9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26-08-2024 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
Size

10.5MB
MD5

744a51f2f990a59716d4f51c472563ce
SHA1

5baec99bc9b298004d21e09a7b2eba8597d491d8
SHA256

9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b
SHA512

0775fed227a83853e3f53411a20667d62d43b1f0cca3174b96c72b7f31ff2439a86c601333881c0f6a5ae5d40b4b1d492e846355dd667f68194f2ea49c2a8790
SSDEEP

196608:WrxHqiSSJ7PbDdh0HtQba8z1sjzkAilU4I4:WrxX5J7PbDjOQba8psjzyz

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\International\Geo\Nation	browser.exe

Executes dropped EXE 62 IoCs

pid	Process
2888	ybAEA7.tmp
3016	setup.exe
2652	setup.exe
2572	setup.exe
572	service_update.exe
1612	service_update.exe
1984	service_update.exe
2216	service_update.exe
1576	service_update.exe
2676	service_update.exe
2700	Yandex.exe
2140	clidmgr.exe
1968	clidmgr.exe
996	browser.exe
2244	browser.exe
2760	browser.exe
2260	browser.exe
2956	browser.exe
1160	browser.exe
328	browser.exe
2996	browser.exe
596	browser.exe
1004	browser.exe
2780	browser.exe
1488	browser.exe
2460	browser.exe
2920	browser.exe
2416	browser.exe
2904	browser.exe
3000	browser.exe
2248	browser.exe
1844	browser.exe
1964	browser.exe
1436	browser.exe
2900	browser.exe
1220	browser.exe
1672	browser.exe
2460	browser.exe
2964	browser.exe
1540	browser.exe
2640	browser.exe
3108	browser.exe
1720	browser.exe
2332	browser.exe
1636	browser.exe
3204	browser.exe
3780	browser.exe
1972	browser.exe
3116	browser.exe
536	browser.exe
2576	browser.exe
3348	browser.exe
1316	browser.exe
3580	browser.exe
3652	browser.exe
4020	browser.exe
4012	browser.exe
1068	browser.exe
924	browser.exe
1500	browser.exe
1944	browser.exe
3736	browser.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
2888	ybAEA7.tmp
3016	setup.exe
3016	setup.exe
3016	setup.exe
2652	setup.exe
2652	setup.exe
2652	setup.exe
572	service_update.exe
572	service_update.exe
572	service_update.exe
572	service_update.exe
572	service_update.exe
1984	service_update.exe
1984	service_update.exe
1576	service_update.exe
2652	setup.exe
2652	setup.exe
2652	setup.exe
2652	setup.exe
2652	setup.exe
2700	Yandex.exe
2652	setup.exe
2652	setup.exe
2652	setup.exe
996	browser.exe
2244	browser.exe
996	browser.exe
2760	browser.exe
2260	browser.exe
2956	browser.exe
2260	browser.exe
2956	browser.exe
2760	browser.exe
1160	browser.exe
1160	browser.exe
328	browser.exe
2260	browser.exe
2260	browser.exe
2260	browser.exe
2996	browser.exe
2996	browser.exe
328	browser.exe
596	browser.exe
596	browser.exe
1004	browser.exe
1004	browser.exe
2780	browser.exe
2780	browser.exe
1488	browser.exe
1488	browser.exe
2460	browser.exe
2460	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
2920	browser.exe
2920	browser.exe
2920	browser.exe
2920	browser.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart"	browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 5 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	browser.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui	service_update.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe	service_update.exe
File opened for modification	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\debug.log	service_update.exe
File created	C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe	service_update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Repairing Yandex Browser update service.job	service_update.exe
File created	C:\Windows\Tasks\Обновление Браузера Яндекс.job	browser.exe
File created	C:\Windows\Tasks\System update for Yandex Browser.job	service_update.exe
File created	C:\Windows\Tasks\Update for Yandex Browser.job	service_update.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 63 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	clidmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ybAEA7.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Yandex.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	service_update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	browser.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	browser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	browser.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	browser.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex	service_update.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\Yandex\UICreated_SYSTEM = "1"	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	service_update.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow	service_update.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexINFE.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexJS.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexTXT.IIPBVIGZFQ6HFTGYDCWTZQE4HI\ = "Yandex Browser TXT Document"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.css\OpenWithProgids	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexBrowser.crx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexCSS.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationCompany = "Yandex"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexHTML.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexPNG.IIPBVIGZFQ6HFTGYDCWTZQE4HI	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexWEBP.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationName = "Yandex"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexWEBP.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationName = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\SystemFileAssociations\.bmp\shell\image_search\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --image-search=\"%1\""	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.xhtml\OpenWithProgids\YandexHTML.IIPBVIGZFQ6HFTGYDCWTZQE4HI	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexEPUB.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.html\ = "YandexHTML.IIPBVIGZFQ6HFTGYDCWTZQE4HI"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexSVG.IIPBVIGZFQ6HFTGYDCWTZQE4HI	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexPNG.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\SystemFileAssociations\.tif\shell\image_search\ = "Поиск по картинке"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.epub	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.html	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexJS.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexTIFF.IIPBVIGZFQ6HFTGYDCWTZQE4HI\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexXML.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexCRX.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexTXT.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexSWF.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexFB2.IIPBVIGZFQ6HFTGYDCWTZQE4HI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexPDF.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexEPUB.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationName = "Yandex"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexINFE.IIPBVIGZFQ6HFTGYDCWTZQE4HI	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexSVG.IIPBVIGZFQ6HFTGYDCWTZQE4HI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-123"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.gif\ = "YandexGIF.IIPBVIGZFQ6HFTGYDCWTZQE4HI"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexGIF.IIPBVIGZFQ6HFTGYDCWTZQE4HI	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexSVG.