6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
Size

10.4MB
MD5

7991e2466832376958984467c91838a7
SHA1

ac74e8dde1c0cc80fc9f1cec0c8aa2a96da27a55
SHA256

6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430
SHA512

25ebad20284b06e215a55b04413375dabf64b8781d90c51bd42de236f8e4b66d0cada924aaa86ff1c4d2ca2b80fd4dcdfba7d987e511bfa66b0cad218aec06cf
SSDEEP

196608:gUZWC2SSJ7PbDdh0HtQba8z1sjzkAilU4I4:gUZB25J7PbDjOQba8psjzyz

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 60 IoCs

pid	Process
2068	yb6BBE.tmp
3056	setup.exe
2684	setup.exe
1620	setup.exe
1480	service_update.exe
324	service_update.exe
1680	service_update.exe
1560	service_update.exe
2768	service_update.exe
1004	service_update.exe
872	Yandex.exe
2432	clidmgr.exe
1548	clidmgr.exe
2928	browser.exe
952	browser.exe
1284	browser.exe
2292	browser.exe
2884	browser.exe
1976	browser.exe
1332	browser.exe
2576	browser.exe
1300	browser.exe
788	browser.exe
2140	browser.exe
2100	browser.exe
568	browser.exe
1580	browser.exe
984	browser.exe
1724	browser.exe
2304	browser.exe
1780	browser.exe
2656	browser.exe
2592	browser.exe
1932	browser.exe
2716	browser.exe
1968	browser.exe
1792	browser.exe
2920	browser.exe
2716	browser.exe
2192	browser.exe
2480	browser.exe
2956	browser.exe
2704	browser.exe
1968	browser.exe
3160	browser.exe
3728	browser.exe
4056	browser.exe
4072	browser.exe
2148	browser.exe
2064	browser.exe
3472	browser.exe
3480	browser.exe
3536	browser.exe
3584	browser.exe
1652	browser.exe
1656	browser.exe
3196	browser.exe
1380	browser.exe
3292	browser.exe
3780	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
2068	yb6BBE.tmp
3056	setup.exe
3056	setup.exe
3056	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
1480	service_update.exe
1480	service_update.exe
1480	service_update.exe
1480	service_update.exe
1480	service_update.exe
1680	service_update.exe
1680	service_update.exe
2768	service_update.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
872	Yandex.exe
2684	setup.exe
2684	setup.exe
2684	setup.exe
2928	browser.exe
952	browser.exe
2928	browser.exe
1284	browser.exe
1284	browser.exe
2884	browser.exe
2884	browser.exe
2292	browser.exe
2292	browser.exe
1284	browser.exe
1284	browser.exe
1284	browser.exe
1976	browser.exe
1976	browser.exe
1332	browser.exe
1332	browser.exe
2576	browser.exe
2576	browser.exe
1300	browser.exe
1300	browser.exe
788	browser.exe
788	browser.exe
2140	browser.exe
2140	browser.exe
2100	browser.exe
568	browser.exe
2100	browser.exe
568	browser.exe
1580	browser.exe
1580	browser.exe
1580	browser.exe
1580	browser.exe
1580	browser.exe
1580	browser.exe
1580	browser.exe
1580	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 5 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\debug.log	service_update.exe
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 61 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	yb6BBE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexSWF.6HWLPE5MBWR4B3UNNOZGQQBZQM\ = "Yandex Browser SWF Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.js\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexFB2.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexJS.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexPNG.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\AppUserModelId = "Yandex.6HWLPE5MBWR4B3UNNOZGQQBZQM"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\yabrowser\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations\.jpg\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexHTML.6HWLPE5MBWR4B3UNNOZGQQBZQM\ = "Yandex Browser HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexPNG.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexTXT.6HWLPE5MBWR4B3UNNOZGQQBZQM\ = "Yandex Browser TXT Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.pdf\OpenWithProgids\YandexPDF.6HWLPE5MBWR4B3UNNOZGQQBZQM	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\yabrowser\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations\.gif\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexHTML.6HWLPE5MBWR4B3UNNOZGQQBZQM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-108"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexPDF.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.txt	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.fb2	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations\.jpeg\shell\image_search\command	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexFB2.6HWLPE5MBWR4B3UNNOZGQQBZQM\ = "Yandex Browser FB2 Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexPDF.6HWLPE5MBWR4B3UNNOZGQQBZQM	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.crx	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexSVG.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexWEBP.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexTIFF.6HWLPE5MBWR4B3UNNOZGQQBZQM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-119"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations\.bmp\shell\image_search	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexGIF.6HWLPE5MBWR4B3UNNOZGQQBZQM	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexJS.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexXML.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexTIFF.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.xhtml\OpenWithProgids\YandexHTML.6HWLPE5MBWR4B3UNNOZGQQBZQM	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexCSS.6HWLPE5MBWR4B3UNNOZGQQBZQM\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexHTML.6HWLPE5MBWR4B3UNNOZGQQBZQM\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexSWF.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexTIFF.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations\.webp\shell\image_search\command	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.png\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexCRX.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexINFE.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.mhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexBrowser.crx	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.svg\OpenWithProgids\YandexSVG.6HWLPE5MBWR4B3UNNOZGQQBZQM	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexPDF.