Overview

overview

10

Static

static

Yandex.exe

windows7-x64

8

Yandex.exe

windows10-1703-x64

10

Yandex.exe

windows10-2004-x64

8

Resubmissions

17-10-2022 19:36

221017-ybkpeacgf7 10

17-10-2022 17:27

221017-v1ye1scfdl 8

17-10-2022 14:10

221017-rg6qhacbgq 8

Analysis

  • max time kernel
    1666s
  • max time network
    1797s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2022 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yandex.exe

  • Size

    2.4MB

  • MD5

    09bb3df23630c9111a5860cb96bde6ad

  • SHA1

    217d78e392e7ef295596862175eb353977a85738

  • SHA256

    e36891d982acaa5b12e27cf55fae3581e29dd0ef35d0dd98ae93296034b5177e

  • SHA512

    8a216eac67b5d4bc54781a166cd48ab8a68e0b983fb346c14030eca060046fe7484f76fa4eb006164c5781684cad82f7d29afaf9514e70c81feffe70df402f31

  • SSDEEP

    49152:CsEpJsMKSCZrcPEGuW9Q+iA5H5u8QeuL:CsEpuBZrcPEGuWMxt

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Checks computer location settings 2 TTPs 14 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 11 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 21 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
    "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
      "C:\Users\Admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=1972 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\7898dee0-d7d8-475a-bb05-97d062b1582b.tmp\" --brand-name=yandex --create-alice-shortcut-in-taskbar --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --make-browser-default-after-import --ok-button-pressed-time=598072400 --progress-window=327966 --send-statistics --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\9246d906-310d-4a7f-9345-0438e07774a9.tmp\" --verbose-logging"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1784
      • C:\Users\Admin\AppData\Local\Temp\ybE995.tmp
        "C:\Users\Admin\AppData\Local\Temp\ybE995.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7898dee0-d7d8-475a-bb05-97d062b1582b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --create-alice-shortcut-in-taskbar --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=107 --install-start-time-no-uac=598431200 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=598072400 --progress-window=327966 --send-statistics --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9246d906-310d-4a7f-9345-0438e07774a9.tmp" --verbose-logging
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1124
        • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7898dee0-d7d8-475a-bb05-97d062b1582b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --create-alice-shortcut-in-taskbar --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=107 --install-start-time-no-uac=598431200 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=598072400 --progress-window=327966 --send-statistics --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9246d906-310d-4a7f-9345-0438e07774a9.tmp" --verbose-logging
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:1636
          • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\7898dee0-d7d8-475a-bb05-97d062b1582b.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --create-alice-shortcut-in-taskbar --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=107 --install-start-time-no-uac=598431200 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=598072400 --progress-window=327966 --send-statistics --source=lite --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9246d906-310d-4a7f-9345-0438e07774a9.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=708879200
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:1040
            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
              C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=1040 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x11521d8,0x11521e8,0x11521f4
              6⤵
              • Executes dropped EXE
              PID:2024
            • C:\Windows\TEMP\sdwra_1040_645297149\service_update.exe
              "C:\Windows\TEMP\sdwra_1040_645297149\service_update.exe" --setup
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1280
              • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --install
                7⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:1956
            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
              C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1488
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
              6⤵
              • Executes dropped EXE
              PID:1744
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1040_363606559\Browser-bin\clids_yandex.xml"
              6⤵
              • Executes dropped EXE
              PID:1768
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:556
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1040_363606559\Browser-bin\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:864
            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\SEARCHBAND.EXE
              "C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\SEARCHBAND.EXE" /forcequiet
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:708
  • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --run-as-service
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=1724 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0xec7ae8,0xec7af8,0xec7b04
      2⤵
      • Executes dropped EXE
      PID:1940
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-scheduler
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-background-scheduler
        3⤵
          PID:1576
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=33422687,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=0CFE9157_D66C_408D_83A7_39BE00776F32/*
        2⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:1796
    • C:\Windows\system32\conhost.exe
      \??\C:\Windows\system32\conhost.exe "-1890268446-10197398471120673084-1648162009-8549900681330881499507312438741583123"
      1⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1576
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:960
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 8EDC85C7DD24815E24FC1751E6295F91
        2⤵
        • Loads dropped DLL
        PID:1332
    • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe
      "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe" /install
      1⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1932
      • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe
        "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe" /auto
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:364
        • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\crashreporter64.exe
          C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\crashreporter64.exe
          3⤵
          • Executes dropped EXE
          PID:108
        • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe
          "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe" /update-check
          3⤵
          • Executes dropped EXE
          • Modifies Internet Explorer settings
          PID:3412
          • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe
            "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe" /update-install
            4⤵
            • Executes dropped EXE
            • Checks computer location settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:3352
            • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe
              "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\searchbandapp64.exe" /auto
              5⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • Modifies Internet Explorer settings
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of SetWindowsHookEx
              PID:3680
              • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\crashreporter64.exe
                C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.5.0.1923\crashreporter64.exe
                6⤵
                • Executes dropped EXE
                PID:3004
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=327966 --ok-button-pressed-time=598072400 --install-start-time-no-uac=598431200
      1⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1624
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=1624 --annotation=metrics_client_id=18c9c36178604aeca56c4d753af83687 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0xe4,0xe8,0xec,0xb8,0xf0,0x736ba3b0,0x736ba3c0,0x736ba3cc
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1612
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=816 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1100
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1328 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1628
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=1604 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2212
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=2036 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2372
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2536
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=2300 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2752
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=2320 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2892
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=2532 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2332
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=2912 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2488
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=2920 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2288
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2164 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2436
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe" --uninstall
        2⤵
        • Executes dropped EXE
        PID:2836
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4136 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2952
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1520 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2764
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4228 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:3168
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4488 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:3376
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3760 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:3636
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=2496 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2092
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=2616 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:3012
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=836 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2836
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=1084 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:3268
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=2768 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2488
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=2776 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2756
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=3468 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:1572
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --enable-ignition --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=1016 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2984
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4616 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:1424
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4256 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
        2⤵
          PID:2752
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4644 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
          2⤵
            PID:3068
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=2508 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
            2⤵
              PID:3288
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4820 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
              2⤵
                PID:3372
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4656 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                2⤵
                  PID:1956
                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4632 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                  2⤵
                    PID:3244
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4776 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                    2⤵
                      PID:3616
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4692 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                      2⤵
                        PID:3728
                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=2612 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                        2⤵
                          PID:3060
