Overview

overview

8

Static

static

Yandex.exe

windows7-x64

8

Yandex.exe

windows10-1703-x64

8

Yandex.exe

windows10-2004-x64

8

Resubmissions

17-10-2022 19:36

221017-ybkpeacgf7 10

17-10-2022 17:27

221017-v1ye1scfdl 8

17-10-2022 14:10

221017-rg6qhacbgq 8

Analysis

  • max time kernel
    1800s
  • max time network
    1802s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-10-2022 14:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yandex.exe

  • Size

    2.4MB

  • MD5

    09bb3df23630c9111a5860cb96bde6ad

  • SHA1

    217d78e392e7ef295596862175eb353977a85738

  • SHA256

    e36891d982acaa5b12e27cf55fae3581e29dd0ef35d0dd98ae93296034b5177e

  • SHA512

    8a216eac67b5d4bc54781a166cd48ab8a68e0b983fb346c14030eca060046fe7484f76fa4eb006164c5781684cad82f7d29afaf9514e70c81feffe70df402f31

  • SSDEEP

    49152:CsEpJsMKSCZrcPEGuW9Q+iA5H5u8QeuL:CsEpuBZrcPEGuWMxt

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Checks computer location settings 2 TTPs 18 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 18 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 18 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 14 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 55 IoCs
  • Suspicious use of SendNotifyMessage 47 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
    "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
      "C:\Users\Admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=2084 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\25987f12-adc5-4ed1-b647-e7a321eb628d.tmp\" --brand-name=yandex --create-alice-shortcut-in-taskbar --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --make-browser-default-after-import --ok-button-pressed-time=420131664 --progress-window=459186 --send-statistics --the-interface-availability=190411288 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\8c46e0ce-0349-4801-9ab4-33a6e3e452e5.tmp\" --verbose-logging"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1876
      • C:\Users\Admin\AppData\Local\Temp\yb7498.tmp
        "C:\Users\Admin\AppData\Local\Temp\yb7498.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\25987f12-adc5-4ed1-b647-e7a321eb628d.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --create-alice-shortcut-in-taskbar --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=41 --install-start-time-no-uac=420866058 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=420131664 --progress-window=459186 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\8c46e0ce-0349-4801-9ab4-33a6e3e452e5.tmp" --verbose-logging
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2304
        • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\25987f12-adc5-4ed1-b647-e7a321eb628d.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --create-alice-shortcut-in-taskbar --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=41 --install-start-time-no-uac=420866058 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=420131664 --progress-window=459186 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\8c46e0ce-0349-4801-9ab4-33a6e3e452e5.tmp" --verbose-logging
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:3460
          • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\25987f12-adc5-4ed1-b647-e7a321eb628d.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --create-alice-shortcut-in-taskbar --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=41 --install-start-time-no-uac=420866058 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=420131664 --progress-window=459186 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\8c46e0ce-0349-4801-9ab4-33a6e3e452e5.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=446990842
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:4868
            • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe
              C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4868 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x338,0x33c,0x340,0x334,0x344,0x9221d8,0x9221e8,0x9221f4
              6⤵
              • Executes dropped EXE
              PID:3624
            • C:\Windows\TEMP\sdwra_4868_1942489870\service_update.exe
              "C:\Windows\TEMP\sdwra_4868_1942489870\service_update.exe" --setup
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2164
              • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --install
                7⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:1676
            • C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_511774629\explorer.exe
              "C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_511774629\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:1116
              • C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_511774629\explorer.exe
                C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_511774629\explorer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1116 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x12321d8,0x12321e8,0x12321f4
                7⤵
                • Executes dropped EXE
                PID:2248
            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
              C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Suspicious use of WriteProcessMemory
              PID:4568
              • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
                7⤵
                • Executes dropped EXE
                • Checks computer location settings
                • Suspicious use of FindShellTrayWindow
                PID:4336
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
              6⤵
              • Executes dropped EXE
              PID:628
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source4868_1089754797\Browser-bin\clids_yandex.xml"
              6⤵
              • Executes dropped EXE
              PID:4692
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:3436
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source4868_1089754797\Browser-bin\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:1840
            • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\SEARCHBAND.EXE
              "C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\SEARCHBAND.EXE" /forcequiet
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:3688
  • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --run-as-service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4992 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x797ae8,0x797af8,0x797b04
      2⤵
      • Executes dropped EXE
      PID:4280
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-scheduler
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4416
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-background-scheduler
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        PID:5028
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=0FBB20C6_9D2F_40A1_B639_6455DCDFCB04/*
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:4488
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4132
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 29573BCF3CB0834F98834420514659F0
      2⤵
      • Loads dropped DLL
      PID:4496
  • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe
    "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe" /install
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2264
    • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe
      "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe" /auto
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3284
      • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\crashreporter64.exe
        C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\crashreporter64.exe
        3⤵
        • Executes dropped EXE
        PID:4456
      • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe
        "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe" /update-check
        3⤵
        • Modifies Internet Explorer settings
        PID:1840
        • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe
          "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe" /update-install
          4⤵
          • Checks computer location settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1740
          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe
            "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe" /auto
            5⤵
            • Adds Run key to start application
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            PID:5180
            • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\crashreporter64.exe
              C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\crashreporter64.exe
              6⤵
                PID:6044
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=459186 --ok-button-pressed-time=420131664 --install-start-time-no-uac=420866058
      1⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4492
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=4492 --annotation=metrics_client_id=d1230ac14709496ca8a57bd58c455906 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x724ea3b0,0x724ea3c0,0x724ea3cc
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:4408
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2740
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1932 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4972
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=2320 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4912
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=2864 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:3064
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Video Capture" --mojo-platform-channel-handle=3120 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4808
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3424 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:628
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe" --set-as-default-browser
        2⤵
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        PID:4712
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe
          C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4712 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x9121d8,0x9121e8,0x9121f4
          3⤵
          • Executes dropped EXE
          PID:1560
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3652 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4696
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4032 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:988
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4980
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=4380 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1136
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5056 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2844
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=5352 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4208
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=5172 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4364
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=5900 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:5156
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe" --uninstall
        2⤵
        • Executes dropped EXE
        PID:5204
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=6472 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5240
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=6152 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5364
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=4572 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
        2⤵
          PID:5544
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5144 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5616
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6716 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5708
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6704 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5744
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5720 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5804
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5808 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5872
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6512 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5724
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6636 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:5936
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3772 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:6048
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6996 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:6108
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7000 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5248
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7008 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:4128
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7016 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5380
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6644 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:5984
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7024 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:2088
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7048 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:3500
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7056 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5552
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7064 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5624
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7072 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5788