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations\.jpg\shell	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexBrowser.crx\Application\AppUserModelId = "Yandex.6HWLPE5MBWR4B3UNNOZGQQBZQM"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexJPEG.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.crx\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.tiff	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations\.png	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexBrowser.crx\ = "Yandex Browser Extra"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexHTML.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexINFE.6HWLPE5MBWR4B3UNNOZGQQBZQM	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.css\OpenWithProgids\YandexCSS.6HWLPE5MBWR4B3UNNOZGQQBZQM	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexTIFF.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexCRX.6HWLPE5MBWR4B3UNNOZGQQBZQM\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexCRX.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexWEBM.6HWLPE5MBWR4B3UNNOZGQQBZQM\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-132"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.tif\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\SystemFileAssociations	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexJS.6HWLPE5MBWR4B3UNNOZGQQBZQM\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexWEBM.6HWLPE5MBWR4B3UNNOZGQQBZQM\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\.fb2\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000_CLASSES\YandexTXT.6HWLPE5MBWR4B3UNNOZGQQBZQM\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	setup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2684	setup.exe
2684	setup.exe
2928	browser.exe
2928	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe
Token: SeShutdownPrivilege	2928	browser.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe
2928	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
2928	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2864	2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	30
PID 2808 wrote to memory of 2864	2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	30
PID 2808 wrote to memory of 2864	2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	30
PID 2808 wrote to memory of 2864	2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	30
PID 2808 wrote to memory of 2864	2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	30
PID 2808 wrote to memory of 2864	2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	30
PID 2808 wrote to memory of 2864	2808	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	30
PID 2864 wrote to memory of 2068	2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	33
PID 2864 wrote to memory of 2068	2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	33
PID 2864 wrote to memory of 2068	2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	33
PID 2864 wrote to memory of 2068	2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	33
PID 2864 wrote to memory of 2068	2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	33
PID 2864 wrote to memory of 2068	2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	33
PID 2864 wrote to memory of 2068	2864	6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe	33
PID 2068 wrote to memory of 3056	2068	yb6BBE.tmp	34
PID 2068 wrote to memory of 3056	2068	yb6BBE.tmp	34
PID 2068 wrote to memory of 3056	2068	yb6BBE.tmp	34
PID 2068 wrote to memory of 3056	2068	yb6BBE.tmp	34
PID 2068 wrote to memory of 3056	2068	yb6BBE.tmp	34
PID 2068 wrote to memory of 3056	2068	yb6BBE.tmp	34
PID 2068 wrote to memory of 3056	2068	yb6BBE.tmp	34
PID 3056 wrote to memory of 2684	3056	setup.exe	35
PID 3056 wrote to memory of 2684	3056	setup.exe	35
PID 3056 wrote to memory of 2684	3056	setup.exe	35
PID 3056 wrote to memory of 2684	3056	setup.exe	35
PID 3056 wrote to memory of 2684	3056	setup.exe	35
PID 3056 wrote to memory of 2684	3056	setup.exe	35
PID 3056 wrote to memory of 2684	3056	setup.exe	35
PID 2684 wrote to memory of 1620	2684	setup.exe	36
PID 2684 wrote to memory of 1620	2684	setup.exe	36
PID 2684 wrote to memory of 1620	2684	setup.exe	36
PID 2684 wrote to memory of 1620	2684	setup.exe	36
PID 2684 wrote to memory of 1620	2684	setup.exe	36
PID 2684 wrote to memory of 1620	2684	setup.exe	36
PID 2684 wrote to memory of 1620	2684	setup.exe	36
PID 2684 wrote to memory of 1480	2684	setup.exe	38
PID 2684 wrote to memory of 1480	2684	setup.exe	38
PID 2684 wrote to memory of 1480	2684	setup.exe	38
PID 2684 wrote to memory of 1480	2684	setup.exe	38
PID 2684 wrote to memory of 1480	2684	setup.exe	38
PID 2684 wrote to memory of 1480	2684	setup.exe	38
PID 2684 wrote to memory of 1480	2684	setup.exe	38
PID 1480 wrote to memory of 324	1480	service_update.exe	39
PID 1480 wrote to memory of 324	1480	service_update.exe	39
PID 1480 wrote to memory of 324	1480	service_update.exe	39
PID 1480 wrote to memory of 324	1480	service_update.exe	39
PID 1480 wrote to memory of 324	1480	service_update.exe	39
PID 1480 wrote to memory of 324	1480	service_update.exe	39
PID 1480 wrote to memory of 324	1480	service_update.exe	39
PID 1680 wrote to memory of 1560	1680	service_update.exe	41
PID 1680 wrote to memory of 1560	1680	service_update.exe	41
PID 1680 wrote to memory of 1560	1680	service_update.exe	41
PID 1680 wrote to memory of 1560	1680	service_update.exe	41
PID 1680 wrote to memory of 1560	1680	service_update.exe	41
PID 1680 wrote to memory of 1560	1680	service_update.exe	41
PID 1680 wrote to memory of 1560	1680	service_update.exe	41
PID 1680 wrote to memory of 2768	1680	service_update.exe	42
PID 1680 wrote to memory of 2768	1680	service_update.exe	42
PID 1680 wrote to memory of 2768	1680	service_update.exe	42
PID 1680 wrote to memory of 2768	1680	service_update.exe	42
PID 1680 wrote to memory of 2768	1680	service_update.exe	42
PID 1680 wrote to memory of 2768	1680	service_update.exe	42
PID 1680 wrote to memory of 2768	1680	service_update.exe	42
PID 2768 wrote to memory of 1004	2768	service_update.exe	43