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.pdf	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\SystemFileAssociations\.tif	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexINFE.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexCSS.IIPBVIGZFQ6HFTGYDCWTZQE4HI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-124"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexSVG.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexXML.IIPBVIGZFQ6HFTGYDCWTZQE4HI\ = "Yandex Browser XML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexPDF.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexFB2.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexTIFF.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\AppUserModelId = "Yandex.IIPBVIGZFQ6HFTGYDCWTZQE4HI"	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexPNG.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.gif\OpenWithProgids\YandexGIF.IIPBVIGZFQ6HFTGYDCWTZQE4HI	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexTXT.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexWEBM.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.crx\OpenWithProgids\YandexCRX.IIPBVIGZFQ6HFTGYDCWTZQE4HI	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.infected	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexCRX.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexXML.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexBrowser.crx\Application\ApplicationName = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexFB2.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationCompany = "Yandex"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexPDF.IIPBVIGZFQ6HFTGYDCWTZQE4HI\shell\open	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.txt\OpenWithProgids\YandexTXT.IIPBVIGZFQ6HFTGYDCWTZQE4HI	browser.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.crx	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexCRX.IIPBVIGZFQ6HFTGYDCWTZQE4HI\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexTIFF.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationCompany = "Yandex"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.htm\OpenWithProgids\YandexHTML.IIPBVIGZFQ6HFTGYDCWTZQE4HI	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\SystemFileAssociations\.tiff\shell\image_search\ = "Поиск по картинке"	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexCRX.IIPBVIGZFQ6HFTGYDCWTZQE4HI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-104"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexCRX.IIPBVIGZFQ6HFTGYDCWTZQE4HI	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexFB2.IIPBVIGZFQ6HFTGYDCWTZQE4HI\Application\ApplicationDescription = "Яндекс\u00a0Браузер – это быстрая и\u00a0удобная программа для\u00a0работы в\u00a0интернете и\u00a0просмотра веб-страниц."	browser.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\YandexXML.IIPBVIGZFQ6HFTGYDCWTZQE4HI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-134"	browser.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2652	setup.exe
2652	setup.exe
996	browser.exe
996	browser.exe
996	browser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe
Token: SeShutdownPrivilege	996	browser.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe
996	browser.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
996	browser.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1728	2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	28
PID 2248 wrote to memory of 1728	2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	28
PID 2248 wrote to memory of 1728	2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	28
PID 2248 wrote to memory of 1728	2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	28
PID 2248 wrote to memory of 1728	2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	28
PID 2248 wrote to memory of 1728	2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	28
PID 2248 wrote to memory of 1728	2248	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	28
PID 1728 wrote to memory of 2888	1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	32
PID 1728 wrote to memory of 2888	1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	32
PID 1728 wrote to memory of 2888	1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	32
PID 1728 wrote to memory of 2888	1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	32
PID 1728 wrote to memory of 2888	1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	32
PID 1728 wrote to memory of 2888	1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	32
PID 1728 wrote to memory of 2888	1728	9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe	32
PID 2888 wrote to memory of 3016	2888	ybAEA7.tmp	33
PID 2888 wrote to memory of 3016	2888	ybAEA7.tmp	33
PID 2888 wrote to memory of 3016	2888	ybAEA7.tmp	33
PID 2888 wrote to memory of 3016	2888	ybAEA7.tmp	33
PID 2888 wrote to memory of 3016	2888	ybAEA7.tmp	33
PID 2888 wrote to memory of 3016	2888	ybAEA7.tmp	33
PID 2888 wrote to memory of 3016	2888	ybAEA7.tmp	33
PID 3016 wrote to memory of 2652	3016	setup.exe	34
PID 3016 wrote to memory of 2652	3016	setup.exe	34
PID 3016 wrote to memory of 2652	3016	setup.exe	34
PID 3016 wrote to memory of 2652	3016	setup.exe	34
PID 3016 wrote to memory of 2652	3016	setup.exe	34
PID 3016 wrote to memory of 2652	3016	setup.exe	34
PID 3016 wrote to memory of 2652	3016	setup.exe	34
PID 2652 wrote to memory of 2572	2652	setup.exe	35
PID 2652 wrote to memory of 2572	2652	setup.exe	35
PID 2652 wrote to memory of 2572	2652	setup.exe	35
PID 2652 wrote to memory of 2572	2652	setup.exe	35
PID 2652 wrote to memory of 2572	2652	setup.exe	35
PID 2652 wrote to memory of 2572	2652	setup.exe	35
PID 2652 wrote to memory of 2572	2652	setup.exe	35
PID 2652 wrote to memory of 572	2652	setup.exe	37
PID 2652 wrote to memory of 572	2652	setup.exe	37
PID 2652 wrote to memory of 572	2652	setup.exe	37
PID 2652 wrote to memory of 572	2652	setup.exe	37
PID 2652 wrote to memory of 572	2652	setup.exe	37
PID 2652 wrote to memory of 572	2652	setup.exe	37
PID 2652 wrote to memory of 572	2652	setup.exe	37
PID 572 wrote to memory of 1612	572	service_update.exe	38
PID 572 wrote to memory of 1612	572	service_update.exe	38
PID 572 wrote to memory of 1612	572	service_update.exe	38
PID 572 wrote to memory of 1612	572	service_update.exe	38
PID 572 wrote to memory of 1612	572	service_update.exe	38
PID 572 wrote to memory of 1612	572	service_update.exe	38
PID 572 wrote to memory of 1612	572	service_update.exe	38
PID 1984 wrote to memory of 2216	1984	service_update.exe	40
PID 1984 wrote to memory of 2216	1984	service_update.exe	40
PID 1984 wrote to memory of 2216	1984	service_update.exe	40
PID 1984 wrote to memory of 2216	1984	service_update.exe	40
PID 1984 wrote to memory of 2216	1984	service_update.exe	40
PID 1984 wrote to memory of 2216	1984	service_update.exe	40
PID 1984 wrote to memory of 2216	1984	service_update.exe	40
PID 1984 wrote to memory of 1576	1984	service_update.exe	41
PID 1984 wrote to memory of 1576	1984	service_update.exe	41
PID 1984 wrote to memory of 1576	1984	service_update.exe	41
PID 1984 wrote to memory of 1576	1984	service_update.exe	41
PID 1984 wrote to memory of 1576	1984	service_update.exe	41
PID 1984 wrote to memory of 1576	1984	service_update.exe	41
PID 1984 wrote to memory of 1576	1984	service_update.exe	41
PID 1576 wrote to memory of 2676	1576	service_update.exe	42