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7084 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5896
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7184 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
          2⤵
            PID:5960
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7304 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
            2⤵
              PID:6020
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7352 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
              2⤵
                PID:5988
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7624 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                2⤵
                  PID:1976
                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7648 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                  2⤵
                    PID:1048
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8148 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                    2⤵
                      PID:712
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=4424 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
                      2⤵
                      • Checks computer location settings
                      PID:5576
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=4772 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                      2⤵
                        PID:5292
                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=5124 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                        2⤵
                          PID:4716
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=2552 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                          2⤵
                            PID:5992
                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=1664 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                            2⤵
                              PID:5776
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=2768 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                              2⤵
                                PID:5808
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=1820 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                2⤵
                                  PID:6060
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1672 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                  2⤵
                                    PID:6104
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=4416 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:1
                                    2⤵
                                    • Checks computer location settings
                                    PID:5148
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5384 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                    2⤵
                                      PID:5224
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6028 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                      2⤵
                                        PID:628
                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6192 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                        2⤵
                                          PID:3440
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=spell_checker.mojom.SpellChecker --lang=ru --service-sandbox-type=utility --utility-enable-offline-spellchecker --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Проверка правописания" --mojo-platform-channel-handle=2020 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                          2⤵
                                            PID:5188
                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1212 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                            2⤵
                                              PID:3788
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2416 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 --enable-elf-protection /prefetch:2
                                              2⤵
                                                PID:3364
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8144 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                2⤵
                                                  PID:2260
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2404 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                  2⤵
                                                    PID:4232
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=7780 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                    2⤵
                                                      PID:2388
                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3692 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                      2⤵
                                                        PID:4872
                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=9264 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                        2⤵
                                                          PID:4684
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2376 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                          2⤵
                                                            PID:5172
                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6028 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                            2⤵
                                                              PID:5176
                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3696 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                              2⤵
                                                                PID:3528
                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=9188 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                                2⤵
                                                                  PID:5692
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe" /uid:"797e9f22-d279-426e-b96c-179d6caffe2d" /yandex_uid:"1646081041666015949" /version:"21.2.26.0" /lang:"ru" /browser:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" /iv:"1" /report_dir:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport" /browser_user_silent_detect /detect_report_html:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport\DetectReport.html"
                                                                  2⤵
                                                                    PID:4860
                                                                    • C:\Users\Admin\AppData\Local\Temp\YandexRescueTool\bct.exe
                                                                      /session:L3VpZDo3OTdlOWYyMi1kMjc5LTQyNmUtYjk2Yy0xNzlkNmNhZmZlMmQgL3lhbmRleF91aWQ6MTY0NjA4MTA0MTY2NjAxNTk0OSAvdmVyc2lvbjoyMS4yLjI2LjAgL2xhbmc6cnUgL2Jyb3dzZXI6QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxBcHBsaWNhdGlvblxicm93c2VyLmV4ZSAvaXY6MSAvcmVwb3J0X2RpcjoiQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxVc2VyIERhdGFcUmVzY3VlVG9vbFJlcG9ydCIgL2Jyb3dzZXJfdXNlcl9zaWxlbnRfZGV0ZWN0IC9kZXRlY3RfcmVwb3J0X2h0bWw6IkM6XFVzZXJzXEFkbWluXEFwcERhdGFcTG9jYWxcWWFuZGV4XFlhbmRleEJyb3dzZXJcVXNlciBEYXRhXFJlc2N1ZVRvb2xSZXBvcnRcRGV0ZWN0UmVwb3J0Lmh0bWwiIC9icm93c2VyX2J1aWxkIC9ub19ndWkgL3NjYW5fbW9kZTpkZXRlY3QgL25vX2xhdW5jaF91YWMgL2NsaWQ6YnJvIC9wYXJlbnRfcGlkOjQ4NjA=
                                                                      3⤵
                                                                      • Drops file in System32 directory
                                                                      PID:5524
                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=hips_info_provider.mojom.HipsInfoProvider --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name=hips_info_provider.mojom.HipsInfoProvider --mojo-platform-channel-handle=5956 --field-trial-handle=1972,i,8060516131497429811,3170034736668733916,131072 /prefetch:8
                                                                    2⤵
                                                                    • Checks whether UAC is enabled
                                                                    PID:932
                                                                • C:\Windows\SysWOW64\DllHost.exe
                                                                  C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                  1⤵
                                                                    PID:2700
                                                                  • C:\Windows\system32\AUDIODG.EXE
                                                                    C:\Windows\system32\AUDIODG.EXE 0x4f0 0x470
                                                                    1⤵
                                                                      PID:4296
                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --bits_job_guid={4FC3AE6E-49E7-4A50-92E5-4F29022FF33A}
                                                                      1⤵
                                                                      • Enumerates system info in registry
                                                                      PID:6004
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666023145 --annotation=last_update_date=1666023145 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=6004 --annotation=metrics_client_id=d1230ac14709496ca8a57bd58c455906 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x724ea3b0,0x724ea3c0,0x724ea3cc
                                                                        2⤵
                                                                          PID:6132
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1788 --field-trial-handle=1816,i,16938850265858228812,5946396326221479054,131072 /prefetch:2
                                                                          2⤵
                                                                          • Executes dropped EXE
                                                                          • Loads dropped DLL
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:5544
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1984 --field-trial-handle=1816,i,16938850265858228812,5946396326221479054,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:5844
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={25A51996-F332-4885-8AB9-784FF6553245}
                                                                          1⤵
                                                                          • Enumerates system info in registry
                                                                          PID:1464
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666023145 --annotation=last_update_date=1666023145 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1464 --annotation=metrics_client_id=d1230ac14709496ca8a57bd58c455906 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x724ea3b0,0x724ea3c0,0x724ea3cc
                                                                            2⤵
                                                                              PID:5224
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1776 --field-trial-handle=2096,i,1691904253368277240,16209413725121762434,131072 /prefetch:2
                                                                              2⤵
                                                                                PID:5832
                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1908 --field-trial-handle=2096,i,1691904253368277240,16209413725121762434,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:5912
                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={BF7B474D-0815-41C0-A4B8-61A3D03F9459}
                                                                                1⤵
                                                                                • Enumerates system info in registry
                                                                                PID:5740
                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666023145 --annotation=last_update_date=1666023145 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5740 --annotation=metrics_client_id=d1230ac14709496ca8a57bd58c455906 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x724ea3b0,0x724ea3c0,0x724ea3cc
                                                                                  2⤵
                                                                                    PID:2844
                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1892 --field-trial-handle=1980,i,12054299226668567944,11461224200853622233,131072 /prefetch:2
                                                                                    2⤵
                                                                                      PID:6028
                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=797E9F22-D279-426E-B96C-179D6CAFFE2D --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2064 --field-trial-handle=1980,i,12054299226668567944,11461224200853622233,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:5524
                                                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                      1⤵
                                                                                        PID:5864