C:\Users\Admin\AppData\Local\Temp\6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
"C:\Users\Admin\AppData\Local\Temp\6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Users\Admin\AppData\Local\Temp\6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe
  "C:\Users\Admin\AppData\Local\Temp\6f366d780677fefd85e26bf8edceecdcf802cc891c1bc11bc0200263be444430.exe" --parent-installer-process-id=2808 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\a65df74c-6d3c-4cb5-916c-4e2b73c46b1e.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --progress-window=393750 --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\11d8d7f2-ee0c-44b9-bae8-e6f8398c256d.tmp\" --verbose-logging"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\yb6BBE.tmp
    "C:\Users\Admin\AppData\Local\Temp\yb6BBE.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\a65df74c-6d3c-4cb5-916c-4e2b73c46b1e.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=44 --install-start-time-no-uac=219200600 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393750 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\11d8d7f2-ee0c-44b9-bae8-e6f8398c256d.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\a65df74c-6d3c-4cb5-916c-4e2b73c46b1e.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=44 --install-start-time-no-uac=219200600 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393750 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\11d8d7f2-ee0c-44b9-bae8-e6f8398c256d.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\a65df74c-6d3c-4cb5-916c-4e2b73c46b1e.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=44 --install-start-time-no-uac=219200600 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=393750 --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\11d8d7f2-ee0c-44b9-bae8-e6f8398c256d.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=272256200
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2684 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x1279d28,0x1279d34,0x1279d40
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1620
      - C:\Windows\TEMP\sdwra_2684_1119114936\service_update.exe
        
        "C:\Windows\TEMP\sdwra_2684_1119114936\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1480
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --install
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:324
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:872
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2684_1502790510\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1548

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1680 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x10ad784,0x10ad790,0x10ad79c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1560
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.1.1030\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:1004

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=393750 --install-start-time-no-uac=219200600
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2928
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=2928 --annotation=metrics_client_id=f783e53bd803462f95d3b5549b2cd252 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x73a59a14,0x73a59a20,0x73a59a2c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:952
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1808,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1284
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1708,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1816 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2884
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=2020,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1916 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2292
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=2328,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2448 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1976
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=2604,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2620 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2920,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2916 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2576
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3320,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3340 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1300
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=2896,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:788
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=3900,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3920 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2140
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3888,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:568
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4228,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4220 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2100
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1840,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1580
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4652,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4660 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:984
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3740,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1724
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5032,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2304
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5148,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5152,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2656
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=4088,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5420 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2592
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5432,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5508 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1932
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5488,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5484 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1968
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5560,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5508 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2716
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5692,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5588 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1792
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5540,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5644 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2480
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5480,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5740 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2920
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5556,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5864 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2956
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5552,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5988 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2716
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5464,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6112 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2704
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6240,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6236 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2192
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5564,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6356 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1968
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5412,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6404 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3160
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=1928,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2036 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3728
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=gpu_memory_collector.mojom.GpuMemoryCollector --lang=ru --service-sandbox-type=none --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="GPU Memory Collector" --field-trial-handle=3316,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2924 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3292
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=160,i,10253464054248838877,8809253777523248852,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4876 --brver=24.7.1.1030 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3780

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={3670D490-F746-4DC3-BD60-6D19F83ADD6B}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:4056
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724124761 --annotation=last_update_date=1724124761 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=4056 --annotation=metrics_client_id=f783e53bd803462f95d3b5549b2cd252 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73a59a14,0x73a59a20,0x73a59a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4072
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1900,i,9184644551140599616,5595854370614898549,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2064
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1784,i,9184644551140599616,5595854370614898549,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1908 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2148

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={29C8ABE5-F53E-4EE7-8CDE-4CFED2533A7D}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:3472
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724124761 --annotation=last_update_date=1724124761 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3472 --annotation=metrics_client_id=f783e53bd803462f95d3b5549b2cd252 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73a59a14,0x73a59a20,0x73a59a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3480
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1732,i,14471654596623143940,9111808362159720146,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3536
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1960,i,14471654596623143940,9111808362159720146,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1976 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3584

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={40088ABC-745B-42F0-8AA0-461F398C8B4D}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:1652
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724124761 --annotation=last_update_date=1724124761 --annotation=launches_after_update=3 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1652 --annotation=metrics_client_id=f783e53bd803462f95d3b5549b2cd252 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.1.1030 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73a59a14,0x73a59a20,0x73a59a2c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1656
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1724,i,16569048196963332015,758652309679223461,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3196
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=36239CF9-5F66-4EB9-9D67-D74DAD2C29D1 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1952,i,16569048196963332015,758652309679223461,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2012 --brver=24.7.1.1030 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
708B

MD5
ceef32accac9e567e918de7d82ee4fb2

SHA1
bffd9f979c48867a11333566bafdc44bf4f07dc9

SHA256
93e4ba4da80e9cf5001f729fec766d35b38463bfcc8caa7e12abdce563a1b209

SHA512
519f69e6d6f0169feb7bd71eec326c3097f8c05cfbe713f0782d0130037358379a1d34d179ac520cf7343e3176f5daa38924c207c34f17d5ce6ff4834cdf7bb6

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
1KB

MD5
79f1c7fcfb8d45260b2a8659fed6e14a

SHA1
11614ad2113de5d28ea66779ad3aab9b04619855

SHA256
4ec200ea27d04bb6dcacafdf910f83be90ef8fe789d43f2ab8024bfe38004784

SHA512
55a052caf4d9ee32e34cc145ddf825e9a64e232354222c85596c934d41a6d17620f3397fbb01dde3e93aab0318852f158434baa4d9105d8a4259f5625878ab46

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
9b710674bf60949f474e3da0d2192452

SHA1
2b836b972019d2786779d296f42d56a215491e09

SHA256
640e79e077292acc1dea98199d50a1934f2d87854da91a241afe42d82bfed14f

SHA512
72be113d1e8041a5045ee1edeb916f6bbfe516776ff17b865ee32b2c55b86e0694036ac313321bb7c23fabe10f434b31f3bbcfce078d543232be008d746a5a75

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
fd7a01a1dbf6bc5fb478760d9dc78334

