Overview

overview

10

Static

static

Yandex.exe

windows7-x64

8

Yandex.exe

windows10-1703-x64

10

Yandex.exe

windows10-2004-x64

8

Resubmissions

17-10-2022 19:36

221017-ybkpeacgf7 10

17-10-2022 17:27

221017-v1ye1scfdl 8

17-10-2022 14:10

221017-rg6qhacbgq 8

Analysis

  • max time kernel
    1800s
  • max time network
    1798s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-10-2022 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yandex.exe

  • Size

    2.4MB

  • MD5

    09bb3df23630c9111a5860cb96bde6ad

  • SHA1

    217d78e392e7ef295596862175eb353977a85738

  • SHA256

    e36891d982acaa5b12e27cf55fae3581e29dd0ef35d0dd98ae93296034b5177e

  • SHA512

    8a216eac67b5d4bc54781a166cd48ab8a68e0b983fb346c14030eca060046fe7484f76fa4eb006164c5781684cad82f7d29afaf9514e70c81feffe70df402f31

  • SSDEEP

    49152:CsEpJsMKSCZrcPEGuW9Q+iA5H5u8QeuL:CsEpuBZrcPEGuWMxt

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Checks computer location settings 2 TTPs 54 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 18 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 15 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 26 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
    "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
      "C:\Users\Admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=2200 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\5d9601d2-ded9-42a8-8c23-bc63f8667efc.tmp\" --brand-name=yandex --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --ok-button-pressed-time=454578598 --progress-window=458818 --send-statistics --the-interface-availability=190411288 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\d96fe6a0-768d-4733-a533-2cf7ec028a8b.tmp\" --verbose-logging"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Users\Admin\AppData\Local\Temp\ybEF85.tmp
        "C:\Users\Admin\AppData\Local\Temp\ybEF85.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5d9601d2-ded9-42a8-8c23-bc63f8667efc.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=17 --install-start-time-no-uac=456281559 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=454578598 --progress-window=458818 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\d96fe6a0-768d-4733-a533-2cf7ec028a8b.tmp" --verbose-logging
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3984
        • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5d9601d2-ded9-42a8-8c23-bc63f8667efc.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=17 --install-start-time-no-uac=456281559 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=454578598 --progress-window=458818 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\d96fe6a0-768d-4733-a533-2cf7ec028a8b.tmp" --verbose-logging
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:3768
          • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\5d9601d2-ded9-42a8-8c23-bc63f8667efc.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=17 --install-start-time-no-uac=456281559 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=454578598 --progress-window=458818 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\d96fe6a0-768d-4733-a533-2cf7ec028a8b.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=460039050
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2848
            • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe
              C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=2848 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x11d21d8,0x11d21e8,0x11d21f4
              6⤵
              • Executes dropped EXE
              PID:716
            • C:\Windows\TEMP\sdwra_2848_1399606545\service_update.exe
              "C:\Windows\TEMP\sdwra_2848_1399606545\service_update.exe" --setup
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:1200
              • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --install
                7⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:864
            • C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_1604365873\explorer.exe
              "C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_1604365873\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Modifies registry class
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:1244
              • C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_1604365873\explorer.exe
                C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_1604365873\explorer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1244 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x5b21d8,0x5b21e8,0x5b21f4
                7⤵
                • Executes dropped EXE
                PID:5024
            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
              C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:3268
              • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
                7⤵
                • Executes dropped EXE
                • Checks computer location settings
                • Modifies registry class
                • Suspicious use of FindShellTrayWindow
                PID:2168
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
              6⤵
                PID:1520
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2848_1803224811\Browser-bin\clids_yandex.xml"
                6⤵
                • Executes dropped EXE
                PID:1880
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml"
                6⤵
                • Executes dropped EXE
                PID:876
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2848_1803224811\Browser-bin\clids_searchband.xml"
                6⤵
                • Executes dropped EXE
                PID:744
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --run-as-service
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4656
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4656 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x1217ae8,0x1217af8,0x1217b04
        2⤵
        • Executes dropped EXE
        PID:2436
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-scheduler
        2⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4436
        • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
          "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-background-scheduler
          3⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          PID:4936
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=E5BCC085_5B14_43F5_B6CA_A236AFF0073B/*
        2⤵
        • Executes dropped EXE
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:3228
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=458818 --ok-button-pressed-time=454578598 --install-start-time-no-uac=456281559
      1⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:884
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=884 --annotation=metrics_client_id=db8ac6cff7cd483b8988ca5dda043d7a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x188,0x18c,0x190,0x164,0x194,0x720fa3b0,0x720fa3c0,0x720fa3cc
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3092
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:2
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2832
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2032 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:3248
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=2328 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:3228
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=2524 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4588
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Video Capture" --mojo-platform-channel-handle=2876 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:3532
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3228 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:3576
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3428 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:320
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3440 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:1520
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4124 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:544
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=4588 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4332
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5344 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2392
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4700 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:520
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=4704 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:4552
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4640 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2296
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe" --uninstall
        2⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1820
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=5564 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:2240
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5880 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5164
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=6104 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5396
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4020 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5488
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6196 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5504
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4540 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5528
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4028 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5592
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5216 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5664