                                                                                      Network

                                                                                      MITRE ATT&CK Matrix ATT&CK v6

                                                                                      Initial Access

                                                                                      Execution

                                                                                      Persistence

                                                                                      Registry Run Keys / Startup Folder

                                                                                      1
                                                                                      T1060

                                                                                      Privilege Escalation

                                                                                      Defense Evasion

                                                                                      Modify Registry

                                                                                      3
                                                                                      T1112

                                                                                      Install Root Certificate

                                                                                      1
                                                                                      T1130

                                                                                      Credential Access

                                                                                      Credentials in Files

                                                                                      1
                                                                                      T1081

                                                                                      Discovery

                                                                                      Query Registry

                                                                                      4
                                                                                      T1012

                                                                                      System Information Discovery

                                                                                      5
                                                                                      T1082

                                                                                      Peripheral Device Discovery

                                                                                      1
                                                                                      T1120

                                                                                      Lateral Movement

                                                                                      Collection

                                                                                      Data from Local System

                                                                                      1
                                                                                      T1005

                                                                                      Exfiltration

                                                                                      Command and Control

                                                                                      Impact

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        8905590db933109e0c695ee91c664772

                                                                                        SHA1

                                                                                        58a79eaca1c13ccdaf6839b9f731538fb944208f

                                                                                        SHA256

                                                                                        b6e676905808610be7398ddfad44a8883a980e2e8ea6f800a94d04e131d62527

                                                                                        SHA512

                                                                                        2156158dbb8a9bc976a82fc4649ff077acf1b19c6834acf58604cbf571e1692124822b716fb0ab4ed3c01fae96763d6a50388f76a6c95986ce0ed153c0e749c4

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        8616b422e9c2b2e839bfdad6cccbaf66

                                                                                        SHA1

                                                                                        02f026232c476f6ef9db76137badc89b201d1f8f

                                                                                        SHA256

                                                                                        25280fc06456ef7b5982adadda7039392283d01dc49752114258addd3cbac7f8

                                                                                        SHA512

                                                                                        96a077648067adce37e5ab9dd1766e8e4478f01a1151cc3dd10423c020f2ddf1c7c5ce898b99dfac64f62e49250fe95ea8029563780e361f5990290332399807

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        8616b422e9c2b2e839bfdad6cccbaf66

                                                                                        SHA1

                                                                                        02f026232c476f6ef9db76137badc89b201d1f8f

                                                                                        SHA256

                                                                                        25280fc06456ef7b5982adadda7039392283d01dc49752114258addd3cbac7f8

                                                                                        SHA512

                                                                                        96a077648067adce37e5ab9dd1766e8e4478f01a1151cc3dd10423c020f2ddf1c7c5ce898b99dfac64f62e49250fe95ea8029563780e361f5990290332399807

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        8616b422e9c2b2e839bfdad6cccbaf66

                                                                                        SHA1

                                                                                        02f026232c476f6ef9db76137badc89b201d1f8f

                                                                                        SHA256

                                                                                        25280fc06456ef7b5982adadda7039392283d01dc49752114258addd3cbac7f8

                                                                                        SHA512

                                                                                        96a077648067adce37e5ab9dd1766e8e4478f01a1151cc3dd10423c020f2ddf1c7c5ce898b99dfac64f62e49250fe95ea8029563780e361f5990290332399807

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        1d43dcebe92fcfdc9bc2304e8faf30a8

                                                                                        SHA1

                                                                                        fe943794593211128bb04383c92eeb48123ef1f0

                                                                                        SHA256

                                                                                        c08f50cfba43d377e117747dfdcc7528911f185525c3a065661bbec971414911

                                                                                        SHA512

                                                                                        0bcf33d134aa449c837cec2af48e5cbb137b68815e12f3e67ab182037e2cf2829f737f6a078d9cb87940890383d20882e019713505c0c98b655c5a57c8c35d04

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        f589441078b04077dd3aedaeaafe0e9a