SHA1
2f152d171489b8bffecc8664be509a34f9a33afc

SHA256
f49ea987a52ff020cd8af39bb4cf9461c151db19fbc31ab6edd4f9a200295f08

SHA512
4d20e6eb85d583530590ed3293fd48cddfe9ad8c512ae618f3304a8684a93f29d3fa200609d50224f882804d4eb7ecaf29bfc134af057a5d8633193c5cf87d2c

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
5b54ade16a91438681d40841adeb4962

SHA1
4e89424e56640205670a2068d1d6a9d9057a8891

SHA256
710c9a33da1069a0d074bd176e785c8a72bdfa2477f080c1a4b5377231c62104

SHA512
b75e9bbc2c4b82633fedc151b1cf1aeea3c92a3ad1561e7c6dbd0aee3b3383b82582259b1a520f392622512823f7919dc1397802250c588b5f443f0f8407a683

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
8885c74e37d68f1e2b87ed9f7ca01f5d

SHA1
722ef426b4b3d93890e357a10098548cef65786d

SHA256
115ea3fde3e03192142d8ffc681919e7cd08c1d41d71b2f7a50bfdc0425a0748

SHA512
120742ff6da862518ca9d6735ea43fa14c3b9e45c662201001595e57ea2d7a899bfa117a341ed1972e59af38898410c12aa7adc5a0df864fd99481239b570a12

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
81e641ff8ee5cb6893b9ef695b60a092

SHA1
79d64135dc34f0f6dd38f210a0580889eedfce5a

SHA256
09ddae813413b3d1eb207570effe462e6ea93aee1e32695bbdd83f3e56f8ed49

SHA512
8d00767fc36cf7829fd73401369155d2b34f7156552ed319018ceedf4988fb75ef469c6097442702efcd1f066aa1b4c2f6a258529fa09b18da4ed632c267db9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
3cba3404cadbf512778b9c62da53199f

SHA1
0c7bcf67418c73f2be0f212b847e4e980814b261

SHA256
37dbedfae5c208369e35c9c4abd565577749d55b5614ded7cdc0e07528e4c718

SHA512
26c9cf0ecef63b2e8b5018d8da1c043061e783bfb487d43cd23a0a5455eec6c7fa8f22168967f36fb7a353d22311ca1adcb33a6f74af2de94629f1dcb049953b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
a73f2d0c13b370743eef79d0b9d7ac2e

SHA1
97387bcb68666171a4c7f61ce416dac89004e653

SHA256
e0fe42c2599a753a18d42f95da21ba77cabbf64e61fad9dc3cd2c5daa224f91f

SHA512
332305ea2fee42b56bb00cb5fb1cac40bd7a3de3a5a72d93d192603247dae7f981bd9856b3aaa165df40c3cf35b7b86f3fdc47e6d03c203dc673fcb797e3b989

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
7c12f44882e4cf125a723c99927183cc

SHA1
c3026aaf894fa22bb94bc5542fcf6f619b66bf20

SHA256
1b25a09690e14c4b58bfe2ddd897a1d730b289442431148949e7c18f9a813cd4

SHA512
f69a6209f692490dfdf4b0713f97910c71e0664624a4954c50b6ee87ee3e07ea651769221d4d73a72b482ba220a9b5c5d02f03ab5cdffa20db4d59861ae1a76c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
0c1af4071154510974e4764ea86593f2

SHA1
0cd8f8dac0afb0ff6cde341ff5ac5cc306218563

SHA256
9e4f3a3171d18f872a023e628357a7ccf8b38696d25a93e190849cd48e8e168b

SHA512
a476abe6f3ebe19a7f54a840381376702eea3db9e024d2881c4471c279d94d40b25ba6fc487726f3e1587964e102f3c79d17dc028fa6b6f37d5a03564ca027ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
347e5a447b98397e60c5f93a0b8166bf

SHA1
afe485c85a886a4ce9f4a1f0ad859cc6f6c2f323

SHA256
2f65c0edff4ac09295451e754d428e075d279de8b5b22e738e92a0fd3c3b45c3

SHA512
d32263f0cd514f6b4cfc26b7639642283acba44c679930024c0e89885dc733fa3165579af02991954a8a86601c4bbf79cb9549e93257721f5b04b53b2a8be494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b993519537504eeb96fe3fd40a1690f8

SHA1
3bb83132c5955bf0ee423cde3a97687ce357f8ab

SHA256
39000f6cd0292f91c907f1af1b4ac0a5ea41f7288418604587b90724bc67a42b

SHA512
2bffc334c5ebf9e704468cb9670d16a6734ab407839729df7641481bc9fd9df14dc812eadb9e1db2cf5de9b621f6e1ba5f047191d1b698dbd58f1ebe7ff351e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed3a031d4b093f3e10e269c4425801f1

SHA1
a636140481c6b91410f79be0c3cbab5e09293d96

SHA256
4427ebc13b588b2a7dda8bedfc4c5ab5d7131f395ca8f6d3d95d1b37f125f2d4

SHA512
ad31d238996d0d82a6a43e45bf672ebaa6f5eac889b08d8e84667e50f3898ebceed4ba7541cec8565db87a692e6266ad278263e2701ea7b1f3e986f81fc38411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
510f122061624efc1b71e9d150c17235

SHA1
b2c83b7c9b6e2645aca3c0b7b425faf81b19d9e3

SHA256
59061f4dd2d2c3b045dfe16d57253de22c779d2e6bc549a818e93f42cc24bfff

SHA512
13aebf7a3804a27ede0b03183be2aa8b59f40ed7cc36c1c9cf2d9a2095bf47098bc6610b12707bd2c1924fb9eb34850ed4ed7c29748d93336b36ff18e854f382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97bf3265d781d883bc9d31199f2b9a24

