Overview

overview

8

Static

static

Yandex.exe

windows7-x64

8

Yandex.exe

windows10-1703-x64

8

Yandex.exe

windows10-2004-x64

8

Resubmissions

17-10-2022 19:36

221017-ybkpeacgf7 10

17-10-2022 17:27

221017-v1ye1scfdl 8

17-10-2022 14:10

221017-rg6qhacbgq 8

Analysis

  • max time kernel
    1800s
  • max time network
    1804s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-10-2022 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yandex.exe

  • Size

    2.4MB

  • MD5

    09bb3df23630c9111a5860cb96bde6ad

  • SHA1

    217d78e392e7ef295596862175eb353977a85738

  • SHA256

    e36891d982acaa5b12e27cf55fae3581e29dd0ef35d0dd98ae93296034b5177e

  • SHA512

    8a216eac67b5d4bc54781a166cd48ab8a68e0b983fb346c14030eca060046fe7484f76fa4eb006164c5781684cad82f7d29afaf9514e70c81feffe70df402f31

  • SSDEEP

    49152:CsEpJsMKSCZrcPEGuW9Q+iA5H5u8QeuL:CsEpuBZrcPEGuWMxt

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Checks computer location settings 2 TTPs 16 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 18 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
    "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4412
    • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
      "C:\Users\Admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=4412 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\0098e551-9fe3-43b3-8610-9b3bc5aff72b.tmp\" --brand-name=yandex --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --make-browser-default-after-import --ok-button-pressed-time=429860205 --progress-window=524740 --send-statistics --the-interface-availability=190411288 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\a936df5d-3cd4-48a5-8573-64c21ff3c42f.tmp\" --verbose-logging"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3588
      • C:\Users\Admin\AppData\Local\Temp\ybC662.tmp
        "C:\Users\Admin\AppData\Local\Temp\ybC662.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0098e551-9fe3-43b3-8610-9b3bc5aff72b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=21 --install-start-time-no-uac=431578968 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=429860205 --progress-window=524740 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\a936df5d-3cd4-48a5-8573-64c21ff3c42f.tmp" --verbose-logging
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4128
        • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0098e551-9fe3-43b3-8610-9b3bc5aff72b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=21 --install-start-time-no-uac=431578968 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=429860205 --progress-window=524740 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\a936df5d-3cd4-48a5-8573-64c21ff3c42f.tmp" --verbose-logging
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:5060
          • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\0098e551-9fe3-43b3-8610-9b3bc5aff72b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=21 --install-start-time-no-uac=431578968 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=429860205 --progress-window=524740 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\a936df5d-3cd4-48a5-8573-64c21ff3c42f.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=448637865
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:920
            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe
              C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=920 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0xf421d8,0xf421e8,0xf421f4
              6⤵
              • Executes dropped EXE
              PID:2704
            • C:\Windows\TEMP\sdwra_920_538777569\service_update.exe
              "C:\Windows\TEMP\sdwra_920_538777569\service_update.exe" --setup
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:3908
              • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --install
                7⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:4580
            • C:\Users\Admin\AppData\Local\Temp\scoped_dir920_2018283978\explorer.exe
              "C:\Users\Admin\AppData\Local\Temp\scoped_dir920_2018283978\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:2400
              • C:\Users\Admin\AppData\Local\Temp\scoped_dir920_2018283978\explorer.exe
                C:\Users\Admin\AppData\Local\Temp\scoped_dir920_2018283978\explorer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=2400 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x11721d8,0x11721e8,0x11721f4
                7⤵
                • Executes dropped EXE
                PID:3944
            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
              C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Suspicious use of WriteProcessMemory
              PID:1644
              • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
                7⤵
                • Executes dropped EXE
                • Checks computer location settings
                • Modifies registry class
                • Suspicious use of FindShellTrayWindow
                PID:3988
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
              6⤵
              • Executes dropped EXE
              PID:1476
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source920_2141629344\Browser-bin\clids_yandex.xml"
              6⤵
              • Executes dropped EXE
              PID:1880
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:2436
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source920_2141629344\Browser-bin\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:1412
  • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --run-as-service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4192
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4192 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0xb47ae8,0xb47af8,0xb47b04
      2⤵
      • Executes dropped EXE
      PID:4900
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-scheduler
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4836
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-background-scheduler
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        PID:3916
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=9E024AB6_17B9_4159_825C_9006814D7FF6/*
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:4908
  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=524740 --ok-button-pressed-time=429860205 --install-start-time-no-uac=431578968
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=3404 --annotation=metrics_client_id=10356a2c98d94dbdb51bd29734467d07 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x7221a3b0,0x7221a3c0,0x7221a3cc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:60
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1608
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2132 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:976
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=2292 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4376
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=2932 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4104
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3348 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1808
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe" --set-as-default-browser
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      PID:3940
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe
        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=3940 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0xda21d8,0xda21e8,0xda21f4
        3⤵
        • Executes dropped EXE
        PID:4940
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Video Capture" --mojo-platform-channel-handle=3376 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:100
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3492 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4744
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3940 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1452
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=4288 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1884
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=4328 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1392
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4592 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1504
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4652 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4624
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=4436 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2240
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3752 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
      2⤵
        PID:1868
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe" --uninstall
        2⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3376
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4352 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:3800
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5476 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4656
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=3620 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4952
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5364 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
        2⤵
          PID:1692
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4756 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:1480
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4428 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:1868
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6676 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:2524
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5276 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5168
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5888 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5236
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4816 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5300
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6816 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5336
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6548 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5392
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6568 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5440
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6572 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          PID:5500
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6828 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:5588
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4444 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:5616
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6764 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:5664
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6700 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5752
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6392 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5844
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6948 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5908
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6592 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5968
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=7080 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:6024
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6996 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:6076
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7128 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:6140
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6372 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:5228
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7096 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
          2⤵
            PID:5368
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6836 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
            2⤵
            • Executes dropped EXE
            PID:5788
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=7844 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
            2⤵