C:\Users\Admin\AppData\Local\Temp\9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
"C:\Users\Admin\AppData\Local\Temp\9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe
  "C:\Users\Admin\AppData\Local\Temp\9e655cc6421bb0ea398418966eba1dbc26f8f6082ee4053d266bcf58d5e5c47b.exe" --parent-installer-process-id=2248 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\794c793b-3f81-49aa-8300-2906248f8330.tmp\" --brand-name=yandex --browser-present=none --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --make-browser-default-after-import --progress-window=131536 --send-statistics --testids=1045949 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\df598757-2809-41fa-b22d-a7f2eb43eb08.tmp\" --verbose-logging"
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\ybAEA7.tmp
    "C:\Users\Admin\AppData\Local\Temp\ybAEA7.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\794c793b-3f81-49aa-8300-2906248f8330.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=35 --install-start-time-no-uac=236402100 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131536 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\df598757-2809-41fa-b22d-a7f2eb43eb08.tmp" --verbose-logging
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\794c793b-3f81-49aa-8300-2906248f8330.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=35 --install-start-time-no-uac=236402100 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131536 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\df598757-2809-41fa-b22d-a7f2eb43eb08.tmp" --verbose-logging
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\794c793b-3f81-49aa-8300-2906248f8330.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=35 --install-start-time-no-uac=236402100 --installer-brand-id=yandex --installer-partner-id=exp_firstscreen_2 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=131536 --send-statistics --source=lite --testids=1045949 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\df598757-2809-41fa-b22d-a7f2eb43eb08.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=278880900
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=2652 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.2.1073 --initial-client-data=0x1b0,0x1b4,0x1b8,0x184,0x1bc,0x116ad38,0x116ad44,0x116ad50
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2572
      - C:\Windows\TEMP\sdwra_2652_19916554\service_update.exe
        
        "C:\Windows\TEMP\sdwra_2652_19916554\service_update.exe" --setup
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:572
        
        C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe
        
        "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe" --install
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
        
        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
        
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2652_1792053168\Browser-bin\clids_yandex.xml"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1968

C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe" --run-as-service
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1984 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.2.1073 --initial-client-data=0x13c,0x140,0x144,0x110,0x148,0x125f7c4,0x125f7d0,0x125f7dc
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2216
- C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe
  "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe" --update-scheduler
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1576
- - C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\24.7.2.1073\service_update.exe" --update-background-scheduler
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2676

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=131536 --install-start-time-no-uac=236402100
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:996
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=996 --annotation=metrics_client_id=75d2ca5da4514b83af0b65e25eccb569 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.2.1073 --initial-client-data=0xf4,0xf8,0xfc,0xc8,0x100,0x73eeaa44,0x73eeaa50,0x73eeaa5c
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2244
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1744,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2260
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=1560,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:6
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2760
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1908,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2272 --brver=24.7.2.1073 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2956
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Storage Service" --field-trial-handle=1916,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2440 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1160
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Audio Service" --field-trial-handle=2612,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2460 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2996
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2904,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2900 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:328
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3244,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3024 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:596
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3456,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1004
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Импорт профилей" --field-trial-handle=3844,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3860 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2780
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3948,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1488
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=4000,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4068 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2460
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --gpu-process-kind=sandboxed --field-trial-handle=1940,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4588 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2920
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=4584,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2416
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4932,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2904
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=3620,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5068 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3000
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5168,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2248
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=2760,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=5232,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5236 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1964
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3664,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1436
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5316,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5324 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2900
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5436,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5432 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1220
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5448,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5456 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1672
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5576,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5588 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1540
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5620,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5720 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2460
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5840,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5888 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1720
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=5864,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5852 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2964
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6128,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=5876 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2332
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6136,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6296 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2640
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6148,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6400 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1636
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6164,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6552 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3108
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Data Decoder Service" --field-trial-handle=6168,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=6672 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3204
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=3880,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2368 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3780
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=2952,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=3008 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4012
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Утилиты Windows" --field-trial-handle=3016,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2984 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4020
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=service --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Распаковщик файлов" --field-trial-handle=160,i,2448522518003274213,12919891438889103648,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=2524 --brver=24.7.2.1073 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3736

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --broupdater-origin=auto --bits_job_guid={26E52CF0-6A83-46A3-86AD-6964AC56B499}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:1972
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724640966 --annotation=last_update_date=1724640966 --annotation=launches_after_update=1 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1972 --annotation=metrics_client_id=75d2ca5da4514b83af0b65e25eccb569 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.2.1073 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73eeaa44,0x73eeaa50,0x73eeaa5c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3116
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1832,i,13009543812024880488,7379860967469945094,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:536
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1892,i,13009543812024880488,7379860967469945094,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1840 --brver=24.7.2.1073 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2576

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={15B81ABE-D5F3-4E9B-8EC5-D6AF92B07BC4}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:3348
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724640966 --annotation=last_update_date=1724640966 --annotation=launches_after_update=2 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=3348 --annotation=metrics_client_id=75d2ca5da4514b83af0b65e25eccb569 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.2.1073 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73eeaa44,0x73eeaa50,0x73eeaa5c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1316
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1760,i,14818780813932945002,6575150931378757429,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1756 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3580
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1952,i,14818780813932945002,6575150931378757429,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1968 --brver=24.7.2.1073 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3652

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={108853B8-A4B2-41B0-8B5A-50461585AB6E}
1⤵
- Executes dropped EXE
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
PID:1068
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1724640966 --annotation=last_update_date=1724640966 --annotation=launches_after_update=3 --annotation=machine_id=2dd7b5e4628752fb0b47757ed5724904 --annotation=main_process_pid=1068 --annotation=metrics_client_id=75d2ca5da4514b83af0b65e25eccb569 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=24.7.2.1073 --initial-client-data=0xf8,0xfc,0x100,0xcc,0x104,0x73eeaa44,0x73eeaa50,0x73eeaa5c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:924
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --gpu-process-kind=sandboxed --field-trial-handle=1704,i,17951249172744645956,16789403385339640890,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1500
- C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E5A36D52-5812-4A46-B5E7-19D43B3C6932 --brand-id=yandex --partner-id=exp_firstscreen_2 --process-name="Network Service" --field-trial-handle=1824,i,17951249172744645956,16789403385339640890,262144 --enable-features=InstallerNewIdentity2024 --variations-seed-version --mojo-platform-channel-handle=1856 --brver=24.7.2.1073 /prefetch:3
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
829B