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5884 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5744
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5524 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5784
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4980 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5868
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5132 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5904
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6444 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5960
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4972 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:6040
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3996 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:6100
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4840 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:6128
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6452 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:3220
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6004 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:5244
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6168 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5252
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5896 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:3216
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6172 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:1996
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6556 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5508
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6464 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5760
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6748 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2304
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6752 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5044
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6600 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:4740
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=4924 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        PID:5248
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=9124 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:5180
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=1400 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
        2⤵
        • Checks computer location settings
        PID:5892
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=9196 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
        2⤵
          PID:5948
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=3448 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
          2⤵
            PID:6004
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=6072 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
            2⤵
              PID:5436
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=4960 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
              2⤵
                PID:5932
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=824 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                2⤵
                  PID:3232
                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=5816 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                  2⤵
                    PID:876
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=2624 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                    2⤵
                    • Checks computer location settings
                    PID:480
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=3192 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                    2⤵
                    • Checks computer location settings
                    PID:3896
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3416 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                    2⤵
                      PID:5972
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4232 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                      2⤵
                        PID:4628
                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1692 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                        2⤵
                          PID:5772
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 --enable-elf-protection /prefetch:2
                          2⤵
                            PID:204
                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4228 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                            2⤵
                              PID:4944
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=1144 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                              2⤵
                              • Checks computer location settings
                              PID:388
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=2940 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                              2⤵
                              • Checks computer location settings
                              PID:3964
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=3684 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                              2⤵
                              • Checks computer location settings
                              PID:4808
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3424 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                              2⤵
                                PID:5976
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=2460 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                2⤵
                                • Checks computer location settings
                                PID:5396
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=4100 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                2⤵
                                • Checks computer location settings
                                PID:5556
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3692 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                2⤵
                                  PID:4388
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=3832 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                  2⤵
                                    PID:628
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=8868 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                    2⤵
                                    • Checks computer location settings
                                    PID:2092
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=8908 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                    2⤵
                                    • Checks computer location settings
                                    PID:1604
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8852 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                    2⤵
                                      PID:6052
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=9060 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                      2⤵
                                        PID:4272
                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8520 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                        2⤵
                                          PID:6120
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2460 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                          2⤵
                                            PID:5136
                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=spell_checker.mojom.SpellChecker --lang=ru --service-sandbox-type=utility --utility-enable-offline-spellchecker --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Проверка правописания" --mojo-platform-channel-handle=6800 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                            2⤵
                                              PID:5156
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5532 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                              2⤵
                                                PID:5612
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=2624 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                2⤵
                                                • Checks computer location settings
                                                PID:3920
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=3760 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                2⤵
                                                • Checks computer location settings
                                                PID:1868
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1840 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                                2⤵
                                                  PID:5868
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=8616 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                  2⤵
                                                  • Checks computer location settings
                                                  PID:1316
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=8912 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                                  2⤵
                                                    PID:4996