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=1068 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                          2⤵
                            PID:1672
                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4704 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                            2⤵
                              PID:2600
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4732 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                              2⤵
                                PID:4064
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=556 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                2⤵
                                  PID:2732
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4796 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                  2⤵
                                    PID:2720
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3836 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                    2⤵
                                      PID:3436
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4852 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                      2⤵
                                        PID:4044
                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4860 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                        2⤵
                                          PID:1716
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4868 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                          2⤵
                                            PID:1916
                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4460 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                            2⤵
                                              PID:2208
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4696 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                              2⤵
                                                PID:1068
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3276 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                2⤵
                                                  PID:2456
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4456 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                  2⤵
                                                    PID:2976
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4812 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                    2⤵
                                                      PID:1368
                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3988 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                      2⤵
                                                        PID:620
                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4608 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                        2⤵
                                                          PID:1332
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1508 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                          2⤵
                                                            PID:976
                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1656 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                            2⤵
                                                              PID:1152
                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4768 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                              2⤵
                                                                PID:3200
                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1052 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                2⤵
                                                                  PID:2840
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2776 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:3176
                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1416 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:2976
                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1952 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:3412
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1672 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:3572
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1372 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:4044
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1656 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:2092
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=spell_checker.mojom.SpellChecker --lang=ru --service-sandbox-type=utility --utility-enable-offline-spellchecker --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Проверка правописания" --mojo-platform-channel-handle=816 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:3240
                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2764 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:2412
                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1340 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:2968
                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3728 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:3840
                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=autofill.mojom.TflPredictionsService --lang=ru --service-sandbox-type=utility --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Autofill Tfl Predictions" --mojo-platform-channel-handle=2736 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:2820
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe
                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe" /uid:"e614a360-d977-49f6-9f21-aa49eea99753" /yandex_uid:"2450075271666035612" /version:"21.2.26.0" /lang:"ru" /browser:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" /iv:"1" /report_dir:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport" /browser_user_silent_detect /detect_report_html:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport\DetectReport.html"
                                                                                        2⤵
                                                                                          PID:1784
                                                                                          • C:\Users\Admin\AppData\Local\Temp\YandexRescueTool\bct.exe
                                                                                            /session:L3VpZDplNjE0YTM2MC1kOTc3LTQ5ZjYtOWYyMS1hYTQ5ZWVhOTk3NTMgL3lhbmRleF91aWQ6MjQ1MDA3NTI3MTY2NjAzNTYxMiAvdmVyc2lvbjoyMS4yLjI2LjAgL2xhbmc6cnUgL2Jyb3dzZXI6QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxBcHBsaWNhdGlvblxicm93c2VyLmV4ZSAvaXY6MSAvcmVwb3J0X2RpcjoiQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxVc2VyIERhdGFcUmVzY3VlVG9vbFJlcG9ydCIgL2Jyb3dzZXJfdXNlcl9zaWxlbnRfZGV0ZWN0IC9kZXRlY3RfcmVwb3J0X2h0bWw6IkM6XFVzZXJzXEFkbWluXEFwcERhdGFcTG9jYWxcWWFuZGV4XFlhbmRleEJyb3dzZXJcVXNlciBEYXRhXFJlc2N1ZVRvb2xSZXBvcnRcRGV0ZWN0UmVwb3J0Lmh0bWwiIC9icm93c2VyX2J1aWxkIC9ub19ndWkgL3NjYW5fbW9kZTpkZXRlY3QgL25vX2xhdW5jaF91YWMgL2NsaWQ6YnJvIC9wYXJlbnRfcGlkOjE3ODQ=
                                                                                            3⤵
                                                                                            • Drops file in System32 directory
                                                                                            PID:3696
                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=hips_info_provider.mojom.HipsInfoProvider --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name=hips_info_provider.mojom.HipsInfoProvider --mojo-platform-channel-handle=2216 --field-trial-handle=1164,i,15967994483433160798,7526734679582624011,131072 /prefetch:8
                                                                                          2⤵
                                                                                          • Checks whether UAC is enabled
                                                                                          PID:3956
                                                                                      • C:\Windows\SysWOW64\DllHost.exe
                                                                                        C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                        1⤵
                                                                                          PID:572
                                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                                          C:\Windows\system32\AUDIODG.EXE 0x258
                                                                                          1⤵
                                                                                            PID:980
                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --bits_job_guid={5D22A9DC-1453-4761-BB4B-F04AE3FE4F16}
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Enumerates system info in registry
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:3932
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042804 --annotation=last_update_date=1666042804 --annotation=launches_after_update=1 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=3932 --annotation=metrics_client_id=18c9c36178604aeca56c4d753af83687 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0xe8,0xec,0xf0,0xbc,0xf4,0x736ba3b0,0x736ba3c0,0x736ba3cc
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:3948
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1228 --field-trial-handle=1276,i,16371796998355196369,10484465227848604660,131072 /prefetch:2
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:2544
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1376 --field-trial-handle=1276,i,16371796998355196369,10484465227848604660,131072 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:3176
                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={91150ED6-5297-4E7E-9AA3-81499B9F7EA0}
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Enumerates system info in registry
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:2320
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042804 --annotation=last_update_date=1666042804 --annotation=launches_after_update=2 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=2320 --annotation=metrics_client_id=18c9c36178604aeca56c4d753af83687 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0xe8,0xec,0xf0,0xbc,0xf4,0x736ba3b0,0x736ba3c0,0x736ba3cc
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:2448
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1224 --field-trial-handle=1284,i,14462319768625603578,1819610703727680310,131072 /prefetch:2
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:3292
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1348 --field-trial-handle=1284,i,14462319768625603578,1819610703727680310,131072 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:3732
                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={0E17590A-E18B-457E-9CD2-AC69865B735D}
                                                                                            1⤵
                                                                                            • Executes dropped EXE
                                                                                            • Enumerates system info in registry
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:2552
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042804 --annotation=last_update_date=1666042804 --annotation=launches_after_update=2 --annotation=machine_id=a3028db1baffc0578427f8e443889a44 --annotation=main_process_pid=2552 --annotation=metrics_client_id=18c9c36178604aeca56c4d753af83687 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0xe8,0xec,0xf0,0xbc,0xf4,0x736ba3b0,0x736ba3c0,0x736ba3cc
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:2800
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1228 --field-trial-handle=1320,i,6930147229403779840,18174134962678126979,131072 /prefetch:2
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:2896
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=E614A360-D977-49F6-9F21-AA49EEA99753 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1348 --field-trial-handle=1320,i,6930147229403779840,18174134962678126979,131072 /prefetch:8
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:3476
                                                                                          • C:\Windows\SysWOW64\DllHost.exe
                                                                                            C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                            1⤵
                                                                                              PID:3908