MD5
2fbbd3c9725d135c378f175e8a93b29a

SHA1
8b6bb5477f9d693c2e0b0e1dfa995c04dd71c453

SHA256
d8cf65f277d70b2b4c37114e6a922f9c0da7354071d229d7dddfc9dde0f42eb5

SHA512
25f29dee7e06654d242948ed8704df1c134dfce0c8d95e593255107576f070b02e218b4f3827f75c1526cdc52f454eb4dd3bfaae038c8fba2cee18dc9604605a

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
2KB

MD5
994b523a4a7508816a8d573da71b2261

SHA1
48caec070b2f498d08d04d94c54491dd1c11e7ca

SHA256
6aecf0ce60eb5ac39bb6a254f68efcb0942a3c7261d0b8b4b54a49ecec671f14

SHA512
1ab5fcdd59497ebdff8e435bfa7c437ac27bf37a5604963bb9aff4ee399b6395e6b00e4c8ea0cc51191509844206778860d3340b73c80680d2c17af8dfb3dc49

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
3KB

MD5
c3f60226d402d34409336c6f6c942b4e

SHA1
2dc78df9e48695cf576303ea6a111405749d3387

SHA256
a24a754b6ca3fd4f7ac7305b76307f9415e9325ddb9e024922530bdb7131c600

SHA512
55e166a9a91c2e03eafa99c94871a134ec61fda156a1419c0ac86c5569d29cbdb244b2a4be4ce258788b384823830ccc5633d50bfca5238832755abe21fb9333

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
b4cda8094561cca4d05de3a30b04687f

SHA1
bbe753e73b6eb477ce77d132ef25bd9a04dccd6f

SHA256
9fdf2182f6b3ce93a7581c5c93f0ba4181e801c0585ec94afe377bfeae8c01ad

SHA512
321e62f6c3a813a066c19f7a8976d5187ec66cabe2c71ba825449d5b38f9be264101796732df54c92a4cc2bcaab8017cde727cee1ad9744f6ccd6145e5639f4d

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
4KB

MD5
bd05894d80c26fb75bd0a51002363e04

SHA1
bfdc57c50b7136ddc11d23de1c46554dfe150116

SHA256
7452dddad15d7a3e687f5ad115cd9ee3852a328acbfd0804b356a12d554afea8

SHA512
606f5201884f31000fcfcba626b85391f29a783a7798cf6705b68d0b7c6db9ec5a21419f50f2e2fb2ba07a05d001c3be8133f5c02215088c7eb4c43c8a6ede9c

Download Submit
C:\ProgramData\Yandex\YandexBrowser\service_update.log

Filesize
5KB

MD5
58f80b834cfc13815f322dfcc30ba584

SHA1
1a81c918a9055375caac0bd2bbff930c8fda9bc3

SHA256
6eb66918ea0212c5723645f969e809599e82c30718b8202404e1f1050ad6f79c

SHA512
0d042e8a1557cda603499bc487e748f28236cff3318e6356106b2c1ff58d92cd435da04ef1c971b888d386c46a639c547700c0e918359ad30cccc7d13e0cb457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
1KB

MD5
4d6b0b31e43786aee581e64a5d167713

SHA1
51712a8b4fbb765d20c1d7a00eba72e9fbe501c0

SHA256
639bb1bc036edac63144bdb8770005559a621e91b155e9c1f037dc08d4b26881

SHA512
346af6379affd8214edd50fb4700135e25e76611e46641794ad313e0e5b1c2b51b1fb1160171997b194ea5a7bc21e849d8911ba43720f75d4f2e84fa485bbf0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
1KB

MD5
6d39886dcfbb91cfb83708528d9cc9e5

SHA1
167e1b11741d70e3599d3cd938f93bfb778cc268

SHA256
4d7e7e66c5f0e2b4b7f0c9269dab37c8da60080da339603be1633ced0793c369

SHA512
b016305b3f81e29cfd81a50120ce2122be7e7a65614ebb2cceb21b16194f3865a5d8f2985c5bb64400348fe509d49c7c66b692e507d57b31d02208fa3538ac0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
1KB

MD5
730a6e8c8208a25abc114292a0ae5203

SHA1
99e5bdf11c116c9cd3be6cc6725cc481ace02d4c

SHA256
ac82babe7cfb669a2b98a5d28858b5babc21a6f39c22a98f42e81e292b62a536

SHA512
e441f1987bf51cf1594e073f63d99aa02531c268dda1a5d2d89636d9167ee201c50c6ba67fbfd7717d2719b579504032e60b1c59d55f1b0daad2db639937cb23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

Filesize
508B

MD5
b339991eb585991dbf15b10fd4e43684

SHA1
56c74e924a7944df99aa2f15e0442b26f65bcd46

SHA256
5809879e594588d419338209a53bc3fb5926a75ff8611bae06ddf5a549767343

SHA512
250cb74b4d8d9141350a374ede90dd1947a2144f088fc5869ae1b79129231915d4ed38c993bb4f2035695cce4f9519f60f5739b1a199a8b545b474c63294013e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_329286CE101A90C7D927A9DF52224760

Filesize
532B

MD5
81a2d1826aab686b55a04b4c6f9c9d61

SHA1
7aee2ce7badb7ec9bef042e0e85e5cab9abac7ec

SHA256
490f489ea7a7446dcadc0415aef4209e9db082b28c2c8eec4c82d8e66e5c045f

SHA512
4b86310c06cc7f54b586583827ef83eb1f4e9721712aeaaac4cf092df00b51c586484fc0e0550581bedcbd4eefbbd835efedbf8b661322ff84160056e0f984fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d05b8bf9ad1c83e7983a970f4e90342

SHA1
3f4daabe1ad7e833d440df81ebc1a9584c827c67

SHA256
8ae9ad5de6f8d0007cbf4b580649755a1906613122209dcc601a6754de85db85

SHA512
dbd437a994446c1f6d4cfa452f7e6db8d5a4a628498c413aa55595b7575f1c07cc7ef9a460e7eadf37fcb885738ed3a6cb116c3cab4a38ee69955e49f4187252

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2571e7baf1915e299c9b016ba5c286b

SHA1
95ae95c5aa46f9c3d4370a54bdbc545a5a0f7309

SHA256
9326ce1ec9d3cd0ebf76778038ad0c95ba77f50c85530036952f64e2d34e832e

SHA512
621455dbe911d442722f611efe24e47da2b232ebf0de3d0fdf4a95edbe3b5cfa41943340e054c67d2b39b51119f11fc3b656f2bd43bd7e63446da0aae5ec4d9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a40565a5581fc21c201497fc0ea252b