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-databases --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=9232 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                    2⤵
                                                    • Checks computer location settings
                                                    PID:5852
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-databases --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=6072 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                    2⤵
                                                    • Checks computer location settings
                                                    PID:4188
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-databases --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=8408 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                    2⤵
                                                    • Checks computer location settings
                                                    PID:2360
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-databases --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=9176 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                    2⤵
                                                    • Checks computer location settings
                                                    PID:4716
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6416 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                                    2⤵
                                                      PID:5512
                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8116 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                                      2⤵
                                                        PID:6064
                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=8904 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:8
                                                        2⤵
                                                          PID:3680
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --mojo-platform-channel-handle=7180 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:3936
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=5316 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:4212
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=8620 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:5352
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=8880 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:1680
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=8860 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:6028
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=6588 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:4636
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=6168 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:2028
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --mojo-platform-channel-handle=6800 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:1264
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --mojo-platform-channel-handle=4220 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:3616
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=3700 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:4792
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --mojo-platform-channel-handle=3876 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:3648
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --mojo-platform-channel-handle=8432 --field-trial-handle=1928,i,13408458137216633844,4548470446138417031,131072 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:1200
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --no-startup-window --disable-features --enable-features --external-app-data=null_data --external-app-null-path --install-start-time-no-uac=456281559 --ok-button-pressed-time=454578598
                                                          2⤵
                                                          • Checks computer location settings
                                                          • Adds Run key to start application
                                                          • Checks whether UAC is enabled
                                                          • Drops file in Windows directory
                                                          • Enumerates system info in registry
                                                          • Modifies data under HKEY_USERS
                                                          • Modifies system certificate store
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4684
                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                            C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042680 --annotation=last_update_date=1666042680 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4684 --annotation=metrics_client_id=db8ac6cff7cd483b8988ca5dda043d7a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x188,0x18c,0x190,0x164,0x194,0x720fa3b0,0x720fa3c0,0x720fa3cc
                                                            3⤵
                                                              PID:1760
                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:2
                                                              3⤵
                                                                PID:4116
                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2004 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                3⤵
                                                                  PID:5340
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=2316 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                  3⤵
                                                                    PID:4844
                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=3336 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                    3⤵
                                                                      PID:3548
                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=3824 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:1
                                                                      3⤵
                                                                      • Checks computer location settings
                                                                      PID:5188
                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=3992 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                      3⤵
                                                                        PID:5284
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=2792 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                        3⤵
                                                                          PID:5860
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4120 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:1
                                                                          3⤵
                                                                          • Checks computer location settings
                                                                          PID:4392
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4140 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:1
                                                                          3⤵
                                                                          • Checks computer location settings
                                                                          PID:5160
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Video Capture" --mojo-platform-channel-handle=4104 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                          3⤵
                                                                            PID:5204
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5296 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:1
                                                                            3⤵
                                                                            • Checks computer location settings
                                                                            PID:2060
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4340 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                            3⤵
                                                                              PID:2208
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe
                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe" --uninstall
                                                                              3⤵
                                                                                PID:380
                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4860 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                3⤵
                                                                                  PID:5936
                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5432 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:1
                                                                                  3⤵
                                                                                  • Checks computer location settings
                                                                                  PID:4640
                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=5484 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                  3⤵
                                                                                    PID:3796