                                                                                            Network

                                                                                            MITRE ATT&CK Matrix ATT&CK v6

                                                                                            Initial Access

                                                                                            Execution

                                                                                            Persistence

                                                                                            Registry Run Keys / Startup Folder

                                                                                            1
                                                                                            T1060

                                                                                            Privilege Escalation

                                                                                            Defense Evasion

                                                                                            Modify Registry

                                                                                            3
                                                                                            T1112

                                                                                            Install Root Certificate

                                                                                            1
                                                                                            T1130

                                                                                            Credential Access

                                                                                            Credentials in Files

                                                                                            1
                                                                                            T1081

                                                                                            Discovery

                                                                                            Query Registry

                                                                                            4
                                                                                            T1012

                                                                                            System Information Discovery

                                                                                            5
                                                                                            T1082

                                                                                            Peripheral Device Discovery

                                                                                            1
                                                                                            T1120

                                                                                            Lateral Movement

                                                                                            Collection

                                                                                            Data from Local System

                                                                                            1
                                                                                            T1005

                                                                                            Exfiltration

                                                                                            Command and Control

                                                                                            Impact

                                                                                            Replay Monitor

                                                                                            Loading Replay Monitor...

                                                                                            Downloads

                                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              c378d9cb40499a87ee74979e98ad221a

                                                                                              SHA1

                                                                                              566834dd4a7a72b6953892b19160c4c7e874521d

                                                                                              SHA256

                                                                                              c070963a21a274f962a23ddae88c5c0393fb0483960d0b94b8eabd58b2ed5a66

                                                                                              SHA512

                                                                                              f179dfd3b7043cdd7d5ca65934ed40e417142ad50f0e0589477680e6818b2f7e826e241822a2fe668eed3fc75332dafe978f1bf0da37f956fb46b6312499f8fa

                                                                                              Download Submit
                                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              e3ebd38b9491fd401de6140c95370a49