SHA1
5eb2059f2c573894721cea08e33e8ef2dede0869

SHA256
5af0f59b51dc682ffccfcdb7fb5e88052382841431e2f10eb494fd672d39e406

SHA512
252a0537a91f860d72a2c4c7f2d710b87a3bf2df7b573b1b15e0424167a19a403c59c1534d9e545657715fb1e83c2ce498603b4685c7fd00315b8a3fcaa822a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bfbb84f1ec45006a7283c5cfc93b697

SHA1
6d4abd96e3824efb222582310ede82d57eb09f8a

SHA256
00af7a7410ab2c8a11b6ee8565b2809727dbddaed8a62e5006632de62438a7f9

SHA512
377c581e933b5277734baea21e1561d87433d8da2122dffaaf50566a8b5cc6285fd1315165b161a737f08bb5d3e6a3e83ea0616cb0b1451de4eebbe74b93fbd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

Filesize
506B

MD5
da68eea8e284bf1ce59a92e61d9b612a

SHA1
f9ad92345c39e18adb24177ae7a6373505b223b7

SHA256
ccc27915d0904405ce39cec452773880c2d83367fb79fb054f7ceeabc847e6ac

SHA512
0c22950d1b34279c2a3636d35bd81f324272efcb889f0ba657f0d9a0c48fe4b76005a15b5429f05dea44018caeefacc91f7c959d210d1494a715a8afb2cfc251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ba9107b29307e706ad5b0733d03b4b56

SHA1
4590273a969dcb23eee82949ae41acdf30da9107

SHA256
267112e153b33252c52377f5089fe9f63487529ac3f24fba4d60c915b724588a

SHA512
254475629d31da7b9f6805c390a2ef6607c112027bc28bf1732529d672b978c504edc622fab89ec6cb92b1b0a86803b2b8055e3dce0e473f3e476a1139f713e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBCFC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\PartnerFile

Filesize
646KB

MD5
d9bdc66fdd6c3a77c7b3968c6589a364

SHA1
e54f91dacf888569d9bc4d6f16856d4cc7079512

SHA256
76b2df66a31beb76edd99e95484426ffb5855c60abbfefac859996d47955e383

SHA512
25c7ca59ae0c778ab0ff59df9ce01158629473c6b2134eba41ea883145ace24609d2c612ddd584ec7f8f7ecd5ceafdcadee8452f3e7c6831a54ca484ce863737

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3E7D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\BRAND_COMMON

Filesize
25.6MB

MD5
fb934ac6161be33dd96f997cf86a507a

SHA1
003d17d71118081f2eef7d9a6d3e497b7fe72411

SHA256
60c6fb6fb9455a80d66009ce4aab2a2e543ea365bd3249ecddc7ddff1754ed10

SHA512
8b8691bfb443a266b16b6ac64fe85391c7cbe3c52bda4cd34e63b434085a85c7225240bd0f1b52f3fde4681fba21cb64d1395b8112cfb41f28e8ebb969b60614

Download Submit
C:\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\brand_yandex

Filesize
1.8MB

MD5
a6e106db423bb4ebf5f0a2c04f8e8ece

SHA1
6f532df3a8cd93d480677f827a9c2aaf3b71e1e9

SHA256
2f140139d87e58451fe757e3ee93520316306be938cdbfbc206110f420bd937f

SHA512
26079226b49e6e5ba0cf23986325961ffd2d65e364ba27f4af3d9c3baf0cc223f9a58fd9e6301364ca4772a1af4ca6639d277149854461b4bf9af65d4ce1a003

Download Submit
C:\Users\Admin\AppData\Local\Temp\distrib_info

Filesize
348B

MD5
bc9df7047443dea70301840a777a3910

SHA1
c40098ebec800ebd4afb88774dc96e2886de3e58

SHA256
77ea9e56a40cfd1f892c08c8eb9e092a1543d2b8d583013128009d9d264a69e5

SHA512
1d8a587dfeb567bdc76515fe9d616c29c5f83722fb9ff62b4d35420a94dae20849befd847da6bc77243a4bea068007a30deb7b32bc263cb549ca257ad0149086

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
b34bebd7263246b0162f9ef665e85097

SHA1
8a2b15d38b17239d9b30abd8a596df94f45521c4

SHA256
a80e2fa8524a47ddb1be42ab61592f4182bac963ba4a755cc7466bd8571fbc1e

SHA512
aa4f763ff8a462b48137f984fc80fea1a90721e565caf36f2e7c4567119668a7ef6515702012b9b18402ca53c4ee86479af6f7984106e0068ad02a3ed533f621

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
16KB

MD5
4291a08cedd05a1af3e4b34aa175c05b

SHA1
d39efad6e0da2264012bbf1d1904744e6ed3393f

SHA256
163773c28f14828652a0680052595d0c7d4782f003f65407baca5b9ca7336e90

SHA512
82ab90f4c51aa033444ce70f8077948800417c5a66453919713d92f1ce14a1dd018a57332f48ef1e3da15ffcaaf9133fe61fefbfc5e9750e45a212301de09c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
5f3ab0fa38d4fee6945a2985f602be30

SHA1
a27e02e2dd4ad239c4bb90c6eb56010c555521f8

SHA256
e9fcf7a535c2860482bf47677cfc0f3934f4e02c34ad7f6744c180729a9735eb

SHA512
716b4f398fd5b6727d47a9917162c9d6d70ab450de1a630cb0b23f3b3653b95c5424d243d70c628993fb0119b21963725078e3354da81a06c1a012e97546e467

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
37KB

MD5
e4229adfc6b94bcc3ea4fd0af1993b2a

SHA1
4e23f17c4e4167602a3eaf2d118f700615ee1a33

SHA256
b0d832a86681ba97726f97fd4ee3f7b5f76fb6200dc02fe527426c7f31cb680a

SHA512
454c600380f537c2f15cabc97c7cf314c75e8cdfcbf68da7c53b5c869f7edafce3c57f02611fc0955253caa5259f307316c801eee333cb4cb20ebb07d5af7b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
38KB