SHA1
79678fe48548acd0543e098bb74f4d4d745b3686

SHA256
267adf1239e524aef71e67826d2a35491b71acca57eb3ff8cf3d2491e76eda5f

SHA512
f4befb4cdeedb9ed13eb7e0cccfe33391e589b0c67736df2323bfca4fd9264c3ae97885b177fa03dd45bf0e50a40e10d34d7e2868f28690b6062aca5fb312302

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5514846549a2d9a8de8697aca405f33e

SHA1
8a348a0e2826cc97fcacec576bec8413a7e079db

SHA256
614032b9b032f6a19e6e7b2599f2a5e273889e6a9ef321222aab5819b8eb51c0

SHA512
30cb9ed0288b46560896a12e4f8a01e685ba163eafa1dec36a784a08b528d4f48998c2944dc5a1b2a55ac1880b6af7847a9aebcaaed35bb1fe8d5bc08f268758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
1a488da09dd002e9c23fe7012668d377

SHA1
6e7d810f3cd18eff5fe822c21fed27961d60efc9

SHA256
553bd7a9d5eaa44d2a5dddc6bb53a30829e2f2e1e9919e814cea38ab66c40b99

SHA512
e1e8e505e39b386cc2dcf5fca7732cb2aae1c7a0ec18d96ee916fa7c2ef6b0b23176b64d772698555ca80f2956d37013438f89d76115fe795705bb8952d643c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
218e2aea7d33387d20e29a0ba2f60d91

SHA1
9bc72050d414dbf0fd0d12fae232285efaaa4ac4

SHA256
3928a23ce232d346b411b49e3ee85a163e36a54abf2aff76772ff40055c6ab8b

SHA512
a1d72ec98feb977e2f996c981f40a8b34278fe8883b3f07f4f85267b7aad38c104570539853d6459cf49c0d577714465f451754eaefe60ecf1cc025e28399c1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6EDD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
f609e719d46e21530ee972ebfb083393

SHA1
e5c0b8f5ada4034bd34831ded6fe8d06f6a9941e

SHA256
80cbec2da26291caa67309c161c288b99d4cbca16970bc37311ae309a065235d

SHA512
aaa01d9c7b3b0547826c8099998f0df5b86dbbc1d3a26d8787cea8e0c9af69a12df2d295098b5df1d4d30a9c14b6a01bd4d645957e073f580b4fff01409adf3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6EDF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
029f648eff2e627f79e67f4cbe600a4c

SHA1
daccf3b56f8381fbc46209a1083ff6fcd7e019b0

SHA256
60a386409430fdb330edaaded4fd611ef3598c9263521f516caa58e4b0cebcc6

SHA512
c7160587ed0c7c5331c483f5959c50b8582c07545183f789f928ba6c6565743a102f8afbbd645a074f25c218ce95c21e6b2d73ef9d182ba084aef52bb33a14c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\brand_yandex

Filesize
1.8MB

MD5
15875781db4aa2cfc22342277bfd0fde

SHA1
33dab1129fe59a74ca3cf619eb658dc091369b68

SHA256
d68b20b086b29afef9cdd016b8b042b7a5e2ee5fdbcc6f2e99715933143ff1e9

SHA512
fee63f0b80c8d624dcbba5f8ad0cea17a9d6e030ee16f8b76df13d7c8419129c6ce6e1379b046a4406504d312943752fe513728092931cd193fde639aeefb732

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
368B

MD5
2f79cacd3bddbfeb84bbb9dd20633770

SHA1
bd69f6aa6a874a5663339bf56aa49dd9466f3e9f

SHA256
87969a7ee86e532555f79eab96fc8445eff60907d3dda6a1fc9121125e49ba25

SHA512
d5bcc1751745a23f5a768f672852b4a7688ac04324f78cb06b1a1d97952d60de593032c5b4dde1a7e26fdaebb762e5a834e737013825fa0e4e145c981955aa3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
1KB

MD5
b1f29db2a3efa873555cae18be6a3903

SHA1
42857fb9960594ac9534e080bbe6d421808a65e1

SHA256
9f82e37d546232e04c767447a4c6bed3fe8871915ae92997a39c5bc17783714a

SHA512
fe8f0ff4ae6dd866c5209cbbae27f8129b7a1bb770d3fa4e7702e4f77fa34d83c7045208fe63b2062cd70a384d74e8f976725dfcd5287f079442329fd9bc91ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
7ba125251be826d257033443f68a3ebe

SHA1
ab755db6729f3e746202cf880bc16e0c5fac6117

SHA256
1a5b949c4531267a81a6214649564cc14e4c940be44a5ce6fdd3b7026b6b21ed

SHA512
7ed305aca01ce3084a7cac74a2d0e8792eb69960e0fcd9e60da0dc6e197444c0625159b8139be6d2f235e9b38cd2d7a9f148fc4c4c42264c04c5b5217dbb9f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
5c3639ed51f73b164b6b3b05a724f6cf

SHA1
90d1ee879c15c87a769afcec5a46b7c85d23bf25

SHA256
1b1b7bc248b6bbbbaf111ae195de3898b41398fa3c38b74cd86476a03e1a724d

SHA512
2e8f6592be61b17ba3791dabb699fb46464e8834f816ec0051a9e2ce7bd289f3a34f927e502fc81a176a5fd57f6a5becd5b6eb90b9992b395356118093685f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
5KB