                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6092 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                    3⤵
                                                                                      PID:3440
                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name=Патч-сервис --mojo-platform-channel-handle=5504 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                      3⤵
                                                                                        PID:4428
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name=Патч-сервис --mojo-platform-channel-handle=6316 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                        3⤵
                                                                                          PID:5816
                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name=Патч-сервис --mojo-platform-channel-handle=6308 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                          3⤵
                                                                                            PID:3120
                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6208 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:1
                                                                                            3⤵
                                                                                            • Checks computer location settings
                                                                                            PID:5336
                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=6316 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                            3⤵
                                                                                              PID:5808
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=6208 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                              3⤵
                                                                                                PID:5612
                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=352 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:1
                                                                                                3⤵
                                                                                                • Checks computer location settings
                                                                                                PID:4932
                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 --enable-elf-protection /prefetch:2
                                                                                                3⤵
                                                                                                  PID:5592
                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=hips_telemetry.mojom.HipsTelemetryCollector --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Сборщик телеметрии" --mojo-platform-channel-handle=5724 --field-trial-handle=1928,i,4537733304150063704,17676443660865216095,131072 /prefetch:8
                                                                                                  3⤵
                                                                                                    PID:1652
                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe" /uid:"2a500800-54eb-4e4c-86c7-74fdf67ba7d4" /yandex_uid:"6410452611666035486" /version:"21.2.26.0" /lang:"ru" /browser:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" /iv:"1" /report_dir:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport" /browser_user_silent_detect /detect_report_html:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport\DetectReport.html"
                                                                                                    3⤵
                                                                                                      PID:2840
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\YandexRescueTool\bct.exe
                                                                                                        /session:L3VpZDoyYTUwMDgwMC01NGViLTRlNGMtODZjNy03NGZkZjY3YmE3ZDQgL3lhbmRleF91aWQ6NjQxMDQ1MjYxMTY2NjAzNTQ4NiAvdmVyc2lvbjoyMS4yLjI2LjAgL2xhbmc6cnUgL2Jyb3dzZXI6QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxBcHBsaWNhdGlvblxicm93c2VyLmV4ZSAvaXY6MSAvcmVwb3J0X2RpcjoiQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxVc2VyIERhdGFcUmVzY3VlVG9vbFJlcG9ydCIgL2Jyb3dzZXJfdXNlcl9zaWxlbnRfZGV0ZWN0IC9kZXRlY3RfcmVwb3J0X2h0bWw6IkM6XFVzZXJzXEFkbWluXEFwcERhdGFcTG9jYWxcWWFuZGV4XFlhbmRleEJyb3dzZXJcVXNlciBEYXRhXFJlc2N1ZVRvb2xSZXBvcnRcRGV0ZWN0UmVwb3J0Lmh0bWwiIC9icm93c2VyX2J1aWxkIC9ub19ndWkgL3NjYW5fbW9kZTpkZXRlY3QgL25vX2xhdW5jaF91YWMgL2NsaWQ6YnJvIC9wYXJlbnRfcGlkOjI4NDA=
                                                                                                        4⤵
                                                                                                        • Drops file in System32 directory
                                                                                                        PID:5748
                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --no-startup-window --disable-features --enable-features --external-app-data=null_data --external-app-null-path --install-start-time-no-uac=456281559 --ok-button-pressed-time=454578598
                                                                                                      3⤵
                                                                                                      • Checks computer location settings
                                                                                                      • Adds Run key to start application
                                                                                                      • Drops file in Windows directory
                                                                                                      • Enumerates system info in registry
                                                                                                      • Modifies data under HKEY_USERS
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:3836
                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042680 --annotation=last_update_date=1666042680 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=3836 --annotation=metrics_client_id=db8ac6cff7cd483b8988ca5dda043d7a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x188,0x18c,0x190,0x164,0x194,0x720fa3b0,0x720fa3c0,0x720fa3cc
                                                                                                        4⤵
                                                                                                          PID:836
                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:2
                                                                                                          4⤵
                                                                                                            PID:4244
                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2004 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                            4⤵
                                                                                                              PID:6028
                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=1864 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                              4⤵
                                                                                                                PID:2764
                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=3324 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                4⤵
                                                                                                                  PID:5764
                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3620 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:1
                                                                                                                  4⤵
                                                                                                                  • Checks computer location settings
                                                                                                                  PID:5672
                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:1
                                                                                                                  4⤵
                                                                                                                  • Checks computer location settings
                                                                                                                  PID:4248
                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=3960 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                  4⤵
                                                                                                                    PID:6096
                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Video Capture" --mojo-platform-channel-handle=4476 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                    4⤵
                                                                                                                      PID:4676
                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=4288 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                      4⤵