MD5
e1ce0c1a455dd5be4fff021653b6b3f3

SHA1
4eaa3fd0dbf2a6a9c26db573f229baee419472d8

SHA256
4e4226b8cd638e2b527590650142d2ae216bca8aa7205250e40c194ee2ce43f9

SHA512
16f6def5fd23cd29728a4c5cc30fc348fd2744e1f60a1187cebcd16e27a8ff20e0fd3389215ed88b588eb0eec12be7b422befd83514a2d7d524f23254a2535f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\master_preferences

Filesize
173KB

MD5
d9a71c366d9310c4a58cf5f4d3bc2630

SHA1
365f7f78d0f7da6da581a131cb5b69216260abc9

SHA256
279406ea3b7ba2e26fa2f73325cdcdcaa63912c7a5ca7989fdbbc394be7b324b

SHA512
3fb2c9201498b791b0062768d4a786146f0935ac7edc0691a281fe6e30ccc95b765b068695630ab588bb4314e0a41972c90ef410bbe80244b1eeb5d781217257

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log

Filesize
4KB

MD5
4dc34aeaadd0a20069d4f3e18def5b40

SHA1
30d8767ceec817229a215752d855efdf6da78d38

SHA256
7ffa5f364f68f4f424b08e35085832133d746d827c7457f4b0d4dc4969bead0f

SHA512
3c286b4ebcd203c010055ad10726bf988b9703843bbde138059b0ab0350b43eee606d9525b1ca6a1ac3f62af5e1e524890ed186026201099e9ef7837c72e04c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\yandex_browser_updater.log

Filesize
5KB

MD5
5e57bbd5fcd110c0999c6dc8a258d8ea

SHA1
8742a44b20ec923b57b000a286ef25723f4922fa

SHA256
c65383c850f3f4ed17b8a6c0edee2c5bca7500fb25cd6431630d20950003c1e8

SHA512
8d93b7b399218e0978235ac0150eb337b7bcc5e082a72c0a813c05a57857a15fa1a1c01371db271fdab60cc5e90a6cd5e293d4e7ae670ef49dcac3d5648549d9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe

Filesize
615KB

MD5
17c21aea8b5821b69bf59f85916f9834

SHA1
d4844fe9e523e521b16ff00d2a97d3d4ca48e4b6

SHA256
bcaa85e114ebf62f35bde5b78e827dc7fdf66f8ace746799b18577bf932879d2

SHA512
3e6e059b47d399e0e3285f1c117ba8c88cf637454a68ba52e343649e39c2b6d621ab77081a441e515928152e1a70ff554a4107e255885e9d58337199e31e12da

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk

Filesize
1KB

MD5
0f3d6437630b4816524b1a00bdbddc82

SHA1
4ef9368e131fa772a29d8f6b718d5ed1bba86b2f

SHA256
544d1677b288f92bdd0903274c8b36c6c18c67c7176c49603fb63e506700a7fb

SHA512
c3120d7c8a03aa3db3e94938b17f1661f29f6bd59146c73d6097d7d6276c16826228ba5c33e2b0cacbf877d23719af223efcd6601107ac992778321b1c74d32b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YaPin\yandex.website

Filesize
488B

MD5
2baf611b1b6876e6c393054aa8c46a0a

SHA1
3d26e532d5b37939b51884bfb53732070c4dca9a

SHA256
5f7570144541408b41c15373bb8870e7bde53ad3c5413e2f6000e6f0e449b853

SHA512
1a0dc02bdd53e1bd49b2a72b10828463f5c8bed8a17b8498eb4ae939a40dfd8bcaeba1feac1190f5595b4da245a7aa0e4507724ef9fb74172b29581e885cd563

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.2.1073\brand_config

Filesize
8KB

MD5
4882ee5113d43c3e2374cb31269d26cb

SHA1
33ab7e915d9817d5b7edc5a86931841e8f7f6bc5

SHA256
dc96a887a26cf4c61e14b5c7bb2289820d60e7814545091ffe2ab3d77ef3b247

SHA512
888d45aba42c98d083ff9137f31f343a18e911f65f712654766da60c8f67f00688692e94b7be04f9fbc83433db0316ee456f74fe31922e89a2694c56fea2f875

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\24.7.2.1073\partner_config

Filesize
692B

MD5
cdfba8eef4c1568081d4dbbe8655f130

SHA1
caf17817d30ce68cab248e9a5ac3d92aa3efee91

SHA256
058fbd8995a1e8f491617966b7c98ef289d4e56ce424dce18bf23aad43864631

SHA512
b7a2b226ba000ae8957233449d1a8d45e8883fa2f72a35099ccf7513e520ba95a9b71fcaa6bad628a5696c081d3b1b262638c59e2c6b4f7ad850e129806a8fcc

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\YandexDictionaries\ru.bdic

Filesize
4.5MB

MD5
ac3768f0462853d08df284e67c7c4ebd

SHA1
732581ac6f2e02246696817adc53d2e2e5d0dcb5

SHA256
af2bcc135f974aad505a8f55296117dbf4cbc095931e22f424698b181d273656

SHA512
27d558deffeeefe1198aebdf65a3fef0b0f3d6b6c4177d03ff32b0363f0a2fb1b7ff6454f45dd3254427cec9174b03181c50bc51dba212e6ab0114a6e72bcf96

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

Filesize
1KB

MD5
cd47d710adc844450329fc806ac1ebb8

SHA1
aba9c77a75725ddd824c99303a76a29be71aafd6

SHA256
7e289c0b668144cf302c2fa46f494f0c1c1d90eff7db4c3fbfab18588fa1c411

SHA512
61f1b4318071458a0d31f42ccb63a51e0de167f728dd06e80a6ab6c335fbed23bfd7e2a552ff56df082ce05afa9ecb0218e5c6ecdca5091341e06c5812e76278

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.2.1073\resources\configs\all_zip

Filesize
650KB

MD5
d8ae97d444d9c32a1554bc87caa02fda

SHA1
a917805daa8330d92c163d12bf93f5cec9533285

SHA256
a214b41e747e1394a965f144970569e96fc08f89994390e9fa96987b84b0c660

SHA512
39c4a49e2c41420ea046b00c6dcc15aef492edc8c11a5028adb4479bed3c8870aac432190f20c221b8cac03bdcc682325ed452ebce42e40d2dd6f059b3107ba6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.2.1073\resources\wallpapers\sea_preview.jpg