                                                                                        SHA1

                                                                                        99c61782e1bd15002dac445c3abff7885d5b709c

                                                                                        SHA256

                                                                                        caafa56bc1b37b963d52937f7a1e9fee619af47952a95399c1a046cef3ce9bae

                                                                                        SHA512

                                                                                        11cab375d5b33a47d00ae0848d09bedcb7a1c6c7e085e090c25d93148590201098aef5ef7dcbf9a5f11a1aa9ea3b58e376911147507ffa2cc47202899dcc8c26

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        bf55e66152a5d33dd838015670e1a717

                                                                                        SHA1

                                                                                        bd8c50ee092099bd1d0a2af9daceb49feed7515d

                                                                                        SHA256

                                                                                        415ed20ce06f0a44645ea35784ff99c1312ef4c350648b7fa55bb902aaad56a4

                                                                                        SHA512

                                                                                        2d78d1732bc583e0a6e99a6d00143c9b797555dab2e68a056ff6cd390cc8c270de360463a40fc347b69839142af02c09db32d7b22be8d2d2e6e75e7b8c993655

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        ee371c2cb437776ffbcce9d182e02466

                                                                                        SHA1

                                                                                        3d20524b6f18e47fe5f820223c68d4f8242e11e5

                                                                                        SHA256

                                                                                        35fed9cad21b2111eda2098cee9b21815452de0548d03d3a39ecb1d7f342e690

                                                                                        SHA512

                                                                                        f5ab37c28a4d943468e50176ca7550ff2a22a1734db1c816ade69360562adf11623ce22540866c37e8b997cf3ca8b2f78cacb36a10a0264423ee4ccf8dd851a3

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        70fe48ce0945ed919a9e2d1f378bd454

                                                                                        SHA1

                                                                                        0057f920c4ac8c12e610cddc4fc81bf78be08053

                                                                                        SHA256

                                                                                        356aac63bb1f334e15b5f4215a68157ab7009592c8c05d6b69371b2ab666ebb7

                                                                                        SHA512

                                                                                        3f3eeaecf72aac1a448c7dd676ad1debb49f272288a8c1ebda28bb9b5fab0eecbcf85213748df928751d06e0a9ac0520d24f1e58ac0fc11379dc520030acdf02

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        fa122394a6d322597c39243573bc0244

                                                                                        SHA1

                                                                                        7f93127263b609925c95cc3b4ececc8fc0aa835c

                                                                                        SHA256

                                                                                        c1fff81968e468d43c46cadedc4efe84dad06b5eafaa0e8735902820b1634e47

                                                                                        SHA512

                                                                                        c920b195e6651bf0f8d7eca1cdb67f37526809f1f251fd9b3561ca02a983b9add9e1297abdf5b8e76a10638e8a4bff91106e23e5a9fa3da93adea969faa72589

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        8KB

                                                                                        MD5

                                                                                        d6395b0f66a6a29794bdc12f8d7c2546

                                                                                        SHA1

                                                                                        c0da0f99ecf2e2e9814868945836115c994ea21b

                                                                                        SHA256

                                                                                        9cb360e3821e5b7eed64a2f323b9dcf179ce0305a658bc322cdfe954ca77f355

                                                                                        SHA512

                                                                                        e544b1d50caeaa3f97f84401830a4fa04f965b089631a0c573eca923a09ac6597488c5b63bec78a1953f137d4306574a8656714e2ed7017300503b791362eb4e

                                                                                        Download Submit
                                                                                      • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                        Filesize

                                                                                        9KB

                                                                                        MD5

                                                                                        5124a75d9ec8cf2b29b4a063db21ed94

                                                                                        SHA1

                                                                                        2ba8c4819bbe81d8bacf2439818d91e65063a0c5

                                                                                        SHA256

                                                                                        c20ebd301d2e36f20040660c32daf68648f0407eb004c2a1ce01e580a663f27d

                                                                                        SHA512

                                                                                        38d500247035e82f8de2c238c2017d1119a78da07709d16948413a82ea0a8ad5760d627be3c6a6b1093b67fe5e7794bfafb46a29ee28fca7d06af31063f9acfe

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        23f9423cf524effb7face1eb98d52a8c

                                                                                        SHA1

                                                                                        eb955023494ed7a84206ef31f949abe63dd68be2

                                                                                        SHA256

                                                                                        665e08a4aa1f6a4dc2407396b4ddac675dace1af690d87a988d013afe4c47651

                                                                                        SHA512

                                                                                        987cfed79741992d50cffea008903772c3eec9bcb17a6edb2656935e8796ef5d168f7a98df101c36ff8160f5d6ed608bd139d43f15502c993f49a862263b4416

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        702336d313fa6f1bc13a50f29e3b81f5

                                                                                        SHA1

                                                                                        432c93866ab439af4625329205a69a91d3f68f39

                                                                                        SHA256

                                                                                        d28fe506481585650dd7337c1e620b07f7aa469cfc19f30b9d271ccfcfaf061f

                                                                                        SHA512

                                                                                        8fc04d083fb27b5e1a0b4b10fe93d4c3420b356d2a7a8870d502803a6d3882f474ddf42ac567e1c64858bdedced9e50a85175ec46f2dca002845437652b5c4bc

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        823de32c84c2baf818b7de475520ecba

                                                                                        SHA1

                                                                                        80ed0a0396cb7fc09249b2e7cb01f60cde331c7c

                                                                                        SHA256

                                                                                        c38283d9d2292fd2fc270a8e445d44797c4e5169e2f59a5769e53cde0af104e1

                                                                                        SHA512

                                                                                        904294988a1fb57821a17daff7e75ac8d9d1dd8cb0d6a8082be2f117fc379ec3472240935ca3187b436ce2adb6f7facb3c3f8ff60b40360a94cc829f00a134cc

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                        Filesize