                                                                                                                        PID:1984
                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=4112 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                        4⤵
                                                                                                                          PID:3100
                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 --enable-elf-protection /prefetch:2
                                                                                                                          4⤵
                                                                                                                            PID:5040
                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe
                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe" --uninstall
                                                                                                                            4⤵
                                                                                                                              PID:4836
                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3588 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                              4⤵
                                                                                                                                PID:6104
                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=3800 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                                4⤵
                                                                                                                                  PID:5364
                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=3828 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                                  4⤵
                                                                                                                                    PID:2956
                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4908 --field-trial-handle=1836,i,12061335873470923251,18422920695435043714,131072 /prefetch:8
                                                                                                                                    4⤵
                                                                                                                                      PID:3964
                                                                                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                C:\Windows\system32\AUDIODG.EXE 0x45c 0x240
                                                                                                                                1⤵
                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                PID:4616
                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --bits_job_guid={FA6C49E0-6570-49DE-87AE-C14A89FA2656}
                                                                                                                                1⤵
                                                                                                                                • Enumerates system info in registry
                                                                                                                                PID:3508
                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                  C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042680 --annotation=last_update_date=1666042680 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=3508 --annotation=metrics_client_id=db8ac6cff7cd483b8988ca5dda043d7a --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x720fa3b0,0x720fa3c0,0x720fa3cc
                                                                                                                                  2⤵
                                                                                                                                    PID:5748
                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2088 --field-trial-handle=1988,i,17609437324850538490,13982554095260716199,131072 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                      PID:5452
                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1856 --field-trial-handle=1988,i,17609437324850538490,13982554095260716199,131072 /prefetch:2
                                                                                                                                      2⤵
                                                                                                                                        PID:5404
                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={0542012F-B0A9-42E0-B591-67BD3A73CBC6}
                                                                                                                                      1⤵
                                                                                                                                      • Enumerates system info in registry
                                                                                                                                      PID:5900
                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042680 --annotation=last_update_date=1666042680 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5900 --annotation=metrics_client_id=db8ac6cff7cd483b8988ca5dda043d7a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x720fa3b0,0x720fa3c0,0x720fa3cc
                                                                                                                                        2⤵
                                                                                                                                          PID:5916
                                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1872 --field-trial-handle=2100,i,5779721000814244463,10257569548643015784,131072 /prefetch:2
                                                                                                                                          2⤵
                                                                                                                                            PID:2028
                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2056 --field-trial-handle=2100,i,5779721000814244463,10257569548643015784,131072 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:5536
                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={0C0060C2-3AAF-4A96-BC42-015AA7B82638}
                                                                                                                                            1⤵
                                                                                                                                            • Enumerates system info in registry
                                                                                                                                            PID:5180
                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                              C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042680 --annotation=last_update_date=1666042680 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5180 --annotation=metrics_client_id=db8ac6cff7cd483b8988ca5dda043d7a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x720fa3b0,0x720fa3c0,0x720fa3cc
                                                                                                                                              2⤵
                                                                                                                                                PID:4956
                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1832 --field-trial-handle=1992,i,10792204502009489213,13304400089794022250,131072 /prefetch:2
                                                                                                                                                2⤵
                                                                                                                                                  PID:5472
                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=2A500800-54EB-4E4C-86C7-74FDF67BA7D4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,10792204502009489213,13304400089794022250,131072 /prefetch:8
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5740
                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"
                                                                                                                                                  1⤵
                                                                                                                                                    PID:4980
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042680 --annotation=last_update_date=1666042680 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4980 --annotation=metrics_client_id=db8ac6cff7cd483b8988ca5dda043d7a --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x720fa3b0,0x720fa3c0,0x720fa3cc
                                                                                                                                                      2⤵
                                                                                                                                                        PID:5572