              PID:5884
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=4408 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
              2⤵
              • Checks computer location settings
              PID:5344
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=7436 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
              2⤵
                PID:5060
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=9256 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                2⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious behavior: EnumeratesProcesses
                PID:1692
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=828 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                2⤵
                  PID:5188
                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=5656 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                  2⤵
                    PID:5312
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=3484 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                    2⤵
                      PID:5216
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=2732 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                      2⤵
                        PID:5272
                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2660 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                        2⤵
                          PID:2164
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=8988 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:1
                          2⤵
                          • Checks computer location settings
                          PID:5516
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4964 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                          2⤵
                            PID:5804
                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1152 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                            2⤵
                              PID:5916
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1064 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                              2⤵
                                PID:5976
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1760 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                2⤵
                                  PID:5704
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=spell_checker.mojom.SpellChecker --lang=ru --service-sandbox-type=utility --utility-enable-offline-spellchecker --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Проверка правописания" --mojo-platform-channel-handle=5752 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                  2⤵
                                    PID:5328
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 --enable-elf-protection /prefetch:2
                                    2⤵
                                      PID:5476
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1776 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                      2⤵
                                        PID:3128
                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5160 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                        2⤵
                                          PID:5324
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2348 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                          2⤵
                                            PID:1836
                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=9336 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                            2⤵
                                              PID:4364
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2392 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                              2⤵
                                                PID:1408
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2620 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                                2⤵
                                                  PID:1344
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2404 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                                  2⤵
                                                    PID:3688
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2704 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                                    2⤵
                                                      PID:2440
                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=9352 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                                      2⤵
                                                        PID:5860
                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8944 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                                        2⤵
                                                          PID:2096
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=autofill.mojom.TflPredictionsService --lang=ru --service-sandbox-type=utility --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Autofill Tfl Predictions" --mojo-platform-channel-handle=1064 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                                          2⤵
                                                            PID:4952
                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe
                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe" /uid:"1a0d581e-472c-4a4b-837f-156ac85a7213" /yandex_uid:"5063166661666027763" /version:"21.2.26.0" /lang:"ru" /browser:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" /iv:"1" /report_dir:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport" /browser_user_silent_detect /detect_report_html:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport\DetectReport.html"
                                                            2⤵
                                                              PID:5372
                                                              • C:\Users\Admin\AppData\Local\Temp\YandexRescueTool\bct.exe
                                                                /session:L3VpZDoxYTBkNTgxZS00NzJjLTRhNGItODM3Zi0xNTZhYzg1YTcyMTMgL3lhbmRleF91aWQ6NTA2MzE2NjY2MTY2NjAyNzc2MyAvdmVyc2lvbjoyMS4yLjI2LjAgL2xhbmc6cnUgL2Jyb3dzZXI6QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxBcHBsaWNhdGlvblxicm93c2VyLmV4ZSAvaXY6MSAvcmVwb3J0X2RpcjoiQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxVc2VyIERhdGFcUmVzY3VlVG9vbFJlcG9ydCIgL2Jyb3dzZXJfdXNlcl9zaWxlbnRfZGV0ZWN0IC9kZXRlY3RfcmVwb3J0X2h0bWw6IkM6XFVzZXJzXEFkbWluXEFwcERhdGFcTG9jYWxcWWFuZGV4XFlhbmRleEJyb3dzZXJcVXNlciBEYXRhXFJlc2N1ZVRvb2xSZXBvcnRcRGV0ZWN0UmVwb3J0Lmh0bWwiIC9icm93c2VyX2J1aWxkIC9ub19ndWkgL3NjYW5fbW9kZTpkZXRlY3QgL25vX2xhdW5jaF91YWMgL2NsaWQ6YnJvIC9wYXJlbnRfcGlkOjUzNzI=
                                                                3⤵
                                                                • Drops file in System32 directory
                                                                PID:2808
                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=hips_info_provider.mojom.HipsInfoProvider --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name=hips_info_provider.mojom.HipsInfoProvider --mojo-platform-channel-handle=7740 --field-trial-handle=1936,i,17134764299181237975,8913101229102291111,131072 /prefetch:8
                                                              2⤵
                                                              • Checks whether UAC is enabled
                                                              PID:3672
                                                          • C:\Windows\system32\AUDIODG.EXE
                                                            C:\Windows\system32\AUDIODG.EXE 0x4cc 0x4f8
                                                            1⤵
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:3716
                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --bits_job_guid={6FD8CE98-7300-4284-8B77-76AE44FBB53B}
                                                            1⤵
                                                            • Enumerates system info in registry
                                                            PID:5912
                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                              C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666027756 --annotation=last_update_date=1666027756 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5912 --annotation=metrics_client_id=10356a2c98d94dbdb51bd29734467d07 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7221a3b0,0x7221a3c0,0x7221a3cc
                                                              2⤵
                                                                PID:6100
                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1832 --field-trial-handle=2024,i,11179578910379591704,12918710275907981854,131072 /prefetch:2
                                                                2⤵
                                                                  PID:5512
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2108 --field-trial-handle=2024,i,11179578910379591704,12918710275907981854,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:1656
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={628583D3-DE4D-42FB-886C-19FDA972C7DF}
                                                                  1⤵
                                                                  • Enumerates system info in registry
                                                                  PID:5292
                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666027756 --annotation=last_update_date=1666027756 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5292 --annotation=metrics_client_id=10356a2c98d94dbdb51bd29734467d07 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7221a3b0,0x7221a3c0,0x7221a3cc
                                                                    2⤵
                                                                      PID:5352
                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1848 --field-trial-handle=2100,i,17454197804141425210,3494255068242110323,131072 /prefetch:2
                                                                      2⤵
                                                                        PID:5812
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2044 --field-trial-handle=2100,i,17454197804141425210,3494255068242110323,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:5840
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={2D2CB5C1-EDF7-4518-BBB8-18DB2196386C}
                                                                        1⤵
                                                                        • Enumerates system info in registry
                                                                        PID:5404
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666027756 --annotation=last_update_date=1666027756 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5404 --annotation=metrics_client_id=10356a2c98d94dbdb51bd29734467d07 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7221a3b0,0x7221a3c0,0x7221a3cc
                                                                          2⤵
                                                                            PID:5788
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1760 --field-trial-handle=2112,i,4925944982182890648,15836988796196716402,131072 /prefetch:2
                                                                            2⤵
                                                                              PID:3376
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=1A0D581E-472C-4A4B-837F-156AC85A7213 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1912 --field-trial-handle=2112,i,4925944982182890648,15836988796196716402,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:2484