Filesize
59KB

MD5
53ba159f3391558f90f88816c34eacc3

SHA1
0669f66168a43f35c2c6a686ce1415508318574d

SHA256
f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e

SHA512
94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\24.7.2.1073\resources\wallpapers\sea_static.jpg

Filesize
300KB

MD5
5e1d673daa7286af82eb4946047fe465

SHA1
02370e69f2a43562f367aa543e23c2750df3f001

SHA256
1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a

SHA512
03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

Filesize
48B

MD5
511e7f0e48265ad3e77c034c96307033

SHA1
7eb77e200da78a7aac74a602bc9563ecf7a8f8b8

SHA256
2e5f761d371a8b028d68047434ea63d50672911498a37a9cc4096cb84b6b40ce

SHA512
13bc330a5211a46e58ce234e9044e8cd8f1b32bf04ca13a536948b57f95a1fb0073f43e60dba09353161d5787bca72a312a70d536cbc40299fe4251df855d394

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\1651fdd8-c335-422a-9298-69a6a5357d51.tmp

Filesize
15KB

MD5
7551f32c93f1d6498ad025ad25e8be5b

SHA1
cf684be13b9b9eb96fc2e973672f4dab8c206fe3

SHA256
e4fda0f32eb8146a3ce6a565a3708ba5196b91d1a45af8d9868c5981afd96fd5

SHA512
a91140546b4eacf6ec8e01416d0200cc72ca29c55b6c51c33b2844f4d06a3955e5bc4a2e12b8bf09d62c877aa9284ad6cfb8876c3c1e7425cebba98ed949c5b2

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\633a23ca-14b5-4545-a895-a13f82e385d0.tmp

Filesize
38KB

MD5
ea66586ce2bf92d6ebc0be42beeb7034

SHA1
6a5f13ff62c44d23492e6c7acce58d22aa84cc68

SHA256
489fa7be7b3c156d14fffeef239f25a8f4e7f294d835ed582edbc6404b1632f7

SHA512
f3730c228885b117390bb61f207444a89a517cc609d704064da8352597fe36be09039108d51509b7a2073dadaa4978b76389218e47bc14af6c6513662b4ab994

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\76a1fcc0-291d-42fc-b023-c173638ac9bb.tmp

Filesize
160KB

MD5
54497ce2271deb0e673ec048b44da343

SHA1
5f886314234b7aa6a4da5efc937a9d63ed007727

SHA256
3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b

SHA512
d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
c1ca78e6b962ef819327fbf167b59b05

SHA1
a74d20ffa3726cb4bf3a72e103b45053ade3c791

SHA256
1feafadd049d56bfcd5f69df74efae34ab7480cd9d1d175669debaa79c48351c

SHA512
96232d65e64860274c02e98ca00957dafb9875a3acab40b2661b1b88bde5c01c9f1e44cdc339129cf717bfcd28dde0aa76c9ef9fc426313db54fc912ef187aab

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6c01773192c50f532c4e45653324a00

SHA1
4c2edac8a2b8ea8012b050ffb02cf5504e82e300

SHA256
eb70195d62b2c4ea861bbd07e412610462cfe3a53430a769ad674df57284d642

SHA512
fe7d339c7fb68e9fcb4868c8ef87319e79ed2abbf8cdfaf0c7853f5501a26e99a909ac7b2bc09cdcf9b81caf85253da650e6bf7ff513698c61bae8050c280680

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b658f2cb58f398bea046a5ed4d304cf

SHA1
596280bfe0212c88fcc2f166c6378b91d1c0a49a

SHA256
8821e857b480d121587191e073841523e0ec283cc68fc2d0141b702c65218836

SHA512
b49527123b21b35e7701e4e0edd73f7a2097749aba107fca8ef441922fa7761dda61ffe8273ff8147ba3582e9d704fbf69f47eeb5ffdb5c68aa74157a3b40c3d

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd8497ed9cd2b3cc0cc3e20fe440f08d

SHA1
87e7e94f266a26307e80e33b768448a93d363c52

SHA256
c8d8cca334eef02fed946723c7c3946f31e4303cd16cfd96ac3b262f8c00c741

SHA512
5ff663648ae44efb0ba72e5f965d79d6743493af55fc45739d921e97e29545121768121ae58239bfde2eba226c1a5c9a3ffac78b949ad21c636407ac4da3a410

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5560cc6e69782607031709bdc5681d14

SHA1
763c70c8bbaae26a19871c217bef93ac2bbc5c78

SHA256
63a935d78b6535385542aea1ca955384fe8c7351df6ddd72ea544d877fb526cc

SHA512
d2792bed674d13fb69d4ec0c4568cc551e8356d30424d739818cd88d321dfe39563f7382efdc55cc301976acba2bd8962186a9c751d79fce6b8a8e4425c6ff6b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4654de667e2806cef008cbd7b33fab2b

SHA1
82299b9603e253297f81e98b3a83c574239805bf

SHA256
fec9945770d022613c306b0034f1d5d31f54955265f6f93129a12955781b0395

SHA512
63b3dd472afebd36fbc279b1cc2a6cd81d37959a2f6eb9bcc0eb447f4169200feb26a7dfd9791dfab667d2d1a2769bc097f791b124bdbeec2d727949246fa6e6

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
11KB

MD5
7d2493aa1e45a2d0caa742e548c5c506

SHA1
e2b1f51829bfceaf6d9a5a2d029c59b9c646cdad

SHA256
74c2d231b98a8fe1e7b44bf484f082670c3d83537f4be5624e3deded166c6c45

SHA512
d78f3a823587e5dfcd72729f2b54636cb80cc6cd0cde1053759d0a03a6b0c3d2be94ae241c9f6547f9df45208d32e0f483ec9c1c5b81619b23e1c340276ab9a9

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
14KB

MD5
3b38a1c1e1adec6599cbe1e83f85def6

SHA1
f41d010150358fde1ca09163109a74f650c222ac

SHA256
7e23463e8b949448c8a42d6daba03d389fb598ded0721b3452231ae4740c18a4

SHA512
23b728a027d560ad5d0e8a1cb5f3311e9afc8b0122b651959d1c1d5ff0822716853d705f408e7449f1de1a5333ea6bde6431fee2f73d41821cec3017df143dae