MD5
aa77ac6935b848ad0de355db7b2816c6

SHA1
7793e48b11c940935b52a98e4c2273d183a041d2

SHA256
e80fa35be9a875bb930880711d92afc4f67097fbc38fd918f7802db9fa9fa517

SHA512
76aa01cbfab1ee5c295e1bfba9584cb29dbad663e98bb2be983f45b88e3e5fd6be0d5ce21ad619065d640e7cc56d0a45b9200d23371cbeef1fb7126e86d18744

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
39KB

MD5
b699464c1574e9ce9bc3c1fb5da7154a

SHA1
9dc1adb4af680546621a1677da92fa31c136e2be

SHA256
8b2bb7a656d693f0924a4877625ca90ae0f8036751908f0c807db44ff78e4990

SHA512
baa3115bf64f87e5d6b7cb028d77cf09dedf50f598cfcf9ee6c877a68a8d64734124f31ca5554bba34f73c66157d198b97bef6fa51fb23d0f6a17c4f22eb7542

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
39KB

MD5
aaec9a02ef24dfe662416f0224986c11

SHA1
50aa632c039a487421ce2367344716ee0ecf25f1

SHA256
a246a2cf18b58aada8adc9b3d2da5749cc1353bd7a48ef863a31eee5b9f21912

SHA512
2556bb531708472f5bca56f721afb9e0a8639414d506c0f35e8b576c929e6e2ddefd1d8e11137a162c8716fa7f8153c3e974da36da4402a5865cf9c23a5cd17a

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
171KB

MD5
3a2fc253fb320ed2434634267fd66a06

SHA1
5705c70e0fe44eb359d2022938ee69bc1635e542

SHA256
808141fc7fd533e08fe7bf80cc2bed88dda2e7f35e2da7526b9593b9e730d96e

SHA512
cd6bf9816abe160603f285fefaaf9da04e3108dae64878a5bec97d3e95c90dceef5f931dd9b097907115e0bae8e41462761b52f695e72c773fcf6dffe2fac76b

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
75f05566c9fbf7691d7190acfda67d46

SHA1
b26a8de61f91d9421ab99bbbf6d6fc0c21d59f14

SHA256
bd210692ae881ca1a913940a231142f75b7d19a1b405388be526dccaf3941ded

SHA512
9a26557d499640d126d6eb4069839a3e42a056fc600fa21840cab22494231f794b02be2eb9950d33b5ba0fb9ef3f9f10bd240864afeece2162ff3d6733116c11

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
62204bf1c3c23b8019c5ea4931a2b1e6

SHA1
276110e3a023c397c39743e68cfdb1fd58f8f953

SHA256
f1131e69e4b72130cc5956cfc9e434af6d9f128ef6ae9dcb0c0f45fd06c55b2b

SHA512
21901dc8436d277eaf3d346e1af16a03f84566ec564ff15dbbbeb655f984b13e2b04a19f701e680d4d3632bf7b048e228a22d46ede1d18ec47b3ae8830739933

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
615KB

MD5
7eac404e89b37ba4aa20d441ee8f1f90

SHA1
544600812448c45e880ddab40b03e28a413ff3c6

SHA256
615561923960480b0a4951a758be36cfd859199205a2adc13d5940b8bde44de9

SHA512
eb29037fd9b5465cb70dac2478a7b42ee3287f5c539016ee3badd95fa3977565899e6a5eecd731c8e0ad315e22a079a0d610b4b5d5e918d4c7255c3a5b6e1bf6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
1KB

MD5
3cb63a54f8277846a7839659d5fee37e

SHA1
052bfe4271c5a629bd872aeb3f85f42e98b54115

SHA256
2ce3cb099667e2a7f8fa3849b46d9115583a603814705b074345564effa2056a

SHA512
5fab3d2bf8e44aefb77dc557749a8d060849c1ffe9c98f6684ee3c9d538730fdfb66386a76d06b2e1dcbab1f0f5663ec178309be93d34c79557a0a53d33d16da

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\brand_config

Filesize
8KB

MD5
c64949ff239a0a9beb4114a1b27e0d81

SHA1
94983a5b27544b3b5f8c7c265816feb7c248b835

SHA256
4d944422a8ad8e97d23f0a1d17acce76115831a6bf5e1e7466da919104d4ba92

SHA512
2e50c4888012373ccbd7d81d936e322a2131e4f66e5f6e8fcb869b7c85eff23c463510550a4b0f895ba6df6a7b00db5ddc153fcca5cc04c820485e427ab85ebd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.1.1030\partner_config

Filesize
692B

MD5
807c3202f4ee1c6e7c2c34e7ee224e6d

SHA1
0df6a74ea5677b26f52ac9b06643f47afb4015d6

SHA256
9fe5e97cd8eeafccf0ce63e997c8a5ff37998308dd7c57f1fe5b319b3c3b1ff1

SHA512
6467b26a30684252ec4a8c5fe39a614c68fec396204890f467522cf21cc38f6e1e3a66f8223cf0f0f33f75f2ba8564d2c75f4f6ac16530cd16743c4dfd28bde5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
3.8MB

MD5
c93e65a71b9f191f2e64fb5fc1d99441

SHA1
c527616d8bf2b30b37ed89a3fb7d1da68e8a72ee

SHA256
fa5ec822987d5eabceaf880839e34736fa1b4c0e5085e96fc1cd1588b9084066

SHA512
77628258bde4603ba9e35dc70fc5d065cff09da166a08169d7f91d8eec3a0d2501d72fe54885cf96bf3bbdd037bd10816f411b6a3ca3ba10b9cb20cbeca21e3f

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
4d4d5e220d47e0371115caad1bcb6418