                                                                            Network

                                                                            MITRE ATT&CK Matrix ATT&CK v6

                                                                            Initial Access

                                                                            Execution

                                                                            Persistence

                                                                            Registry Run Keys / Startup Folder

                                                                            1
                                                                            T1060

                                                                            Privilege Escalation

                                                                            Defense Evasion

                                                                            Modify Registry

                                                                            2
                                                                            T1112

                                                                            Install Root Certificate

                                                                            1
                                                                            T1130

                                                                            Credential Access

                                                                            Credentials in Files

                                                                            1
                                                                            T1081

                                                                            Discovery

                                                                            Query Registry

                                                                            3
                                                                            T1012

                                                                            System Information Discovery

                                                                            4
                                                                            T1082

                                                                            Lateral Movement

                                                                            Collection

                                                                            Data from Local System

                                                                            1
                                                                            T1005

                                                                            Exfiltration

                                                                            Command and Control

                                                                            Impact

                                                                            Replay Monitor

                                                                            Loading Replay Monitor...

                                                                            Downloads

                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              540B

                                                                              MD5

                                                                              547748a89b3bc19898a0368965e50e03

                                                                              SHA1

                                                                              ae8ec1fbbe991ae2b3a520bb21bb204f6138079e

                                                                              SHA256

                                                                              57d3095ed5eea9a16b5cb5c6b410382ceff8e6898e7b8402c9deab167d46f1c2

                                                                              SHA512

                                                                              defb144d2674cbe0d909473e038c199f197b0567c05754ba2cc05a0e84ede1d5d18720d89e042a2c7ba8155bffce5b30eff3e97100e2ed3fa4abba382f6934ef

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              745a01c2033a75211c471c941bd498dd

                                                                              SHA1

                                                                              ee4da96cf1843ea5d81ecc0aca2a2e53c1fa0fa5

                                                                              SHA256

                                                                              33f529f58ec7e1606719ba71e10537f2686bad1f2f384c4e146ac424409fe1ac

                                                                              SHA512

                                                                              345d74f21136b03bc767dbb266c42aa539663033a18dc891f007f94901a2e690388683a653976d02af9b3d1302613351cca25d4fc4fca4ab7e703f59c7afc97d

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              f7bdf55725ebc0f8c9d669ea181365d3

                                                                              SHA1

                                                                              fd45c17c8acc053d713ffd95a0ae1871eb965443

                                                                              SHA256

                                                                              2f6a5929373ed38904024a9b4a35fbf1fa156aee95be5b39657e0be17c8704ad

                                                                              SHA512

                                                                              ae31b75d6118ea7589988e44b31b9f7d5c963f57f1762e7edbb5771e750b0eba34e632d94ed681cdd15d91486ac60537a16e6c8e02b626f4f956087675389a8e

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              8e8d362d157cc4f2efe225bfff6f9bfa

                                                                              SHA1

                                                                              e06ba8da0d05dab18ca4f557b48e5e8b6ac9bdab

                                                                              SHA256

                                                                              f9609d593c9869d6e2c04fa6cf07d4bfe58978308eeeca8093b934fa20386116

                                                                              SHA512

                                                                              43a90916f8f561e42b573fc0a9e4b2c4d842227859c7dad899bbf22efd8c0df9d8e484ae71b3c2bae78bd5eb353f252dcc311d41d86fe954720d9cf676fc1332

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              3KB

                                                                              MD5

                                                                              153d5f1f887d9f037927ae94d51b1eb6

                                                                              SHA1

                                                                              562b6f78710a12288ecaeafefe5008cdf86c3c71

                                                                              SHA256

                                                                              8ad7e5112092589ee43ff0cc36e4a67af1a7fc4448a2264a7aad586b4986ecc7

                                                                              SHA512

                                                                              ef91802cefa14efdd70e3e915db455a639c44c443cc80c8dc8fcd02d7b8bd8dcc7d2d43a9a78411e5db2d820590847b68b621c5cacefbaadbb9bf96a10bfaf39

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              ce1e2363f9d8603d6dcf5858f04de47f