                                                                                        727B

                                                                                        MD5

                                                                                        3dc4181e96e768b9f4bbf41d1afa1dc1

                                                                                        SHA1

                                                                                        9ee79c2f26bf520c4e8a3b36daff9ce8e6e3cca8

                                                                                        SHA256

                                                                                        a72e1936399b803b5c282aa625b1dd2e3c924897ba728887035ebd30a4e9eae4

                                                                                        SHA512

                                                                                        8c6c6ec2b6513697995aac13b9f946a7f5442cea77d0d3053ae9cf0d7dedd6942c8eceabfcd0380156403002bea026b3b18d4926fec92a146faf41f0144a7958

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                        Filesize

                                                                                        471B

                                                                                        MD5

                                                                                        da5a9f149955d936a31dc5e456666aac

                                                                                        SHA1

                                                                                        195238d41c1e13448f349f43bb295ef2d55cb47a

                                                                                        SHA256

                                                                                        79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

                                                                                        SHA512

                                                                                        60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        02314b49c485931487cbf65bbb941e27

                                                                                        SHA1

                                                                                        00b077929a8749f26e3c8d7c44af4bb68a584ecf

                                                                                        SHA256

                                                                                        4345a9a343cba6c888918ca8d3166056b80ec313a511174af18a4e0b2f9bcc01

                                                                                        SHA512

                                                                                        1df80e9ed10abf24ae2662f3112b8737492ad5d4c2f6232b19b3fc036c2595a67f828673e774ad0ab09b336bd8feee09a9506d087ec6a5788036da5b98eac441

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                        Filesize

                                                                                        1KB

                                                                                        MD5

                                                                                        33fb8b8ae9693b689843bf76ca8292ef

                                                                                        SHA1

                                                                                        cb79cf07c005d51ab9b194c002dc0ba69457a70d

                                                                                        SHA256

                                                                                        7567f15a528544618bc2112ce991866f5048b046b42c67d18ea1807bddfa7a9c

                                                                                        SHA512

                                                                                        bd3fb67c20272bca3d5aac6e420c6a719191bebb8d278fdd293546167a4615182fff97fb1f76985709441924d58ac2af99c0f94eb7c475aa9be1cb5910e35a11

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                        Filesize

                                                                                        727B

                                                                                        MD5

                                                                                        61c5ee28e0ed1b62787302ea7c2da960

                                                                                        SHA1

                                                                                        a1176b0bbbe42255802e481fa75d8f5a4819697e

                                                                                        SHA256

                                                                                        f3218c6b9ea5e247e70df55b4f208123b103b5196dc5b46991a48052bf026e8f

                                                                                        SHA512

                                                                                        b1af06478913f340bba4e394364f3f8e5b8cdb7f806e8d6597d173047ca1c955f3f755450d00b2739a9a5598b7c58a809127b84bf1191656b599bddbc35339ef

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                        Filesize

                                                                                        508B

                                                                                        MD5

                                                                                        008ef7cfde0c82129caff29e3e75a300

                                                                                        SHA1

                                                                                        286043eac4a633dc50d9c742c0225854870e4072

                                                                                        SHA256

                                                                                        f325172cce5b3f6d1a141a059b5a418ae67c75760fa6a1922aa6bad109bd3748

                                                                                        SHA512

                                                                                        7a6f9ebc4ba32ac774d360bb57a46e6a9f2d7d1ea2baf1faee376eb6627d7544f28b68e83e61761edc12aff956d153f3c16c39d0c7b200b2d597f2857de40061

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                        Filesize

                                                                                        536B

                                                                                        MD5

                                                                                        6cbcd32b1675eed3001107c0027b483a

                                                                                        SHA1

                                                                                        9372e312bebe437a319293f7041cfeeb35922569

                                                                                        SHA256

                                                                                        bd371a00316662047071945a7b530d486d2450773325c1826042e6624f991dd0

                                                                                        SHA512

                                                                                        5448e75bab8a2d3ff2539f80b0d8a83213aebb16a17cdee4ab05c0ea8b350e57b93277ba637da48bac8220b7d0ac657c2f2e9ed2b003ea8b66b6f8fdd0f0632c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                                        Filesize

                                                                                        540B

                                                                                        MD5

                                                                                        7840827fcb9fd239f68c5c81c3d263e3

                                                                                        SHA1

                                                                                        10dc41eba0f63ea2c46546ff90eacfaeae3371b0

                                                                                        SHA256

                                                                                        dee923c41995514055b2a317c4a240c6cd0818419e25eeebe9a06aa37ecff2f5

                                                                                        SHA512

                                                                                        8997883a2c004cf952b707f8b2e47822ee7ccccad254ce1e7a7a563fb77508e3641ba3e19bcc4cf5be94937898403578a4d2808d469d4026e0d88c12d0684e28

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                        Filesize

                                                                                        434B

                                                                                        MD5

                                                                                        528b7978986e6994a92c2ddade80b571

                                                                                        SHA1

                                                                                        f720c4692d0d74e4d738832217008f0196367b8e

                                                                                        SHA256

                                                                                        27007985c5c6be2002eb85d5b3f344582a623d56902abe361fada7564245c466

                                                                                        SHA512

                                                                                        cb4d08fed70a307f67493d755e3f7543d75d3ea228ea273b4a34128147f242482247404f5f912a8a9f276c718b5f4dda160559b822df32d684f9d5e5ea52298c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                        Filesize

                                                                                        430B

                                                                                        MD5

                                                                                        8f6f88cde08641cfaca4c69a42a6166f

                                                                                        SHA1

                                                                                        fff048432a354b0097e066bdb2436bee758a6390

                                                                                        SHA256

                                                                                        423289675b030829f28a0d40ed677e3f2e43f06a6db9935dfe5c2ccbc8aa9fde

                                                                                        SHA512

                                                                                        e00d06bd20554afe48d324bb88d7320468a3cbb07a5daab546a06257d935425e672376e0c0cd0e1d0d4fbc92cc5fc816a91eab215bfead74c62416c9e9feda51