SHA1
6032dabeb479a172d1e4f5e9095835bfb63d4503

SHA256
99e1e4f800271aea5bb51d16e46e050f077287fed51ef6b537c6e75a9b0f9e7c

SHA512
1a84f747fcec5580af67daf4294a2e8e0e1497cb1408fe0f091e8c265483e81f2e36e42a00cfff4ffe5654d63fed9852660713e38b3d1491d3e965028c9b3685

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\configs\all_zip

Filesize
650KB

MD5
849cc75f9772e37306aaf9980b7b33ba

SHA1
c784d80bfef09853850960a37b330f93427fda7d

SHA256
7dc09ee9fcb4ef4fdbb718fdcd7fa93982897ea812073defb234ad2df96475e9

SHA512
61a2d951a445dba6b72045c7675f19f4010a08a6fb217ee7239dd88186d81be0323243fb7921f57de33d76a485625dfe72dac844c7cc6b3922a5fd092b990c49

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.1.1030\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\44834678-2c11-46eb-8cb4-e6cab164c065.tmp

Filesize
192KB

MD5
2c39c2b6880a86e1daea0aa5676ead5d

SHA1
2de64bb2985a8228682749704547eb4dad77a7cc

SHA256
63a56c1bd67ebc5fe10e5521442e9d10ada3f7aa6d41ddafe4c8b3b9caed7a88

SHA512
85a905f2ea6ecf66acd4617bd0d3939c60d1916ca95ac8636f51b430ab4562723d536d323a557f98dca57bbea991150e2e34f5a229258582d8181152e4f72f60

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
fdbc202977f5cec74b2da38d57de248e

SHA1
596d997234ebcb2b1db2524fa35632c4867ee35c

SHA256
be83beefdd02b247e447e42affd997734c9bbc5ade1a8611255eee1709bf1624

SHA512
0017bea2dc02c9277f7c4277d6005f7db1214e57201d4c1c2a6f948e9c4e25744ae6e6f17b7cc171dc3f16db9c04c6aa4f4c4d47da686ab895f5b37eba529ebd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\DawnGraphiteCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af4048ced1a54a2947315ef87acec488

SHA1
2527f75329b86fc3f186fa3cafe0fa115c35bec2

SHA256
d651f296963deaeb5f8f3338e3ef215631cf1be1c04c8bda2573a6d6ad6ca7c2

SHA512
d68582faf51283c4546f92ff4c10c6d40c026a9da225e628ee400184cc2a4e719e4be7f9c6bc6a3bbe3524604fe8a9f5b578d470342ac5411d9d9292ad1ed92c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba5dc5c330e927027a2f60c3f1a749e6

SHA1
acce3c2256d4a9cc9b557fc991e044ff6615cd03

SHA256
9b4b45ef827ca29a04a1ac6a7c1c11fb0f6270865d2f2b0f6e8eee9579a24dad

SHA512
95e2d962707daf5448981a3d162beff46b5756e77d4dbabd95d8fc53ddbe0cfcbdc19e95f54a4cd4e5964a1f90ea35b1a6b3737fca6cbbbff74877bcbb5502bd

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bad8777376b7acb5ceab4eb35e3359db

SHA1
6259b6ffa5733bcf2a1f88fc0472db94a9752b3a

SHA256
e2d93a87e5f4798ce741585054651c32306f576e5d56ba3fb631cd9a52ba94fc

SHA512
33ec81fd749036897839869ac109ca4bdf324d06d7ee517f47812c659cd677cabbba0c9162454dbc3557d2f75d6c461e57c5019cc82b9ca7f965fd4599429ee6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b0804e6dac8582629e6f8f4d726596f

SHA1
303f02e7efe142da6d3be620cbe4ee319a2b61a4

SHA256
25aa8e08262f0b501c262d8b9d24003970ed8daf2279304a1241121d332c9e33

SHA512
d2e258125bb1ffc1c4ac746eb1e709d7f27e5c7d9826e5e891a9675c8edb2f735ddb53fae56d76ca63e317f38e76b53c53b338eabe2a758cd152f6807238a6b6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
32b20f10d18635e74f61fcb1bcae67b6

SHA1
c9a00e9551bc6a7b4ef034432bc9ae79b8b8c710

SHA256
2c9406893e4aa6b69b5c3dd42371c4cfcf32aa7555762a94e76577975440bfd5

SHA512
090c8320911fb47774bbc93442f2bc6834798621d6ebab8d9af1fad8eff0220bdfa1a01c0380949247f5ea034e0762ff395cbd8b65e1ef06f87fdb8f9214ae93

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
68fcaed93d40537d4f5be8ac53aaedb9

SHA1
63ba0be21857df974d17bbfa721eb31364bb708d

SHA256
0c0da4e1b12cedbe2b3992a7fb57d2661b239e1ecad7102a3adaece17a7d2196

SHA512
ca8ea9de6ff884dac2f4f04fde5bda45d992269405fce8937b649a3548197203e218aa7e98a7b0f5ffe5d5564ea057eb4af21e057818ed9db5dce175286d2dc5

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
784e69fe06c7c7497edd3ecb7f2ce715

SHA1
b3cd67d1b6b339ba1ce741c14d48282347d200d8

SHA256
86befb621e91b782bcc1194236f5ff25d8a15d779153f21db93ed324ae52b604

SHA512
d50d66faf7970dad2a5323a8223979f83ec0e12cbcda63c9694459b40b34cf103553dc08a1dd4e13710ac382b2f3d3592d8d95e1e4bdd3ca3e6db419ed80483c

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf778546.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\186bdbe5-8762-4497-81c0-9e0f7756bec3\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13368598363866600

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13368598363866600

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\bcadigmkecmhhknameopgaidphameinh\Icons\48.png