                                                                              SHA1

                                                                              b1301a27f62cedda33d8972eaeb7d5aa7bacb9fc

                                                                              SHA256

                                                                              e92d1a46a7354eef98ec9e9e10d1cc3556d1e17642a178011bcc59b67fbd3264

                                                                              SHA512

                                                                              bd4488fd07f30ae0b572db50f9ce4f130cd2ba5058337cbf31fdd8e1ec3cc9961434ec721c8960bc9af6a6002c69c1fec0ef22668b70a57dfb145bc4ca248c4e

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              4KB

                                                                              MD5

                                                                              a2fe4b90cf4185532d91da3502afbf6d

                                                                              SHA1

                                                                              98dd8cc439a224f245067f7207e83da313b3dff2

                                                                              SHA256

                                                                              9b1b848670ce1f58fe48aa54f15bef0a07b0600d193ae69c8d4d1735a245243b

                                                                              SHA512

                                                                              a4fdf3045cebdccdd8de6683be0eb03eed79bcd6d424dfef98c1030dae7259701d246d7df0dbfedfc52509d0239255a13170b34ac5c7163f3165a77edd7bf87f

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              2b71de82009191c1e012e6cd53ed3e10

                                                                              SHA1

                                                                              45f2453211a2351cf001ae16295da427dc4fbb7c

                                                                              SHA256

                                                                              5ddcbf510a34ea9475900aff239b23c76cbf06858a74b676b9efcf6fae415a95

                                                                              SHA512

                                                                              6d2806ff3eea8c157cbcd70a0a670c5d413d9735f9fbbe4442eceec06d99202b726f272bebd088047339a5b328e5af440353c95f03b6227d9ea245355096b839

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              f500c4466ec1fbe8b9a54584fbf22f73

                                                                              SHA1

                                                                              d2a3b758ab1d003fee13b1c1a5c6ee289d5648b0

                                                                              SHA256

                                                                              9ad2f9c94ba826121713ebf174cfdd460a63273546ebc14e66e504d76b8a2cad

                                                                              SHA512

                                                                              e9cb8fb00efc589406974ec2bedc4bd6189a43cfc3aa5ba1479536112e0d43e7ebbf98e6ca1ed36cb8aa54eb6cbb3cf95bc89351fe0069633e934eba81f134c1

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              8KB

                                                                              MD5

                                                                              f50d080890bf3764a6af7c05d0050db8

                                                                              SHA1

                                                                              1678a1d86ece76288375d241d3a52e749f027ea4

                                                                              SHA256

                                                                              920251259c03902b476009e4fbe35aab69db5f18e5ebdab2ff2b70a05744d25c

                                                                              SHA512

                                                                              f6928d4bf4f1ebc8030b34ca8e109fb52bd34a12b621c2246ee1ebaea1d63c00c5ca0be6966b65f956f86458715efc4e614389f88a4b89dcd66fdb74d24823f5

                                                                              Download Submit
                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                              Filesize

                                                                              9KB

                                                                              MD5

                                                                              d577b62f33dd1889d086c9fa7926c117

                                                                              SHA1

                                                                              561c9a8452e8a24a30233349da2cdf7e753b3ae5

                                                                              SHA256

                                                                              8fb81d7cbf5f0a3894152ef8655351af0dc169a4f51eb488bdfd2102982a88b1

                                                                              SHA512

                                                                              d00d397475dbb321ab08e2f96098385eca2e419e4b5139ad0e74e8235ffddd29978c82fdd1e09bd0060bda184143ee07ff46bb97e756044365969dca2c37dce8

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              968706091b00f62e2ee54190fe913380

                                                                              SHA1

                                                                              7dcd60d17fc861a273074fc9c6652e6e0cc2c182

                                                                              SHA256

                                                                              a51a7a851222d45c068ce2120e495b217f504b87d1a6d982feeeeb252d4aa80d

                                                                              SHA512

                                                                              fb7521dab16a95317c88d31763e0eca697d040cee09c91fd59c59a12bfb8e8e2d12df75a7bf461ab99b08af58ebdf0be8ace473692357182d86ef3cbb19c2bdd

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              a491a73721ce0040dae0db8e6e9c9443

                                                                              SHA1

                                                                              7c777f822352f3d034e1e6c613692ee0981747b9

                                                                              SHA256

                                                                              09e108af5f62f4da41991338e9b17b2b9829058449bf655ae61e4119c7ba5580

                                                                              SHA512

                                                                              8cd10e80f6bf3fa93bb2fe7429574c0e0b67100aa0df971215f9e503f0bdb7bc11f0373de70a1f933b941a6459cd39029a50891781c076032477960f41b16624

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              4d9375432abf92e0539d16a7163a06a5

                                                                              SHA1

                                                                              39c76f07dc176b89b4c52b0acd6f05c48a9bc276

                                                                              SHA256

                                                                              07104cd870c3f61c60c514a59f37262ceff688fbb53d016e777f513262f7db70

                                                                              SHA512

                                                                              a0d2e907249b85f09a18390693170a819ddb8828d2c03318713d8b9a56508e82ac19308bb8e37e34271f52d9d63c0624eddc03885788b5f5b49fa7e6ea47b4b9

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                              Filesize

                                                                              727B

                                                                              MD5

                                                                              3dc4181e96e768b9f4bbf41d1afa1dc1

                                                                              SHA1

                                                                              9ee79c2f26bf520c4e8a3b36daff9ce8e6e3cca8

                                                                              SHA256

                                                                              a72e1936399b803b5c282aa625b1dd2e3c924897ba728887035ebd30a4e9eae4

                                                                              SHA512

                                                                              8c6c6ec2b6513697995aac13b9f946a7f5442cea77d0d3053ae9cf0d7dedd6942c8eceabfcd0380156403002bea026b3b18d4926fec92a146faf41f0144a7958