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                                        Filesize

                                                                                        536B

                                                                                        MD5

                                                                                        86f89f20a7162cf606959275b7497cdb

                                                                                        SHA1

                                                                                        e5283aee24997fa682d9cb27806a2915a1f5f19e

                                                                                        SHA256

                                                                                        91a6d83f5c1208a82bbb32abfe64a4d9fc81260158ffbba7160e0c613e83fcfe

                                                                                        SHA512

                                                                                        2198eda005655132bd92ffd0356138d20f36308cca65f6cfc11244036a3e879d7b2dd31ec17572031a329397b50ebd83c41aeefa46822c9fb89091dd6a8f4d04

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                        Filesize

                                                                                        506B

                                                                                        MD5

                                                                                        2c179b11000cc0a36e0dbe6a5f9e7905

                                                                                        SHA1

                                                                                        f7dccf198576050d0e38ea8fa70b8fdd91dcbd9b

                                                                                        SHA256

                                                                                        2db9c7d95181d39be5002e311fda8e648ce813fa817540989f01b1b2ad21f6bd

                                                                                        SHA512

                                                                                        3916aefd2a9ca75a9e50f161ff205f77baf27997e9e3c0ec9ca2525de3d967c1160dcf2631d87d8857ebf8fcb98522d04bf5763527bb3ca31eb91a522f1aa1b0

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                        Filesize

                                                                                        442B

                                                                                        MD5

                                                                                        314c781527280a911c91fd1579ef335f

                                                                                        SHA1

                                                                                        8a90003089b329d403db6d1337633574b9afa623

                                                                                        SHA256

                                                                                        d1c6033b14f2eddb3deff33d2039cdaee0ca84706c0224d3bafaf5fdd7b265db

                                                                                        SHA512

                                                                                        587aec415b86ca350b2071fa5edb06a5bf538b54679151da48510c2e185c835d2c9d8838c24057d7614f8408b1187860bf827a5085961d29ec2da6f9da987dad

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\BRAND_COMMON
                                                                                        Filesize

                                                                                        23.3MB

                                                                                        MD5

                                                                                        105d3263b0bca342b425fc45702c8856

                                                                                        SHA1

                                                                                        00180722d29af289bb7d2138a52b9d784ce367da

                                                                                        SHA256

                                                                                        7547bc1f22cb361a4e644f899f8494faa013e15f05b75b77e1ea596532dc4fee

                                                                                        SHA512

                                                                                        f6d3a7a25af1c10bbf5fb18b406f30c2c7d92778731f6b6d3eb6f181bc7854e920f99e1f55d2fdc0484bd1bd9bb13942ef13da85d1823c1f5cba16568cb45efb

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\BROWSER.PACKED.7Z
                                                                                        Filesize

                                                                                        90.8MB

                                                                                        MD5

                                                                                        5e99de825a34c299b8eef00c8d475e3d

                                                                                        SHA1

                                                                                        6fc1d9ef19f3d2aae0fb4ac596afbb24b408d83d

                                                                                        SHA256

                                                                                        6f945efb7783b3ba9b8b48ffef9dc62322d11d51c401bbeaa1cf0aebf768b4ed

                                                                                        SHA512

                                                                                        dd272ce4dd7f4529fb4b4a182cab7fa63bae0f455ea5bf843888c59d9fc13d1564b0f436b5afcd2c3d449979dcd82e0c71f45b6ae54e41e1ebbb649dd060e68a

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\brand_yandex
                                                                                        Filesize

                                                                                        2.1MB

                                                                                        MD5

                                                                                        cff7f43a37e2081aa5271b2e42e20699

                                                                                        SHA1

                                                                                        9d50fec6b4b583e6b90cbc6906bb6838ded606d8

                                                                                        SHA256

                                                                                        58ee5e657246dadd99f6194ffe082a27a8896aaa4500ff6773054a3929a912fd

                                                                                        SHA512

                                                                                        4eb33ae0d9c9afb8116c9454b1ce06cefc6f59f21463ba9c04d45ed09b3fe61d1ef3aee1570e92d2657d4f6d33a603288f5ff5c04464bb6da75e16002763e2de

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe
                                                                                        Filesize

                                                                                        3.9MB

                                                                                        MD5

                                                                                        7600b48ce4fb19c29eae3079d826c699

                                                                                        SHA1

                                                                                        9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                        SHA256

                                                                                        f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                        SHA512

                                                                                        1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe
                                                                                        Filesize

                                                                                        3.9MB

                                                                                        MD5

                                                                                        7600b48ce4fb19c29eae3079d826c699

                                                                                        SHA1

                                                                                        9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                        SHA256

                                                                                        f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                        SHA512

                                                                                        1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe
                                                                                        Filesize

                                                                                        3.9MB

                                                                                        MD5

                                                                                        7600b48ce4fb19c29eae3079d826c699

                                                                                        SHA1

                                                                                        9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                        SHA256

                                                                                        f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                        SHA512

                                                                                        1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_DCFA5.tmp\setup.exe
                                                                                        Filesize

                                                                                        3.9MB

                                                                                        MD5

                                                                                        7600b48ce4fb19c29eae3079d826c699

                                                                                        SHA1

                                                                                        9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                        SHA256

                                                                                        f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                        SHA512

                                                                                        1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\clids.xml
                                                                                        Filesize

                                                                                        599B

                                                                                        MD5

                                                                                        dae47d5fb36af27a9869750c11f52494

                                                                                        SHA1

                                                                                        366629747a061c7bd6a6883f5364734cecfc697a

                                                                                        SHA256

                                                                                        37ec2fcea5119863c67d94c2d269ec242e294cb76c9674e793d7280b6fd13c90

                                                                                        SHA512

                                                                                        6937d3a2f3c4ecd3544a473a79808f1932e036cbafe6bff11d51f5d131fd8b6e594dbdfb254f96f49177cac5517e536bc14d855beaf3c81349ddbf7324bf79b4