Filesize
2KB

MD5
7cf35c8c1a7bd815f6beea2ef9a5a258

SHA1
758f98bfed64e09e0cc52192827836f9e1252fd1

SHA256
67c320fa485a8094fc91cd3fcd59a7c75d2474e3046a7eb274b01863257fbe01

SHA512
0bbebde654c9f44cf56b74fc1a9525b62c88724ec80658efede3cbb370c3a6d4f3e78df459bbd0559a51838f4a172bdfcd370bd5477038309024b77cd69f2a15

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\a64e984c-69fb-43e2-807a-f2f6ccdd9d12.tmp

Filesize
38KB

MD5
47121c15ba4e4bd2d8ad18f2a2befa64

SHA1
65572e2dd12dc563305dd3a3518dc21b93052c5f

SHA256
b4c9b38ee39eee4007510fecac040dc775b3507c692b4bf0bcd904c541bdf0f0

SHA512
ec5322c9943cac4023e2014802c1159c78f6686a465d326244b83683d9973500681287890eec3ac475601920a790d0f43dc2fff70a3e068c12fe204f1b4ae951

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\b7f2f443-c390-4108-8e1b-1ba92e4dd1c0.tmp

Filesize
15KB

MD5
de793c9da1ceb0acfe40dcd45544a9a8

SHA1
b81babec49daafd183c5fdf25b489cc82ee98080

SHA256
1c093a1969d5e25546e145c7b752065ef344a7775c68f940599114b72384dab0

SHA512
17e5c31e6e17845687c5427532627c6d6161389e560433ea44957e74038df2afff420aa3c745d3a1efefffa88437d9d4c8cffbe0e5e1179b9b6ccab1ed2cd392

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\c1787a50-6a41-47c9-8b20-d7096b7b2d86.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\d4102e39-0961-424e-b8ac-01c144b52f27.tmp

Filesize
10KB

MD5
d77c7077c04482dd1b8ed59c4a540be8

SHA1
87f483bb34ecb8306f529c242b621d33e6a2c750

SHA256
3eea7ca66420deab5cbd33d73418ec682a921cb0a3468b1c70349f9100bd2763

SHA512
8ffdb5757987216ee116e541bed22f9a5ba09c6850635e28cc020fb89fe0810a15f3affc03da4c1e53f32782b08670883e732261bca9cf98b2b12113ef680d92

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

Filesize
13.5MB

MD5
5d9ad58399fbef9be94190d149c2f863

SHA1
45f3674f0425d58d9ffc5d9001ff6754f357543c

SHA256
2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

SHA512
9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
d8b7e11f40552396147434d1823b915f

SHA1
93cd6bd480b1645482ffe5fdd27e85cc5ea5eef1

SHA256
9986a639cf5cc9093ffe9f2f03fa62e00d40dbf06afbddb007a72f02c212b194

SHA512
c5ef771fb26bd6b619e67f9cc67ac94d4d208637f560d2ea2b24eb551d063cec7bbdd4e2339e4ff238906ac6cf2670e23d6fa4295623d4ba2b3c2f9bf270082f

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
4b6a6fbcc129ba01f3eda42e4b49bce4

SHA1
2b5dcd479a9e5f553dd37e87281a59c6e5041394

SHA256
f40e561d160285391be062fd3f6f21ff57d8d76f210eb51006b05618cc9101ba

SHA512
b476fa7e309a32d57d129ed2dd6183593f56e59a82b0936ebfa73ca06c9007ee8527af8deadc01045170d755922e8d6f946262f159676a3375caab972bba2797

Download Submit
\Users\Admin\AppData\Local\Temp\YB_AFD97.tmp\setup.exe

Filesize
3.9MB

MD5
e3e9c5e3744543d4e8ee0d048c0d2644

SHA1
f9fa67357d8358520d0ff0d2efaf359d2a683324

SHA256
42b10a2ba3570330ab5f7ce9b7c6348771fff576c857c6e24b3647ab01ece760

SHA512
dacd65df09c9d1949486f477a0c88e1665a338d044a7271e089722b181b8ff8f4a868aa190beda318e44b0205211c7652dc13498a9da0615b893317b4747e211

Download Submit
\Windows\Temp\sdwra_2684_1119114936\service_update.exe

Filesize
2.3MB

MD5
e48068b2bbd922a2038b1954a52c6eab

SHA1
f1c18c37e26003969adb8e0d271a6797a92e194c

SHA256
da3bcf9de331db50c62cbcee5147653c7c2f87fa31df1463c5828bab4da7d555

SHA512
c612f98d2203adc83fff9b23013b0a7b0a16f253a33094b0ee9542b4e40ec4b3dd8471c14669a5c7a89124918e0466e918e31ae8609cea86c5abdc01dcde179a

Download Submit
memory/568-2264-0x0000000001BA0000-0x0000000002BA0000-memory.dmp

Filesize
16.0MB

Download
memory/1284-1566-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/1380-3397-0x0000000002860000-0x0000000003860000-memory.dmp

Filesize
16.0MB

Download
memory/1580-2566-0x0000000005870000-0x0000000005871000-memory.dmp

Filesize
4KB

Download
memory/1580-2567-0x0000000005880000-0x0000000005E95000-memory.dmp

Filesize
6.1MB

Download
memory/1580-2568-0x0000000005880000-0x0000000005E95000-memory.dmp

Filesize
6.1MB

Download
memory/1580-2569-0x0000000005880000-0x0000000005E95000-memory.dmp

Filesize
6.1MB

Download
memory/1580-2570-0x0000000005EA0000-0x0000000005EA1000-memory.dmp

Filesize
4KB

Download
memory/2684-1459-0x00000000005F0000-0x00000000005F2000-memory.dmp

Filesize
8KB

Download