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                              Filesize

                                                                              471B

                                                                              MD5

                                                                              da5a9f149955d936a31dc5e456666aac

                                                                              SHA1

                                                                              195238d41c1e13448f349f43bb295ef2d55cb47a

                                                                              SHA256

                                                                              79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

                                                                              SHA512

                                                                              60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              d4d0a28b24bbea3190e964a643c90891

                                                                              SHA1

                                                                              e207409ca72c9adff98db68070c0607d91f4abd5

                                                                              SHA256

                                                                              d400e7a12c112de8b0de65a04700b1eacdeca78866db809a91aacfb257f21763

                                                                              SHA512

                                                                              46ab4ef92fad5e90ca576be092dc7f26f0ccbaad2d32d362b84dc72d976f1544580a048529465d0fc6af9f487f58cbbca7a5da5b0b76621947c13e40b8f4c2e1

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              7b3508e145aacb3f69886c8d526a9fd7

                                                                              SHA1

                                                                              a9a5148f655452cb5312bb5f67b7d17d61951a71

                                                                              SHA256

                                                                              50893407ab5312fc9cc434163623c231ce7d57f534ad872feae622a032153506

                                                                              SHA512

                                                                              0275980c3adde8235cfa087a59d5b231f35d6331c5381c9931890d42debeae2eb76ecfb7b5c6b9b2fea50a2c71f250824eac8ec4e12888abc3bfdd5422e27a43

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                              Filesize

                                                                              727B

                                                                              MD5

                                                                              e48b6e4b5351b7f68acc6375f58b4832

                                                                              SHA1

                                                                              b17b7199b60c22b91a3df390d7a1c7874c7892a9

                                                                              SHA256

                                                                              fed4553c22581ce3e71b78d3d45bddc8137beb99d2ff71a5423da909d6848d8c

                                                                              SHA512

                                                                              5f3af281f1ec2292f0a0a905ad24a07c793c8e8ac0be9a0c86e9c1588b7f9cd6028c70433d7c228d60c7c9dbe1a1d3dd0afd3bf3795b388b6d48444edb1444b5

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                              Filesize

                                                                              508B

                                                                              MD5

                                                                              060436618f7a772b8af9c9b27ebbe74c

                                                                              SHA1

                                                                              c54a7faf9c2133a7f942603ed18ca840aa4808ce

                                                                              SHA256

                                                                              26d839f1d7ca51ade6283f8baaba0b6e59067de5fc906fb47a05da00c4686d33

                                                                              SHA512

                                                                              122234b8f42cee56db3dd5c3cbd31de96bf6460edd011c3a260bf19cff38dfade2a2b8456c2287175de912f30f6f0ff1391828bb74af1a218e4508ed368f22e8

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                              Filesize

                                                                              536B

                                                                              MD5

                                                                              ef04d1355b814caaaa87cc23f5cd3704

                                                                              SHA1

                                                                              b1392e16046e8bddccf0f36c5e4045d4b9d19d85

                                                                              SHA256

                                                                              5b6472ad52b2adf4cd95008c734629c58c44dbc6f569a8298ce0cddf7cf11086

                                                                              SHA512

                                                                              1fc0d35ed13645a27b5e3a6adf357cc6f26525a27a54d742ad734566339b2da4ef7b3efb9b1fb74077640924b0a9226728c42c230d6c6349f524a3f734688e9f

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                              Filesize

                                                                              540B

                                                                              MD5

                                                                              ce20ec9cb777bd5b30d8efa9c7ca92a9

                                                                              SHA1

                                                                              d96e40dba88ee3b1d5384d13bd7f2bb0dbbde43a

                                                                              SHA256

                                                                              8c1883aaf3058d66f549b7cf8dfdeb1e30afc6f2c0a7acbc31a43f79d4a3c519

                                                                              SHA512

                                                                              4188d565708be614f5a7cf925776f51ef1b556aa6643b266f4267c2572b4233d8753a8ce6f536bc9049bbb76371f3a93301bee8ed68771294966402f3c9c5a1d

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                              Filesize

                                                                              434B

                                                                              MD5

                                                                              2218bcf345136db777e01a2a28d64270

                                                                              SHA1

                                                                              bf2169017894eba5edf81d794ca6d248918bb26a

                                                                              SHA256

                                                                              ba0b39984001ddd05280c36cd7fc9b334be5313be6332c625de27b3b94ac3816

                                                                              SHA512

                                                                              5b01912955e04e90dfd91f8734773d149bcc2d0a08dae2d3bd610d37702fa5f27aebd0cca5555f7fc3ec9176627445768301511dde4497c287f3b51e494a5692

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                              Filesize

                                                                              430B

                                                                              MD5

                                                                              e9cde89ccbfdea1a6f718c040d1cb15f

                                                                              SHA1

                                                                              c5f1b284b1ffa0a260b2953badc97eb4bdb57ddc

                                                                              SHA256

                                                                              f76e5cad44921f36145b6ed1ccf90e8cf0cedcf31c0a7d5582ff02707eb44f87

                                                                              SHA512

                                                                              cde9ad49881aca33b397d6db1f9d48ffdbbd94f56dade1431be13fa9650b81ac7aaa20d1af1e4a889468aa7d9e5bb44a7b28b3e85b7dd035de3746e362ed70c5

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                              Filesize