                                                                                                                                                    Network

                                                                                                                                                    MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                                                    Initial Access

                                                                                                                                                    Execution

                                                                                                                                                    Persistence

                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                    1
                                                                                                                                                    T1060

                                                                                                                                                    Privilege Escalation

                                                                                                                                                    Defense Evasion

                                                                                                                                                    Modify Registry

                                                                                                                                                    2
                                                                                                                                                    T1112

                                                                                                                                                    Install Root Certificate

                                                                                                                                                    1
                                                                                                                                                    T1130

                                                                                                                                                    Credential Access

                                                                                                                                                    Credentials in Files

                                                                                                                                                    1
                                                                                                                                                    T1081

                                                                                                                                                    Discovery

                                                                                                                                                    Query Registry

                                                                                                                                                    3
                                                                                                                                                    T1012

                                                                                                                                                    System Information Discovery

                                                                                                                                                    4
                                                                                                                                                    T1082

                                                                                                                                                    Lateral Movement

                                                                                                                                                    Collection

                                                                                                                                                    Data from Local System

                                                                                                                                                    1
                                                                                                                                                    T1005

                                                                                                                                                    Exfiltration

                                                                                                                                                    Command and Control

                                                                                                                                                    Impact

                                                                                                                                                    Replay Monitor

                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                    Downloads

                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      538B

                                                                                                                                                      MD5

                                                                                                                                                      c819f1e51af93036e919e7c72c99b90a

                                                                                                                                                      SHA1

                                                                                                                                                      b7e4a8a925a0791584e97f2d678e7154c12f569e

                                                                                                                                                      SHA256

                                                                                                                                                      46f1f541ed7ac9642ff11ac2799dd230e8b1337fcbd4748a497514fa38a84e6e

                                                                                                                                                      SHA512

                                                                                                                                                      72d03084b28cface3aed7c73558d7a2283c196cd1a251446710dcca6eed098c0f8b874618d3feffd9b9701e5cebad4e4022377704cecffdbe37a43586d1ad72e

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      2KB

                                                                                                                                                      MD5

                                                                                                                                                      a02bf11107cc3654333d0d7c8bc54674

                                                                                                                                                      SHA1

                                                                                                                                                      9839ec40e946f99723f233af735cd29a9359d810

                                                                                                                                                      SHA256

                                                                                                                                                      98b840df499041dc8c465cc7f260f8e434504b54b5016bc33cccd31ef1f7d951

                                                                                                                                                      SHA512

                                                                                                                                                      5cee99a7e2440028f4dd25016bcb9704a4e0c3dd1a7a07e94be1a1ca95169ed071822d2cb2b41bf82263c8cf732f1c70b4fff6404476b09f7b7e34ad0a578cf5

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      2KB

                                                                                                                                                      MD5

                                                                                                                                                      a02bf11107cc3654333d0d7c8bc54674

                                                                                                                                                      SHA1

                                                                                                                                                      9839ec40e946f99723f233af735cd29a9359d810

                                                                                                                                                      SHA256

                                                                                                                                                      98b840df499041dc8c465cc7f260f8e434504b54b5016bc33cccd31ef1f7d951

                                                                                                                                                      SHA512

                                                                                                                                                      5cee99a7e2440028f4dd25016bcb9704a4e0c3dd1a7a07e94be1a1ca95169ed071822d2cb2b41bf82263c8cf732f1c70b4fff6404476b09f7b7e34ad0a578cf5

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      2KB

                                                                                                                                                      MD5

                                                                                                                                                      a02bf11107cc3654333d0d7c8bc54674

                                                                                                                                                      SHA1

                                                                                                                                                      9839ec40e946f99723f233af735cd29a9359d810

                                                                                                                                                      SHA256

                                                                                                                                                      98b840df499041dc8c465cc7f260f8e434504b54b5016bc33cccd31ef1f7d951

                                                                                                                                                      SHA512

                                                                                                                                                      5cee99a7e2440028f4dd25016bcb9704a4e0c3dd1a7a07e94be1a1ca95169ed071822d2cb2b41bf82263c8cf732f1c70b4fff6404476b09f7b7e34ad0a578cf5

