c2cd5708dc76c6a639029bace08b6defc67ab18d1f1ebcecbb3a7ec6

Download Submit
\Users\Admin\AppData\Local\Temp\YB_EE1B7.tmp\setup.exe

Filesize
3.9MB

MD5
e3e9c5e3744543d4e8ee0d048c0d2644

SHA1
f9fa67357d8358520d0ff0d2efaf359d2a683324

SHA256
42b10a2ba3570330ab5f7ce9b7c6348771fff576c857c6e24b3647ab01ece760

SHA512
dacd65df09c9d1949486f477a0c88e1665a338d044a7271e089722b181b8ff8f4a868aa190beda318e44b0205211c7652dc13498a9da0615b893317b4747e211

Download Submit
\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
615KB

MD5
7eac404e89b37ba4aa20d441ee8f1f90

SHA1
544600812448c45e880ddab40b03e28a413ff3c6

SHA256
615561923960480b0a4951a758be36cfd859199205a2adc13d5940b8bde44de9

SHA512
eb29037fd9b5465cb70dac2478a7b42ee3287f5c539016ee3badd95fa3977565899e6a5eecd731c8e0ad315e22a079a0d610b4b5d5e918d4c7255c3a5b6e1bf6

Download Submit
\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
3.8MB

MD5
c93e65a71b9f191f2e64fb5fc1d99441

SHA1
c527616d8bf2b30b37ed89a3fb7d1da68e8a72ee

SHA256
fa5ec822987d5eabceaf880839e34736fa1b4c0e5085e96fc1cd1588b9084066

SHA512
77628258bde4603ba9e35dc70fc5d065cff09da166a08169d7f91d8eec3a0d2501d72fe54885cf96bf3bbdd037bd10816f411b6a3ca3ba10b9cb20cbeca21e3f

Download Submit
\Windows\Temp\sdwra_2776_330499904\service_update.exe

Filesize
2.3MB

MD5
e48068b2bbd922a2038b1954a52c6eab

SHA1
f1c18c37e26003969adb8e0d271a6797a92e194c

SHA256
da3bcf9de331db50c62cbcee5147653c7c2f87fa31df1463c5828bab4da7d555

SHA512
c612f98d2203adc83fff9b23013b0a7b0a16f253a33094b0ee9542b4e40ec4b3dd8471c14669a5c7a89124918e0466e918e31ae8609cea86c5abdc01dcde179a

Download Submit
memory/2032-3108-0x0000000003520000-0x0000000004520000-memory.dmp

Filesize
16.0MB

Download
memory/2532-2724-0x0000000001C50000-0x0000000002C50000-memory.dmp

Filesize
16.0MB

Download
memory/2600-1536-0x0000000000B70000-0x0000000000B71000-memory.dmp

Filesize
4KB

Download
memory/2700-2691-0x0000000006170000-0x0000000006785000-memory.dmp

Filesize
6.1MB

Download
memory/2700-2692-0x0000000006170000-0x0000000006785000-memory.dmp

Filesize
6.1MB

Download
memory/2700-2693-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

Filesize
4KB

Download
memory/2700-2689-0x00000000048A0000-0x00000000048A1000-memory.dmp

Filesize
4KB

Download
memory/2700-2690-0x0000000006170000-0x0000000006785000-memory.dmp

Filesize
6.1MB

Download
memory/2776-1420-0x0000000000A50000-0x0000000000A52000-memory.dmp

Filesize
8KB

Download