                                                                              536B

                                                                              MD5

                                                                              31f4a89002aee49731449068c6c8ca3c

                                                                              SHA1

                                                                              740c59f040fcc27edbf69f5463a55be9c8d56ecd

                                                                              SHA256

                                                                              e5d49b13864f58ceef1598bd6c1f79b7b6a014d6a2604fd8cd55a4a3b2060de3

                                                                              SHA512

                                                                              bf779cdbdbdbe5fbb85f83f14275c08a0255142926cc4b64a541df06c4a9b742aa2f444612ff6f9d1762292b09459eb7f204e2d1d2d682f0bc5bfda1e8f3f0d5

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                              Filesize

                                                                              506B

                                                                              MD5

                                                                              0edbb9afb2f67d3dc5e1e09e7b3b2b04

                                                                              SHA1

                                                                              4a996dda7df33f0f502b4fe4ef9df78f1fe47197

                                                                              SHA256

                                                                              2bfe4fae5fbe7eb0e0c6340a8d70ca20a41409fda74beb27356e4d45fd4a8c09

                                                                              SHA512

                                                                              657a18e38825b80698c667a79ddf41859f43c271edf0cceec0219122901d84fb5ec5945a6d05999932c2930e25d9f9a24a4094d27759ec8dc3858672c2b47fc1

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                              Filesize

                                                                              442B

                                                                              MD5

                                                                              90b6f86e9cba4da2e7597fc002986ab9

                                                                              SHA1

                                                                              011cfb6869a9cc8806b50926aa5b7de54b2f8f30

                                                                              SHA256

                                                                              086d089ed272781f21cbc3e01db243b0ad50851921f38349695d2114c3f6e017

                                                                              SHA512

                                                                              c566ce08e77ae3dfa5393fe140f334124c8fef7fa38147594d586efa09645a63e4f79c4831c673cf55bd11b20b50a30d99b05689e3dc0fef52812b79c9c3cc29

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\BRAND_COMMON
                                                                              Filesize

                                                                              23.3MB

                                                                              MD5

                                                                              105d3263b0bca342b425fc45702c8856

                                                                              SHA1

                                                                              00180722d29af289bb7d2138a52b9d784ce367da

                                                                              SHA256

                                                                              7547bc1f22cb361a4e644f899f8494faa013e15f05b75b77e1ea596532dc4fee

                                                                              SHA512

                                                                              f6d3a7a25af1c10bbf5fb18b406f30c2c7d92778731f6b6d3eb6f181bc7854e920f99e1f55d2fdc0484bd1bd9bb13942ef13da85d1823c1f5cba16568cb45efb

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\BROWSER.PACKED.7Z
                                                                              Filesize

                                                                              90.8MB

                                                                              MD5

                                                                              5e99de825a34c299b8eef00c8d475e3d

                                                                              SHA1

                                                                              6fc1d9ef19f3d2aae0fb4ac596afbb24b408d83d

                                                                              SHA256

                                                                              6f945efb7783b3ba9b8b48ffef9dc62322d11d51c401bbeaa1cf0aebf768b4ed

                                                                              SHA512

                                                                              dd272ce4dd7f4529fb4b4a182cab7fa63bae0f455ea5bf843888c59d9fc13d1564b0f436b5afcd2c3d449979dcd82e0c71f45b6ae54e41e1ebbb649dd060e68a

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\brand_yandex
                                                                              Filesize

                                                                              2.1MB

                                                                              MD5

                                                                              cff7f43a37e2081aa5271b2e42e20699

                                                                              SHA1

                                                                              9d50fec6b4b583e6b90cbc6906bb6838ded606d8

                                                                              SHA256

                                                                              58ee5e657246dadd99f6194ffe082a27a8896aaa4500ff6773054a3929a912fd

                                                                              SHA512

                                                                              4eb33ae0d9c9afb8116c9454b1ce06cefc6f59f21463ba9c04d45ed09b3fe61d1ef3aee1570e92d2657d4f6d33a603288f5ff5c04464bb6da75e16002763e2de

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe
                                                                              Filesize

                                                                              3.9MB

                                                                              MD5

                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                              SHA1

                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                              SHA256

                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                              SHA512

                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe
                                                                              Filesize

                                                                              3.9MB

                                                                              MD5

                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                              SHA1

                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                              SHA256

                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                              SHA512

                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe
                                                                              Filesize

                                                                              3.9MB

                                                                              MD5

                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                              SHA1

                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                              SHA256

                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                              SHA512

                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_1EC75.tmp\setup.exe
                                                                              Filesize

                                                                              3.9MB

                                                                              MD5

                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                              SHA1

                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                              SHA256

                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                              SHA512

                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\clids.xml
                                                                              Filesize

                                                                              599B

                                                                              MD5

                                                                              dae47d5fb36af27a9869750c11f52494

                                                                              SHA1

                                                                              366629747a061c7bd6a6883f5364734cecfc697a

                                                                              SHA256

                                                                              37ec2fcea5119863c67d94c2d269ec242e294cb76c9674e793d7280b6fd13c90

                                                                              SHA512

                                                                              6937d3a2f3c4ecd3544a473a79808f1932e036cbafe6bff11d51f5d131fd8b6e594dbdfb254f96f49177cac5517e536bc14d855beaf3c81349ddbf7324bf79b4

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\distrib_info
                                                                              Filesize

                                                                              293B

                                                                              MD5

                                                                              5ff4663cf4ed5b1c4c7e84ae7a26484b

                                                                              SHA1

                                                                              738deb4f237c34acab7ecf6a2899c7bd94ecd34a

                                                                              SHA256

                                                                              f69eb6cd9983e819f7c1273598046ace4ef35c97cc651b89b460bb05dbd58c81

                                                                              SHA512

                                                                              f9f7a15bd4d811d0a0a986d24b18d76434f89f81f6554cf0f707a0298a26f0732389e85394d186dd22a6c0306b8568c94d5583891196328e0e3945f44af59bbc