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      4KB

                                                                                                                                                      MD5

                                                                                                                                                      5eabfb3ef98282c47f022a6eb3b21981

                                                                                                                                                      SHA1

                                                                                                                                                      bffd53dc621687c377838a9c1ed55db7d0336394

                                                                                                                                                      SHA256

                                                                                                                                                      5dd04f867e0dd72040b4a773f6e68a21953adaef68c56c6da366a567eadd9cb8

                                                                                                                                                      SHA512

                                                                                                                                                      0a89f4a67524ec16204ec0f5b954d03a794b9babd1fbe9db50872e87303082f40a42b90a28ea08d2d2640a75a354c0fa31ce48db794c98f6c11d34dbb506967e

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      4KB

                                                                                                                                                      MD5

                                                                                                                                                      15b8de8b2fc0f03f61aa8e997edad2ad

                                                                                                                                                      SHA1

                                                                                                                                                      b41e302e695741f6805596ec43ea8bfcf5ae48bc

                                                                                                                                                      SHA256

                                                                                                                                                      352b9748c99bfa0e781f73b8ae0c8c2d1e38f035ed1dfd423f31c3614c7657a8

                                                                                                                                                      SHA512

                                                                                                                                                      8ffb720ee4b2edfc3913a6faa4c78ad0fb91269867fa7ba14775630a89380d30f0536bf3486ec6c675ffd6b7643eff5d6dda25a6d8520dc1a159a97d861830a4

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      4KB

                                                                                                                                                      MD5

                                                                                                                                                      15b8de8b2fc0f03f61aa8e997edad2ad

                                                                                                                                                      SHA1

                                                                                                                                                      b41e302e695741f6805596ec43ea8bfcf5ae48bc

                                                                                                                                                      SHA256

                                                                                                                                                      352b9748c99bfa0e781f73b8ae0c8c2d1e38f035ed1dfd423f31c3614c7657a8

                                                                                                                                                      SHA512

                                                                                                                                                      8ffb720ee4b2edfc3913a6faa4c78ad0fb91269867fa7ba14775630a89380d30f0536bf3486ec6c675ffd6b7643eff5d6dda25a6d8520dc1a159a97d861830a4

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      5KB

                                                                                                                                                      MD5

                                                                                                                                                      b588f8da006b457e892dc8e03ad0ca47

                                                                                                                                                      SHA1

                                                                                                                                                      9d14d112e311dac646eafef2325b4c649e657d61

                                                                                                                                                      SHA256

                                                                                                                                                      d0dc4389478b020b1d12c5e0524f2782c0f89d09089971945cb937d766190fc7

                                                                                                                                                      SHA512

                                                                                                                                                      71743d9f259e83f516ed5492f01157ee2333301431fecea5e3ff4ef257847dfe2f8698b8e3b99bb590bf499b8c6e611a808b7a561805eb48df151a52171f8ea9

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      5KB

                                                                                                                                                      MD5

                                                                                                                                                      c32da1539d53be3442bcbba7d5da63b9

                                                                                                                                                      SHA1

                                                                                                                                                      6e947435a5a23970daa352b377f712fc93a19e01

                                                                                                                                                      SHA256

                                                                                                                                                      b71781b1b7543cb872a5cac143c474ea8f302ee880a486b5aec2b2ea14d1163e

                                                                                                                                                      SHA512

                                                                                                                                                      5edd528b6c07761787599ea7ef6c5201df06872042c098814a54970bd2894ed88e785d999cbfafa1d9e395d1b9ca3ead0b8c50c7e70f1913a13498b0650c7c79