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

Filesize
7KB

MD5
dfe3ab5f4eeee0f505fd476f7532c6d8

SHA1
1dffe28657c29f35eee54d032b63c62142fb900d

SHA256
c56a9ecfbe70be9b0ad7f85d46facb966460f4d95d468df9cafe3bfc41782524

SHA512
3d344a6ccbefc580188c9e9ba7817e9d1e22f164b1aabf9598cddc6050b071a8e4208e1a6767d52d4f1c7039ba438f9a95a85e5e54fe46c28114a76e0b9126ff

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Site Characteristics Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Sync Data\LevelDB\CURRENT~RFf77aed5.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Tablo Cache\data_1

Filesize
264KB

MD5
4d9da5989e25bdeec2c11accf7103078

SHA1
4f14f31b062d0c6690e9e2116f598bcaa9c50ad3

SHA256
9951769830a927ac2cfa4eb2ca0d8fab3f4233b82a6e3efa486df2cf10081d67

SHA512
41437b871233b4731abf0a327d1220bd68882a668b782e7ffbb1228f6dd8625d768d8cbf939358e5c198e2f9e391367606e7830e36e07af5211ecd90f7799152

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\b1433531-0ba4-49a5-80da-cb5df44c9e7e\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\picture-13369114568425400

Filesize
536KB

MD5
3bf3da7f6d26223edf5567ee9343cd57

SHA1
50b8deaf89c88e23ef59edbb972c233df53498a2

SHA256
2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896

SHA512
fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Wallpapers\store\preview-13369114568425400

Filesize
5KB

MD5
9f6a43a5a7a5c4c7c7f9768249cbcb63

SHA1
36043c3244d9f76f27d2ff2d4c91c20b35e4452a

SHA256
add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b

SHA512
56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

Filesize
13.5MB

MD5
5d9ad58399fbef9be94190d149c2f863

SHA1
45f3674f0425d58d9ffc5d9001ff6754f357543c

SHA256
2903aec9f77378fa19280af8ff89294fb9ce2caf8e0092c69e19973c0a9cc6fe

SHA512
9a9532cce2de086d5934235d21d27b8a0863ae902a81151a728364aebe044faef5e5805d64efe68d67a5a5aaf408f74954d08f10c6a011dc9ea82c629339d3b0

Download Submit
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\de650e35-371c-43ba-8be3-3f3c62902e34.tmp

Filesize
194KB

MD5
106ebc09c22695242d159a76d2ac0524

SHA1
15a06153a3e2f99054d2c2b2a718f90621c77bac

SHA256
6a75c332e062de93fbd48a4aa399cdc0ddc4c9139fa58ecc11de0c7d3fe2f917

SHA512
8a4e3b0e2f6d2df17e9a2a316f53c4f55bc5db9d790b5dc2c1cf81555e7fed80b1233f14c7be4323774c5b9573ad2adad29c681ebe36f9730e8a971dc909dc07

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk

Filesize
2KB

MD5
52889122b81e97d3411fa163575d6ad9

SHA1
9db026e0a1332dfc7b72cdeb97e86101ad19e75a

SHA256
800d5e5ded9c41feb02e000a2ebb3cb42554a93605cc894f95df0b32aee9fcfe

SHA512
ad0723e2890c4e4a51ebbf1b5a3f93dc933b2f1c24af1076ea40270c2a0f6b030dcfbc63da1689e03734296a12dbf6d721ee59ac6e7e1b387e02486857a05b3d

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
b0aff1a98520b4c6c27e40cf31a1d8d9

SHA1
4ddeb45133464131f7d38b042da6b9d3af97466b

SHA256
3ec75f504fa7a615650e336ad6cfa492d2865b2c76d6fd5ee6cfe13d93b987a7

SHA512
daf02d2d4d7050a792f0c58a4b037e1f909ccfba8291b6d5785f47747efdc758f002298809587eec9ca228c723f046d08ac63308cd17c1594be242338c8365c7

Download Submit
\Users\Admin\AppData\Local\Temp\YB_6AA47.tmp\setup.exe

Filesize
3.9MB

MD5
7c2f17e9ec308d8b87a00bc8899dd9eb

SHA1
6cde84848f91f1bb918ad3f949ff6b8b6fda48e1

SHA256
b3ce89e00e4c6113151e8f4ffa926437b84cc51ceb81023ef8c9c22d53e57e79

SHA512
275a3e8bcfec80dcca1ffef27904af650dfee73cba97d5fc4497063d5ef057c1fdee7e3c03cbd73974e210b3110d5f8e85a9470a4a340dbb39b988c51f2e3346

Download Submit
\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

Filesize
3.7MB

MD5
0d2735fe641f05d5afca182ab5feee22

SHA1
b926e92664bbc6baaeccc7cc40f6d7d5068518b4

SHA256
8752d02f75049fa6a8ff2060155a78482d5f32893791af029d12e2801ba06383

SHA512
afe5e597d8719395517d479b00d57f19086ba4d2e67619a22fff68757188747173a24a06029458fa6779cc39c69b0a172580e599219822cb85404d6f53644e4f

Download Submit
\Windows\Temp\sdwra_2652_19916554\service_update.exe

Filesize
2.3MB

MD5
7d411b8111753c087b1803dd7859569c

SHA1
374819fa1b5f5e5e622dcd861144a3f15856d000

SHA256
ae2323d84817e66a6e2ee85c054f0d99696891bc880d3bb0eb7dc568cf8890e4

SHA512
4998294cf2953a982e2a4b5dd449a825f58b1814baa3826075cad5e816ff88cf9c66a0d33e3828d1d1c55a5ae7a9096574c02e0f61f8fcccb7f67a83ccf9c793

Download Submit
memory/2260-1555-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2416-2576-0x0000000006900000-0x0000000006F15000-memory.dmp

Filesize
6.1MB

Download
memory/2416-2577-0x0000000006900000-0x0000000006F15000-memory.dmp

Filesize
6.1MB

Download
memory/2416-2578-0x0000000006900000-0x0000000006F15000-memory.dmp

Filesize
6.1MB

Download
memory/2416-2579-0x0000000006F20000-0x0000000006F21000-memory.dmp

Filesize
4KB

Download
memory/2416-2575-0x00000000068F0000-0x00000000068F1000-memory.dmp

Filesize
4KB

Download
memory/2652-1431-0x0000000002B80000-0x0000000002B82000-memory.dmp

Filesize
8KB

Download