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\distrib_info
                                                                                        Filesize

                                                                                        293B

                                                                                        MD5

                                                                                        5ff4663cf4ed5b1c4c7e84ae7a26484b

                                                                                        SHA1

                                                                                        738deb4f237c34acab7ecf6a2899c7bd94ecd34a

                                                                                        SHA256

                                                                                        f69eb6cd9983e819f7c1273598046ace4ef35c97cc651b89b460bb05dbd58c81

                                                                                        SHA512

                                                                                        f9f7a15bd4d811d0a0a986d24b18d76434f89f81f6554cf0f707a0298a26f0732389e85394d186dd22a6c0306b8568c94d5583891196328e0e3945f44af59bbc

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        b29e11b9d1ce0b0d1c1f1b0b59867d62

                                                                                        SHA1

                                                                                        5a4da4874b398663297c14465524e01e04a1bb7d

                                                                                        SHA256

                                                                                        06c74dbb518562048f5631bdef869d940eee8ff6ed77b2e97ecbf3ff7fa07309

                                                                                        SHA512

                                                                                        50edd83d30a354e06f8f479319e2e6352f31baf1879ce62523e1c275fb9c27257f92d53470353b9cbab307c69cb15064a27d2f1036f6eeb389f11c64c5e795fb

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                        Filesize

                                                                                        13KB

                                                                                        MD5

                                                                                        dae49deb7222bc3220fc69a3091834da

                                                                                        SHA1

                                                                                        a65cdd9aed0b7dd83fbd07d0f592537ec36f0195

                                                                                        SHA256

                                                                                        393c201539676f735d350f1a5e21dfe5f1d252e4cce864fcad34109adef1eab6

                                                                                        SHA512

                                                                                        df1a2f1f16918a50f58d0ba68212cc5b4385184fbe0f97bb57a6d3070fa5d5b05ff766c533fac196ad5c84fb76b18728c2c402cceffa273df2f29c7d2bf02ed5

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                        Filesize

                                                                                        25KB

                                                                                        MD5

                                                                                        e62c506874653458ec23a99d4704df95

                                                                                        SHA1

                                                                                        5a4192568cb21f260ceb786dcbc3b3a54d535793

                                                                                        SHA256

                                                                                        fe9aff5b2b09088f1e3aca4a24a3fa3510ac066873265d05d7d19d47a48d9812

                                                                                        SHA512

                                                                                        b9a4703427cbafad8cef40d51f5ffd72e83734b60db6ef582a682b9154894f82fef1a17bba5d82dbe629a0228d8b236f3bd586524bb80a1592b3ec6f04433a65

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                        Filesize

                                                                                        26KB

                                                                                        MD5

                                                                                        b256388e05fc22e883ada7af3ff22c18

                                                                                        SHA1

                                                                                        3837c5298c2fd10ccafc56e7946ac1e02f729f7e

                                                                                        SHA256

                                                                                        5de6822edb726f7eeb9962b3b9c9b189a2c258d24f2378899cdc85ec24c9eb44

                                                                                        SHA512

                                                                                        b74704c7f259ad45c2f502fb1f7510fa5a47bf983610d95f2c1f90d176f87d3228930bee57838c741bbc9b99ce59cf28672688ed6d1b357338e3e07caaeaeaf1

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                        Filesize

                                                                                        129KB

                                                                                        MD5

                                                                                        517cebb5d922c6be230ce63948323b5e

                                                                                        SHA1

                                                                                        42cdd2f94dd6258441645e831552fc609e801e44

                                                                                        SHA256

                                                                                        fdd8fee19d1fb229f1bd4e6cdf703c69cda41278191165f337af6542c66847da

                                                                                        SHA512

                                                                                        c43e59415c5d8f3d0a842f273326348cc3593226183285bf006c4772a21430907c675e50451e3d6f4c72bc3febff1d34a57654bd8bc6c8e59da1bcc6e84d6a6e

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                        Filesize

                                                                                        129KB

                                                                                        MD5

                                                                                        517cebb5d922c6be230ce63948323b5e

                                                                                        SHA1

                                                                                        42cdd2f94dd6258441645e831552fc609e801e44

                                                                                        SHA256

                                                                                        fdd8fee19d1fb229f1bd4e6cdf703c69cda41278191165f337af6542c66847da

                                                                                        SHA512

                                                                                        c43e59415c5d8f3d0a842f273326348cc3593226183285bf006c4772a21430907c675e50451e3d6f4c72bc3febff1d34a57654bd8bc6c8e59da1bcc6e84d6a6e

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_511774629\explorer.exe
                                                                                        Filesize

                                                                                        3.9MB

                                                                                        MD5

                                                                                        7600b48ce4fb19c29eae3079d826c699

                                                                                        SHA1

                                                                                        9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                        SHA256

                                                                                        f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                        SHA512

                                                                                        1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_511774629\explorer.exe
                                                                                        Filesize

                                                                                        3.9MB

                                                                                        MD5

                                                                                        7600b48ce4fb19c29eae3079d826c699

                                                                                        SHA1

                                                                                        9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                        SHA256

                                                                                        f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                        SHA512

                                                                                        1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\website.ico
                                                                                        MD5

                                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                                        SHA1

                                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                        SHA256

                                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                        SHA512

                                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                        Filesize

                                                                                        5KB

                                                                                        MD5

                                                                                        e4b61bd5d38bc6ea7146ed52d92a8531

                                                                                        SHA1

                                                                                        29f33be893cf81b9fc216f21d550d5180440ad92

                                                                                        SHA256

                                                                                        320021c9a10f451dbf43363618db61e3aab6a5be05a4d9a32ccea461884fcd26

                                                                                        SHA512

                                                                                        b4d84e583dd3e944d79551b59b992fdea83c44da4ebe95c3b9b0eb6da6660c2ee8b169612cebbe9951fe60b309616ac6a004e47b0b212eef75b9654fb9bae276