                                                                                              SHA1

                                                                                              4c5898816fb2aad54e4a04c7f5aa6945e1ef39fe

                                                                                              SHA256

                                                                                              e03138df0a29e2a432d9201e6c192c45d47be674827f9eafd25f2b29c9c1202a

                                                                                              SHA512

                                                                                              1d4ffe6487012907b8606554359c02ff424e642a8c35e9c5045329a03fe3ce9c6eefbe90ce2be1e769224d93374b12ed007d36e085bf3aa290a186b3fbc57d6a

                                                                                              Download Submit
                                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                              Filesize

                                                                                              2KB

                                                                                              MD5

                                                                                              6ae1db4553f2d4a66c9834af04e4a6ed

                                                                                              SHA1

                                                                                              ab37d3b23310f94ec38a28519f50dc845a2493c9

                                                                                              SHA256

                                                                                              1cf7d84d4bcdd65e6bef54d08501fe796a5d9533cd6dd9f226d95df2d749ba8c

                                                                                              SHA512

                                                                                              a263cd00872908dafacff6665b03cd2a4281fb2062ddf09231a7bf484fa3f072f797dd0efc74e9d56e5845f0eb16766846acb841d5c9ef1a530a3bbd1380490a

                                                                                              Download Submit
                                                                                            • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                              Filesize

                                                                                              2KB

                                                                                              MD5

                                                                                              6ae1db4553f2d4a66c9834af04e4a6ed

                                                                                              SHA1

                                                                                              ab37d3b23310f94ec38a28519f50dc845a2493c9

                                                                                              SHA256

                                                                                              1cf7d84d4bcdd65e6bef54d08501fe796a5d9533cd6dd9f226d95df2d749ba8c

                                                                                              SHA512

                                                                                              a263cd00872908dafacff6665b03cd2a4281fb2062ddf09231a7bf484fa3f072f797dd0efc74e9d56e5845f0eb16766846acb841d5c9ef1a530a3bbd1380490a

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              968706091b00f62e2ee54190fe913380

                                                                                              SHA1

                                                                                              7dcd60d17fc861a273074fc9c6652e6e0cc2c182

                                                                                              SHA256

                                                                                              a51a7a851222d45c068ce2120e495b217f504b87d1a6d982feeeeb252d4aa80d

                                                                                              SHA512

                                                                                              fb7521dab16a95317c88d31763e0eca697d040cee09c91fd59c59a12bfb8e8e2d12df75a7bf461ab99b08af58ebdf0be8ace473692357182d86ef3cbb19c2bdd

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              0e770a2b0e01305dd71665b0cfdcf454

                                                                                              SHA1

                                                                                              9e3b745dc0392dd47a343df58f0f38eede6bca8b

                                                                                              SHA256

                                                                                              5f2bb6c904b96792e09f33052fd72befc18a38cb78c036178dddd3b2e546f48d

                                                                                              SHA512

                                                                                              f043f4c79f5e6631ffed876975dc527076459e14c3d59df10b8d1c12e06c8d3ed00cf6f5c96b92d48e7a01b2ee82e76e40da9f406327709d435faf0da88aeda8

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                              Filesize

                                                                                              727B

                                                                                              MD5

                                                                                              3dc4181e96e768b9f4bbf41d1afa1dc1

                                                                                              SHA1

                                                                                              9ee79c2f26bf520c4e8a3b36daff9ce8e6e3cca8

                                                                                              SHA256

                                                                                              a72e1936399b803b5c282aa625b1dd2e3c924897ba728887035ebd30a4e9eae4

                                                                                              SHA512

                                                                                              8c6c6ec2b6513697995aac13b9f946a7f5442cea77d0d3053ae9cf0d7dedd6942c8eceabfcd0380156403002bea026b3b18d4926fec92a146faf41f0144a7958

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                              Filesize

                                                                                              471B

                                                                                              MD5

                                                                                              da5a9f149955d936a31dc5e456666aac

                                                                                              SHA1

                                                                                              195238d41c1e13448f349f43bb295ef2d55cb47a

                                                                                              SHA256

                                                                                              79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

                                                                                              SHA512

                                                                                              60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                                                                                              Filesize

                                                                                              60KB

                                                                                              MD5

                                                                                              d15aaa7c9be910a9898260767e2490e1

                                                                                              SHA1

                                                                                              2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

                                                                                              SHA256

                                                                                              f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

                                                                                              SHA512

                                                                                              7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              42198b52f6db40a5d0aeaeccb8d79ba2

                                                                                              SHA1

                                                                                              5619e78fc43bf2cb49fbfc6bdbf3f1625df166a4

                                                                                              SHA256

                                                                                              f4301ed013980f23ee45db7e47cbced2a11d6820de70631a24189f5e0c918212

                                                                                              SHA512

                                                                                              40dd68133c3e1dd2ca9fb708d511bac30fa6788c1401e498452d4110d9223a13fb8c023221c7e52a2eed6ecc9466ec3fa5900596db026119fe05c57043e91d55

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560
                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              e94fb54871208c00df70f708ac47085b