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                              Filesize

                                                                              14KB

                                                                              MD5

                                                                              3061f90b3cf9cdaa79cfab49ebad5f48

                                                                              SHA1

                                                                              69cb8d3d090056df61186af78c6fc25f801a6882

                                                                              SHA256

                                                                              59a7997a5c1a57fee1c25641248b7ce7673609efc2bb2598ee0c43125baca579

                                                                              SHA512

                                                                              9b135f73ae5b6d71fc6b29186775f6fa73ec54d561acff860d343acb2e1fe1d93170871a8b6d75cff2bde697a87bde8b37135d2f2c0cbdafe7d65030ba976279

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                              Filesize

                                                                              15KB

                                                                              MD5

                                                                              ea8e8162b89678e701ad745a3b21bcbf

                                                                              SHA1

                                                                              07a2daddba55a4bcd7751b99e581c70962e70f03

                                                                              SHA256

                                                                              8d471f2f7634c34046390531537cd12f7b5fd7c49a4cbf52aecf3f0617a4745c

                                                                              SHA512

                                                                              39bcb4a93828c41a98e0051519cd9a4d0681982067bbd8e30879569ac1032c1b3aaab2b8daaa4375e98896c91ea0781e787354c188b7234a76b93a93ab021787

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                              Filesize

                                                                              26KB

                                                                              MD5

                                                                              eee5e3e4a968c438e14efd147cd8a73d

                                                                              SHA1

                                                                              c01621d7d6d5ee82ba2138e7c002a6e0386c5637

                                                                              SHA256

                                                                              d04fe7fc55055fa25b269d614f3eb56fbbb9b2a85182fbc777831a2809a00f5e

                                                                              SHA512

                                                                              53d6f524f1a0e1d188d69e831497a10e2af17c00c0a3ecefc0e91c9b4a8e09b4e656c0abea63e0d12f44d51928c226a6c217bee9c9ac34dbe396c37727781a31

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                              Filesize

                                                                              27KB

                                                                              MD5

                                                                              7b30544978527fcc670da5f8da4cb7cf

                                                                              SHA1

                                                                              fcf207f57e25e9c63293b35c7dd5d95fff45fbc5

                                                                              SHA256

                                                                              3256fff8cb6590a523102a865628291940ccff727fdf9746e160b94c61ee2bb8

                                                                              SHA512

                                                                              af6d44df2e09c5c9066c22ef3f2fe8239dca7b73eb300cca693bb8f3ed6209812b7b014be0fb88d017bd5e66d1bec17739778195fe546079599ee85578819900

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                              Filesize

                                                                              129KB

                                                                              MD5

                                                                              517cebb5d922c6be230ce63948323b5e

                                                                              SHA1

                                                                              42cdd2f94dd6258441645e831552fc609e801e44

                                                                              SHA256

                                                                              fdd8fee19d1fb229f1bd4e6cdf703c69cda41278191165f337af6542c66847da

                                                                              SHA512

                                                                              c43e59415c5d8f3d0a842f273326348cc3593226183285bf006c4772a21430907c675e50451e3d6f4c72bc3febff1d34a57654bd8bc6c8e59da1bcc6e84d6a6e

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                              Filesize

                                                                              129KB

                                                                              MD5

                                                                              517cebb5d922c6be230ce63948323b5e

                                                                              SHA1

                                                                              42cdd2f94dd6258441645e831552fc609e801e44

                                                                              SHA256

                                                                              fdd8fee19d1fb229f1bd4e6cdf703c69cda41278191165f337af6542c66847da

                                                                              SHA512

                                                                              c43e59415c5d8f3d0a842f273326348cc3593226183285bf006c4772a21430907c675e50451e3d6f4c72bc3febff1d34a57654bd8bc6c8e59da1bcc6e84d6a6e

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\scoped_dir920_2018283978\explorer.exe
                                                                              Filesize

                                                                              3.9MB

                                                                              MD5

                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                              SHA1

                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                              SHA256

                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                              SHA512

                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\scoped_dir920_2018283978\explorer.exe
                                                                              Filesize

                                                                              3.9MB

                                                                              MD5

                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                              SHA1

                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                              SHA256

                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                              SHA512

                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\website.ico
                                                                              MD5

                                                                              d41d8cd98f00b204e9800998ecf8427e

                                                                              SHA1

                                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                              SHA256

                                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                              SHA512

                                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                              Filesize

                                                                              5KB

                                                                              MD5

                                                                              207ae0a76fafecaaa62ed0cc24422ef3

                                                                              SHA1

                                                                              701b031dcad64471eef17c89c1172ee6a16af99c

                                                                              SHA256

                                                                              df9e20239e7b7399c52318df0b58064adaaf5d4c8415856362b3696a51d6e139

                                                                              SHA512

                                                                              c87a7ccb9dc8dfabd400226d0356b83211f84629575ecd759732845ce153bfb6c8c3392ed9166e0a9f4173cb9262b4459a242019a18e82137f93fe686c416a4c

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                              Filesize

                                                                              22KB

                                                                              MD5

                                                                              4d2a5f7ecb46f2ea1be8c9e4c887fe8c

                                                                              SHA1

                                                                              43eb40abd7ce53de0e2ea452174915025fcff6c0

                                                                              SHA256

                                                                              b6b08d7555c29ad644e39c00f2ee2721d4f7e49596a21f6f7467e3b88741f7be

                                                                              SHA512

                                                                              1ac4b40bf4b1e79ed33cce3c4aa6c9c906665b9b02553082fb70f947372bf44733a862551bfc11b542754f6074e0c4e1459e69c47983a25855f6978d41da42a6