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                        Filesize

                                                                                        23KB

                                                                                        MD5

                                                                                        a4f5b614423dacca5e4830e4dfcf0bb5

                                                                                        SHA1

                                                                                        cac4ffa25aa6e7057d593859fcfbcd3be9bdf2b5

                                                                                        SHA256

                                                                                        168a49c604bd87d3728c6de7478d189335099bec2039000f856f66d632987c36

                                                                                        SHA512

                                                                                        4fdced2de7aeb9d7e6f1f918bc7cc7ed13a3e55da7826bdc5dbef5d77ab1764fc8037c61ab788c113cff29d22d4cff8e83576155c4f8ef508b7cb8a86ef9f439

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Temp\yb7498.tmp
                                                                                        Filesize

                                                                                        149.8MB

                                                                                        MD5

                                                                                        ff228e3e10f4d98d961e8a361861180d

                                                                                        SHA1

                                                                                        30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                        SHA256

                                                                                        b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                        SHA512

                                                                                        1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                        Filesize

                                                                                        591KB

                                                                                        MD5

                                                                                        10d2e0956493b129149705225fa3efb3

                                                                                        SHA1

                                                                                        547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                                        SHA256

                                                                                        a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                                        SHA512

                                                                                        df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                        Filesize

                                                                                        591KB

                                                                                        MD5

                                                                                        10d2e0956493b129149705225fa3efb3

                                                                                        SHA1

                                                                                        547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                                        SHA256

                                                                                        a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                                        SHA512

                                                                                        df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                        Filesize

                                                                                        3.8MB

                                                                                        MD5

                                                                                        2fadcc66fdf395c8fd19a424745a855c

                                                                                        SHA1

                                                                                        b40174f66741be5f5afc814b3797dd5af7891b30

                                                                                        SHA256

                                                                                        d43da70412b55377532192ab6658074bd73592ab1552a1bb53edf823ee655972

                                                                                        SHA512

                                                                                        3ac2d369e2708309bac2796071bbd53c32fb462ea0373898c5701d3d776b4ce573eb28275148cebff2f2602cf8922f4dd7ddd9ecc533988a1a05e8578b6b6633

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        48B

                                                                                        MD5

                                                                                        53defde96d71bf145204a5a94adc20c0

                                                                                        SHA1

                                                                                        6e453d3b81d6fbeaef7a5a72479eb3fecf73b559

                                                                                        SHA256

                                                                                        53e2bbea814bb4e3d7288d766faf7bad0a2679f61f1594eee70abc68636ce417

                                                                                        SHA512

                                                                                        7d26801aac372dfa76bbb95296e0ee98bbde9ac240b7f6b1654bd76d28a68af17109cc776215329d91010ae898fc02b4f878fb65f030ada59ff7d45d1c978409

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        c5d9b590f9c57fddebc9f5f66978e317

                                                                                        SHA1

                                                                                        7934d13ae194aaa755e2526f8d65f5f84992ed22

                                                                                        SHA256

                                                                                        0721b5bd3db5cdaa3a8d07df1b80e4f3bdaaec0cae1d84ba7d3974589e79bc91

                                                                                        SHA512

                                                                                        2cfe18467076fe83303f0aecfe47296d94767177788e3e0c881483b3013cae42b56dd75756b10d69f03c2edebe2783cc187e4efab3d2ae7d21fb2f68046908ad

                                                                                        Download Submit
                                                                                      • C:\Users\Admin\AppData\Roaming\Yandex\ui
                                                                                        Filesize

                                                                                        38B

                                                                                        MD5

                                                                                        97c6166e6431a2822921230dcd22739c

                                                                                        SHA1

                                                                                        409ccca3fc91a114b06374ac6fdfe8b801981625

                                                                                        SHA256

                                                                                        481d93ef662d7755766d48bc6606b783ca1a42f174611711215767182fb3abdf

                                                                                        SHA512

                                                                                        8ba1e2937be3f35381e42c9a5adce9b7fd25ca516cff1ec66a868f287df4f3ba2ecf7d513b57a044dba2b833787086435cc5e05eb8d39f9b8ffeac089cdd3b54

                                                                                        Download Submit
                                                                                      • C:\Windows\TEMP\sdwra_4868_1942489870\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • C:\Windows\Temp\sdwra_4868_1942489870\service_update.exe
                                                                                        Filesize

                                                                                        2.6MB

                                                                                        MD5

                                                                                        f5aef523c78f170e1c01c7d2bd80d207

                                                                                        SHA1

                                                                                        97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                        SHA256

                                                                                        48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                        SHA512

                                                                                        f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                        Download Submit
                                                                                      • memory/628-210-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/628-229-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/988-241-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/1116-196-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/1136-245-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/1560-235-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/1676-174-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/1840-213-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/1876-132-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/2088-344-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/2164-171-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/2248-199-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/2304-138-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/2740-218-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/2844-250-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/3064-225-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/3284-248-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/3436-212-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/3460-140-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/3500-349-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/3624-148-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/3688-214-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4128-334-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4208-254-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4280-178-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4336-209-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4364-260-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4408-216-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4416-183-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4456-265-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4488-193-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4496-215-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4568-206-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4692-211-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4696-233-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4712-230-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4808-226-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4868-144-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4912-222-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4972-220-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/4980-243-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5028-186-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5156-267-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5204-268-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5240-270-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5248-329-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5364-276-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5380-339-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5544-280-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5552-354-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5616-282-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5624-359-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5708-287-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5724-290-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5744-293-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5788-364-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5804-299-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5872-304-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5896-369-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5936-308-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5960-374-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/5984-313-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/6048-318-0x0000000000000000-mapping.dmp
                                                                                        Download
                                                                                      • memory/6108-324-0x0000000000000000-mapping.dmp
                                                                                        Download