                                                                                              SHA1

                                                                                              4efc31460c619ecae59c1bce2c008036d94c84b8

                                                                                              SHA256

                                                                                              7b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df86

                                                                                              SHA512

                                                                                              2e15b76e16264abb9f5ef417752a1cbb75f29c11f96ac7d73793172bd0864db65f2d2b7be0f16bbbe686068f0c368815525f1e39db5a0d6ca3ab18be6923b898

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                              Filesize

                                                                                              727B

                                                                                              MD5

                                                                                              e48b6e4b5351b7f68acc6375f58b4832

                                                                                              SHA1

                                                                                              b17b7199b60c22b91a3df390d7a1c7874c7892a9

                                                                                              SHA256

                                                                                              fed4553c22581ce3e71b78d3d45bddc8137beb99d2ff71a5423da909d6848d8c

                                                                                              SHA512

                                                                                              5f3af281f1ec2292f0a0a905ad24a07c793c8e8ac0be9a0c86e9c1588b7f9cd6028c70433d7c228d60c7c9dbe1a1d3dd0afd3bf3795b388b6d48444edb1444b5

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
                                                                                              Filesize

                                                                                              1KB

                                                                                              MD5

                                                                                              a266bb7dcc38a562631361bbf61dd11b

                                                                                              SHA1

                                                                                              3b1efd3a66ea28b16697394703a72ca340a05bd5

                                                                                              SHA256

                                                                                              df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

                                                                                              SHA512

                                                                                              0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                              Filesize

                                                                                              508B

                                                                                              MD5

                                                                                              96e080ba6f02b4002e8392d94f216ad0

                                                                                              SHA1

                                                                                              8b4a4599a0ecc43783b42abc0d39778a1e22e673

                                                                                              SHA256

                                                                                              30b7408fc9e05ae902c394af7eadd0eb3a4b5b9cb82144169c0afa4b983470e1

                                                                                              SHA512

                                                                                              0ff8381890ebe0074216d460866ead8c5c238512af665f75fd5c8c3163f4d2d6c092465876c9765237824828c6d88d45120af5856ab0c13de71ad2c585bad51e

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                              Filesize

                                                                                              536B

                                                                                              MD5

                                                                                              37a70c14116066825098e14f7de4c72d

                                                                                              SHA1

                                                                                              ef5b1679f9ed85415c31c63152a88be47a057952

                                                                                              SHA256

                                                                                              2a216b69af8d8096dbf458ffc2444ab2113beb3c6b37f542f7a1ecb81487cf75

                                                                                              SHA512

                                                                                              dda3cacfb3d7286d6869bb7470f5eb2cf9644804fa20100f4e5ff240f96d34f97d9f20d3dba369cdcff1a0f0888850c5d731e9c6eb68d767d33e0ba732494d0d

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                              Filesize

                                                                                              434B

                                                                                              MD5

                                                                                              16e9f6ec8fc56d148de50ebac9def492

                                                                                              SHA1

                                                                                              427a82683a013e9f33cc07ce42ffccd05f5e151c

                                                                                              SHA256

                                                                                              98a60fd915e2abb37812375112596a3f518d1e4915c314effd7aface6cbbedd4

                                                                                              SHA512

                                                                                              ec251756d6b994d18f4a481bb3acb4c9e16d708cc3ac092ef10a7d029f6ff53a72a90a5f77906a830620ffbd4a880c3e533c11f3bf39fba99c0ed79edc1ab75d

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                              Filesize

                                                                                              430B

                                                                                              MD5

                                                                                              effc5c249f9d07e0c5877f636ac07cc0

                                                                                              SHA1

                                                                                              e63cfc273cbbf191c0fee2fd66c21205a8dfc6fd

                                                                                              SHA256

                                                                                              75d878d819828d529e0b9e1fdf51548aee7081175360775b3bab6596b4ccb3a0

                                                                                              SHA512

                                                                                              f28c6b2bbf49d2a35679da4752c15352188b7f5a0f6baf1d42e596a179939040d5a16e078204b6bfdf14ef52ad4c3a6c5240c8e923c816b3ba83c474b4cd6a0c

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                                              Filesize

                                                                                              342B

                                                                                              MD5

                                                                                              0b9cd0a924b430146e1eadab80ff1ede

                                                                                              SHA1

                                                                                              e6b644fef6e44752b14cd73d37c8ac0f37613452

                                                                                              SHA256

                                                                                              db8c3bc504c91bb354dfcf69a6c428c62f8db0984a6fc1c9ab7d4c814102b14a

                                                                                              SHA512

                                                                                              b3f942651bee7300079c65551b46caec908e26b5fe05d42cfffe90fb7fd14508f38b2345442db00ba3fd6957db453ecd259178b28234fb168ad36b33cddd1fbd

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                              Filesize

                                                                                              506B

                                                                                              MD5

                                                                                              d091346400c51ceecf948274e799cb09

                                                                                              SHA1

                                                                                              0419d2ad2f29786573c5638018753ba6f0d3062d

                                                                                              SHA256

                                                                                              5184861062ce1fba33dc21356fd4c48221cedc12856ca1fe74bc9bad318cf893

                                                                                              SHA512

                                                                                              a19c8dbb75a30f723f10f202570ae25060ad1e87b62557697c19bb3b3023ab8bfd0deb5db26fb3198f49152c7d38b2be799ed9ba378a5823656de8788468f61e