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Temp\ybC662.tmp
                                                                              Filesize

                                                                              149.8MB

                                                                              MD5

                                                                              ff228e3e10f4d98d961e8a361861180d

                                                                              SHA1

                                                                              30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                              SHA256

                                                                              b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                              SHA512

                                                                              1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                              Filesize

                                                                              591KB

                                                                              MD5

                                                                              10d2e0956493b129149705225fa3efb3

                                                                              SHA1

                                                                              547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                              SHA256

                                                                              a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                              SHA512

                                                                              df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                              Filesize

                                                                              591KB

                                                                              MD5

                                                                              10d2e0956493b129149705225fa3efb3

                                                                              SHA1

                                                                              547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                              SHA256

                                                                              a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                              SHA512

                                                                              df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                              Filesize

                                                                              3.8MB

                                                                              MD5

                                                                              2fadcc66fdf395c8fd19a424745a855c

                                                                              SHA1

                                                                              b40174f66741be5f5afc814b3797dd5af7891b30

                                                                              SHA256

                                                                              d43da70412b55377532192ab6658074bd73592ab1552a1bb53edf823ee655972

                                                                              SHA512

                                                                              3ac2d369e2708309bac2796071bbd53c32fb462ea0373898c5701d3d776b4ce573eb28275148cebff2f2602cf8922f4dd7ddd9ecc533988a1a05e8578b6b6633

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
                                                                              Filesize

                                                                              48B

                                                                              MD5

                                                                              1f93fdefb491b97dcf7abe081e82ba52

                                                                              SHA1

                                                                              e650bf8f8239681eca0c7683b7ce0209aa0f84c9

                                                                              SHA256

                                                                              8eaf7dc72023fda94181ce6b899903e6c0ab744dd654d5fdf61a47f1ae9f8766

                                                                              SHA512

                                                                              f3953f283da985641b7882cd67b969eb436dccac94df25a000c7eafbf21ab50a5501e1c94afbe8ad52325376a94bf8b4381016a768c8593a9fcacca919cb6ae0

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yandex.website
                                                                              Filesize

                                                                              492B

                                                                              MD5

                                                                              c237fc112a9d718f8132e915847afd2f

                                                                              SHA1

                                                                              854bce4c4b3707fcd7f88eaca8c590590e8914d4

                                                                              SHA256

                                                                              f96678a810127b62f806b947351819d58da5a2d49d83d5157090b72c095fd788

                                                                              SHA512

                                                                              4e2872cdf225c14f8ec2560b7ca033f225e3d32ceb4928200c84a33d6e1f6b8f2fb0a2c37e3d9eec025da5849164f58a5812006b1f7013d12579c88005eff79b

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk
                                                                              Filesize

                                                                              2KB

                                                                              MD5

                                                                              f1352286edad4545345aad9269214b3e

                                                                              SHA1

                                                                              28ea9dbbf497fa3a6094a1c5f01fc3fa139f1a34

                                                                              SHA256

                                                                              c6470e6e5823f39b36d3d8218b0d585850e9bffd1bb39acda4f877fb633e7fb2

                                                                              SHA512

                                                                              552e15872aac24d88da42ba4e6c5398b2178f204d5bd015dfef1ebc26695497c011d63ac0920079cb9438212e978d78bc1b29b6127dd417be11b2aa11cab03fa

                                                                              Download Submit
                                                                            • C:\Users\Admin\AppData\Roaming\Yandex\ui
                                                                              Filesize

                                                                              38B

                                                                              MD5

                                                                              d1a1f3acd77dffd5dee035cc5d9e78ad

                                                                              SHA1

                                                                              bc40f9c5c8cc72dfa4d9e4cb6a086d3e1dddcb92

                                                                              SHA256

                                                                              1dc3af9892caa1629976e98ded0f711a9ca526895d05267a442706969a04f10b

                                                                              SHA512

                                                                              6a01487daa6d1ca7c6f6fb7e16f8826f4dbac715e1a7b7f884e6920084be5446b424a8881776aa5da69bd2a82ca1d70853640a0bbec455778b401443523ff0c0

                                                                              Download Submit
                                                                            • C:\Windows\TEMP\sdwra_920_538777569\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • C:\Windows\Temp\sdwra_920_538777569\service_update.exe
                                                                              Filesize

                                                                              2.6MB

                                                                              MD5

                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                              SHA1

                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                              SHA256

                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                              SHA512

                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                              Download Submit
                                                                            • memory/60-214-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/100-229-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/920-144-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/976-218-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1392-246-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1412-213-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1452-239-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1476-210-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1480-280-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1504-249-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1608-216-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1644-205-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1692-277-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1808-226-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1868-263-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1868-284-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1880-211-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/1884-242-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/2240-260-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/2400-196-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/2436-212-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/2524-289-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/2704-148-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3376-264-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3588-132-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3800-266-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3908-171-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3916-185-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3940-227-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3944-199-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/3988-209-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4104-223-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4128-138-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4376-220-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4580-174-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4624-253-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4656-271-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4744-231-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4836-182-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4900-178-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4908-192-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4940-232-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/4952-275-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5060-140-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5168-294-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5228-384-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5236-300-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5300-305-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5336-309-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5368-390-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5392-313-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5440-319-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5500-325-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5588-330-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5616-333-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5664-339-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5752-345-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5788-349-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5844-354-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5908-359-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/5968-364-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/6024-369-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/6076-374-0x0000000000000000-mapping.dmp
                                                                              Download
                                                                            • memory/6140-380-0x0000000000000000-mapping.dmp
                                                                              Download