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560
                                                                                              Filesize

                                                                                              264B

                                                                                              MD5

                                                                                              648c2ad67c5e39e573583162ab0275c9

                                                                                              SHA1

                                                                                              db37c54890892ffc582012794017018e8a7641b9

                                                                                              SHA256

                                                                                              80f0ad9f4cf7e0735fd523b5d121ec0fac80cb73f73173197f8aecd7ce2d80c7

                                                                                              SHA512

                                                                                              0dd4e0d9d4d92db81b161a08e34cbb40abff96f501d2a737d1192365055dc2011ab5bf53b039fe77938ceda3d0f14827cae5b491cb66035fdb55ead3639c08bb

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                              Filesize

                                                                                              442B

                                                                                              MD5

                                                                                              c5db7ee3ec11bebc5d037c1a97214cfa

                                                                                              SHA1

                                                                                              d8a580118c0f010399da90d1b56dd09cc84f95d4

                                                                                              SHA256

                                                                                              51f71d1a5dbbed08c35ca3f3c879d09ab34cfe9d779327c6f28734182d59ff39

                                                                                              SHA512

                                                                                              c2b8c25ce7046b4fe5a0990d60d7a348130806ad0c112057e73b95b7efcc4a46a90128e1320808c6b48a7121d9ee40989bd3f7b6b549e14f8b4585a11c8b83dc

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
                                                                                              Filesize

                                                                                              242B

                                                                                              MD5

                                                                                              07e8b58d9311f4cfb7aaa07cce177dfe

                                                                                              SHA1

                                                                                              a472f60f550615261348de21ffc172ce9bd5c0f9

                                                                                              SHA256

                                                                                              8dfbc663173605f06f94fd76b93513968ae9b03c8ca7fd78f69fae8e4c43d526

                                                                                              SHA512

                                                                                              6671981dd64adf959b5198f693bc6808131cd6c1125fdfd67215f8a8aa40b0aebd012d948df9a13fa0b39d7bc5454249423b69d3f501c76f34d93c5dec0891b1

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\BRAND_COMMON
                                                                                              Filesize

                                                                                              23.3MB

                                                                                              MD5

                                                                                              105d3263b0bca342b425fc45702c8856

                                                                                              SHA1

                                                                                              00180722d29af289bb7d2138a52b9d784ce367da

                                                                                              SHA256

                                                                                              7547bc1f22cb361a4e644f899f8494faa013e15f05b75b77e1ea596532dc4fee

                                                                                              SHA512

                                                                                              f6d3a7a25af1c10bbf5fb18b406f30c2c7d92778731f6b6d3eb6f181bc7854e920f99e1f55d2fdc0484bd1bd9bb13942ef13da85d1823c1f5cba16568cb45efb

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\BROWSER.PACKED.7Z
                                                                                              Filesize

                                                                                              90.8MB

                                                                                              MD5

                                                                                              5e99de825a34c299b8eef00c8d475e3d

                                                                                              SHA1

                                                                                              6fc1d9ef19f3d2aae0fb4ac596afbb24b408d83d

                                                                                              SHA256

                                                                                              6f945efb7783b3ba9b8b48ffef9dc62322d11d51c401bbeaa1cf0aebf768b4ed

                                                                                              SHA512

                                                                                              dd272ce4dd7f4529fb4b4a182cab7fa63bae0f455ea5bf843888c59d9fc13d1564b0f436b5afcd2c3d449979dcd82e0c71f45b6ae54e41e1ebbb649dd060e68a

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\brand_yandex
                                                                                              Filesize

                                                                                              2.1MB

                                                                                              MD5

                                                                                              cff7f43a37e2081aa5271b2e42e20699

                                                                                              SHA1

                                                                                              9d50fec6b4b583e6b90cbc6906bb6838ded606d8

                                                                                              SHA256

                                                                                              58ee5e657246dadd99f6194ffe082a27a8896aaa4500ff6773054a3929a912fd

                                                                                              SHA512

                                                                                              4eb33ae0d9c9afb8116c9454b1ce06cefc6f59f21463ba9c04d45ed09b3fe61d1ef3aee1570e92d2657d4f6d33a603288f5ff5c04464bb6da75e16002763e2de

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\distrib_info
                                                                                              Filesize

                                                                                              293B

                                                                                              MD5

                                                                                              5ff4663cf4ed5b1c4c7e84ae7a26484b

                                                                                              SHA1

                                                                                              738deb4f237c34acab7ecf6a2899c7bd94ecd34a

                                                                                              SHA256

                                                                                              f69eb6cd9983e819f7c1273598046ace4ef35c97cc651b89b460bb05dbd58c81

                                                                                              SHA512

                                                                                              f9f7a15bd4d811d0a0a986d24b18d76434f89f81f6554cf0f707a0298a26f0732389e85394d186dd22a6c0306b8568c94d5583891196328e0e3945f44af59bbc

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                              Filesize

                                                                                              12KB

                                                                                              MD5

                                                                                              b240782d3cefe14fdb03aa7cdd3d279b

                                                                                              SHA1

                                                                                              ad9ab5c59e6cb65b276f468015c22ccba2cdfb70

                                                                                              SHA256

                                                                                              4d589220ee800c9390a6ae986e9393b109f90acc7cc702ed3808f98ee6b1c321

                                                                                              SHA512

                                                                                              a2665be7faab9db4880c391a2854098853f8e9eb24fe2b11da272ad88e49554d7165c046c1a0f5220ecd26a6cce1c905100d13fc7e7b341f0472eaf0b81fc2be

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                              Filesize

                                                                                              12KB

                                                                                              MD5

                                                                                              c89b8b1837a0dd76aa6af6030cda4271

                                                                                              SHA1

                                                                                              1d42b83d5864e3e93f5e739e98018b7bd0037e02

                                                                                              SHA256

                                                                                              4bdc58f61b68e544ccd61fe5dd25a5dd78566b8ec13cd598b76b7bdab0005c86

                                                                                              SHA512

                                                                                              c0f3e7930037c0ac6a4d8312388c3aa154d554f5c1ef36fcef68af5e0ec0ac68f78c09f3e575ec9bee611ff8b07a0e94b9326346ed62782b8dc3a601aec9ed9d

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                              Filesize

                                                                                              26KB

                                                                                              MD5

                                                                                              bb7801c21810f4d2133ed5c503615dbe

                                                                                              SHA1

                                                                                              de0f11c01648d82f94a136963c9b4e2e64684839

                                                                                              SHA256

                                                                                              2e71c225ab4dce40e84294e72fe5cb9f19e59a3e102be188cc61a6304851f172

                                                                                              SHA512

                                                                                              26a310dc9b7640621c938b3fed3ab352f1b102a9fe3d8e074421a58d095abb7a69393dfaa5254b9fd03f9e1fd465bff90870d16ba8f0b23f35875e583b6f494b

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                              Filesize

                                                                                              26KB

                                                                                              MD5

                                                                                              9e463953d323bb78cb79d32033aefdfa

                                                                                              SHA1

                                                                                              09984e75889527a25df2e54a76719af68e21a48a

                                                                                              SHA256

                                                                                              90b8945a2b848429fed29256a5fa65508f1dc06bef5170516814caeb70b12170

                                                                                              SHA512

                                                                                              f67d9343082d12f3fc7785485966bdb7ddd2223c69a71f34fd2ee501ff48b5ec3fd7352ba817f02c8c61856909e20370ad86d1c5bc57683d46f8c41fb2e6aa31

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                              Filesize

                                                                                              129KB

                                                                                              MD5

                                                                                              517cebb5d922c6be230ce63948323b5e

                                                                                              SHA1

                                                                                              42cdd2f94dd6258441645e831552fc609e801e44

                                                                                              SHA256

                                                                                              fdd8fee19d1fb229f1bd4e6cdf703c69cda41278191165f337af6542c66847da

                                                                                              SHA512

                                                                                              c43e59415c5d8f3d0a842f273326348cc3593226183285bf006c4772a21430907c675e50451e3d6f4c72bc3febff1d34a57654bd8bc6c8e59da1bcc6e84d6a6e

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                              Filesize

                                                                                              129KB

                                                                                              MD5

                                                                                              517cebb5d922c6be230ce63948323b5e

                                                                                              SHA1

                                                                                              42cdd2f94dd6258441645e831552fc609e801e44

                                                                                              SHA256

                                                                                              fdd8fee19d1fb229f1bd4e6cdf703c69cda41278191165f337af6542c66847da

                                                                                              SHA512

                                                                                              c43e59415c5d8f3d0a842f273326348cc3593226183285bf006c4772a21430907c675e50451e3d6f4c72bc3febff1d34a57654bd8bc6c8e59da1bcc6e84d6a6e

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\website.ico
                                                                                              MD5

                                                                                              d41d8cd98f00b204e9800998ecf8427e

                                                                                              SHA1

                                                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                              SHA256

                                                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                              SHA512

                                                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                              Filesize

                                                                                              5KB

                                                                                              MD5

                                                                                              cbc16406fa3f4acd874da4631260193b

                                                                                              SHA1

                                                                                              31b18a415710c1d178ff038de85cb1f369824d81

                                                                                              SHA256

                                                                                              f131eaae82f27b18b3936f722bb9929b6e42701df24b252a50a0b6415bda1f51

                                                                                              SHA512

                                                                                              c0bf5c188a5ce8ac48d70385e7c30063f3710e493eddd98cdaf7c694f73080082f9dc00607cf127be4eb01f6ccb415b4c1af40935cef2a835e3fd24debbe7b86

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\ybE995.tmp
                                                                                              Filesize

                                                                                              149.8MB

                                                                                              MD5

                                                                                              ff228e3e10f4d98d961e8a361861180d

                                                                                              SHA1

                                                                                              30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                              SHA256

                                                                                              b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                              SHA512

                                                                                              1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Local\Temp\ybE995.tmp
                                                                                              Filesize

                                                                                              149.8MB

                                                                                              MD5

                                                                                              ff228e3e10f4d98d961e8a361861180d

                                                                                              SHA1

                                                                                              30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                              SHA256

                                                                                              b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                              SHA512

                                                                                              1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                              Download Submit
                                                                                            • C:\Users\Admin\AppData\Roaming\Yandex\ui
                                                                                              Filesize

                                                                                              38B

                                                                                              MD5

                                                                                              cac2050ca0e25b6375b04ff567624060

                                                                                              SHA1

                                                                                              faa45c782c0ff60c711861045479acdf794c9181

                                                                                              SHA256

                                                                                              023877cef08415e47bddec6765e9501cc48a5156fab3e1286cfa550dfa700b34

                                                                                              SHA512

                                                                                              f864be041f57732aeace4a2288b5e65b96ece8331bbe76fa5b51343f671595a061aab3ddc6ec03619fc46d3d79e16d75dfe9f4d2e131e896d8a07fa1fd72ac61

                                                                                              Download Submit
                                                                                            • C:\Windows\TEMP\sdwra_1040_645297149\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • C:\Windows\Temp\sdwra_1040_645297149\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\YB_0EA16.tmp\setup.exe
                                                                                              Filesize

                                                                                              3.9MB

                                                                                              MD5

                                                                                              7600b48ce4fb19c29eae3079d826c699

                                                                                              SHA1

                                                                                              9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                              SHA256

                                                                                              f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                              SHA512

                                                                                              1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\ybE995.tmp
                                                                                              Filesize

                                                                                              149.8MB

                                                                                              MD5

                                                                                              ff228e3e10f4d98d961e8a361861180d

                                                                                              SHA1

                                                                                              30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                              SHA256

                                                                                              b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                              SHA512

                                                                                              1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\ybE995.tmp
                                                                                              Filesize

                                                                                              149.8MB

                                                                                              MD5

                                                                                              ff228e3e10f4d98d961e8a361861180d

                                                                                              SHA1

                                                                                              30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                              SHA256

                                                                                              b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                              SHA512

                                                                                              1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\ybE995.tmp
                                                                                              Filesize

                                                                                              149.8MB

                                                                                              MD5

                                                                                              ff228e3e10f4d98d961e8a361861180d

                                                                                              SHA1

                                                                                              30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                              SHA256

                                                                                              b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                              SHA512

                                                                                              1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                              Download Submit
                                                                                            • \Users\Admin\AppData\Local\Temp\ybE995.tmp
                                                                                              Filesize

                                                                                              149.8MB

                                                                                              MD5

                                                                                              ff228e3e10f4d98d961e8a361861180d

                                                                                              SHA1

                                                                                              30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                              SHA256

                                                                                              b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                              SHA512

                                                                                              1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                              Download Submit
                                                                                            • \Windows\Temp\sdwra_1040_645297149\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Windows\Temp\sdwra_1040_645297149\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • \Windows\Temp\sdwra_1040_645297149\service_update.exe
                                                                                              Filesize

                                                                                              2.6MB

                                                                                              MD5

                                                                                              f5aef523c78f170e1c01c7d2bd80d207

                                                                                              SHA1

                                                                                              97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                              SHA256

                                                                                              48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                              SHA512

                                                                                              f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                              Download Submit
                                                                                            • memory/108-163-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/364-161-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/556-148-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/572-165-0x00000000723A1000-0x00000000723A3000-memory.dmp
                                                                                              Filesize

                                                                                              8KB

                                                                                              Download
                                                                                            • memory/708-152-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/864-150-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/960-154-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp
                                                                                              Filesize

                                                                                              8KB

                                                                                              Download
                                                                                            • memory/1040-79-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1100-199-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1124-68-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1280-113-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1332-155-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1424-964-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1488-142-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1552-136-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1572-888-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1576-138-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1612-159-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1628-201-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1636-71-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1744-144-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1768-146-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1784-56-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1796-140-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1940-129-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1956-122-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/1972-54-0x0000000075501000-0x0000000075503000-memory.dmp
                                                                                              Filesize

                                                                                              8KB

                                                                                              Download
                                                                                            • memory/1972-55-0x0000000074401000-0x0000000074403000-memory.dmp
                                                                                              Filesize

                                                                                              8KB

                                                                                              Download
                                                                                            • memory/2024-85-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2092-754-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2212-238-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2288-446-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2332-409-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2372-269-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2436-485-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2448-709-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2488-878-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2488-445-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2536-308-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2544-698-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2752-1034-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2752-341-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2756-883-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2764-555-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2800-833-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2836-793-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2836-490-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2892-376-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2896-868-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2952-521-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/2984-922-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3004-933-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3012-755-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3068-995-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3168-589-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3176-699-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3268-827-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3288-1104-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3292-744-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3352-929-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3372-1065-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3376-623-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3412-927-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3476-869-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3636-657-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3680-931-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3732-745-0x0000000000000000-mapping.dmp
                                                                                              Download
                                                                                            • memory/3948-663-0x0000000000000000-mapping.dmp
                                                                                              Download