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      8KB

                                                                                                                                                      MD5

                                                                                                                                                      49d8ca2424d99ea5b7c36ad3594f67b0

                                                                                                                                                      SHA1

                                                                                                                                                      2fe1132d1160ea495cadbe99a97a509ce6d6e361

                                                                                                                                                      SHA256

                                                                                                                                                      784c94ab02a2bfacfdc73839fb24f842d7e01fdae99c69218166d80aa316475b

                                                                                                                                                      SHA512

                                                                                                                                                      478bbe6173ce210e8286df1d0900c51243dccb7323bd9879f1041fc4f09e000687168e4112e5a2472559796c5da7e21f50bfe0a086eea55d81c3d3e589f7d13e

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                      Filesize

                                                                                                                                                      9KB

                                                                                                                                                      MD5

                                                                                                                                                      52a5ec11468f0e3b73c4a777a689f716

                                                                                                                                                      SHA1

                                                                                                                                                      80bccd797322c7c3b04add05da9eefd3206e0174

                                                                                                                                                      SHA256

                                                                                                                                                      e50e190f7502fd6f2ecf190656b518c453de6f55c723e1351dfa30a67dcc6246

                                                                                                                                                      SHA512

                                                                                                                                                      53caff8f9a62c7be1834c9da58ff43bea698df5c8dd2b6c2ac661b3a043e417bc2262b21caafc1b1df89ef5ccf6c1c99db89494faf4cefc73b2326adf6b13f1e

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                                                                                      Filesize

                                                                                                                                                      1KB

                                                                                                                                                      MD5

                                                                                                                                                      40b62f02adad7b3c2847e572ea380c1c

                                                                                                                                                      SHA1

                                                                                                                                                      65165794300a0f9c378f4a5df2c33feb0a437d5f

                                                                                                                                                      SHA256

                                                                                                                                                      d0c9d09393336f8ee3436c2a7ce50de7611080e6fe9eabb9e2da1cbee5d1a49b

                                                                                                                                                      SHA512

                                                                                                                                                      e2593dcbabede3855fb0b5c86d3e075c55dada4f365d1637c9d96174aae83f622d482379c1a161b152b071c007d74a84f367e19a58274da3239a0503a3f56884

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                                                                                      Filesize

                                                                                                                                                      1KB

                                                                                                                                                      MD5

                                                                                                                                                      0e770a2b0e01305dd71665b0cfdcf454

                                                                                                                                                      SHA1

                                                                                                                                                      9e3b745dc0392dd47a343df58f0f38eede6bca8b

                                                                                                                                                      SHA256

                                                                                                                                                      5f2bb6c904b96792e09f33052fd72befc18a38cb78c036178dddd3b2e546f48d

                                                                                                                                                      SHA512

                                                                                                                                                      f043f4c79f5e6631ffed876975dc527076459e14c3d59df10b8d1c12e06c8d3ed00cf6f5c96b92d48e7a01b2ee82e76e40da9f406327709d435faf0da88aeda8

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                                                                                                      Filesize

                                                                                                                                                      1KB

                                                                                                                                                      MD5

                                                                                                                                                      4d9375432abf92e0539d16a7163a06a5

                                                                                                                                                      SHA1

                                                                                                                                                      39c76f07dc176b89b4c52b0acd6f05c48a9bc276

                                                                                                                                                      SHA256

                                                                                                                                                      07104cd870c3f61c60c514a59f37262ceff688fbb53d016e777f513262f7db70

                                                                                                                                                      SHA512

                                                                                                                                                      a0d2e907249b85f09a18390693170a819ddb8828d2c03318713d8b9a56508e82ac19308bb8e37e34271f52d9d63c0624eddc03885788b5f5b49fa7e6ea47b4b9

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                                                                                      Filesize

                                                                                                                                                      727B

                                                                                                                                                      MD5

                                                                                                                                                      3dc4181e96e768b9f4bbf41d1afa1dc1

                                                                                                                                                      SHA1

                                                                                                                                                      9ee79c2f26bf520c4e8a3b36daff9ce8e6e3cca8

                                                                                                                                                      SHA256

                                                                                                                                                      a72e1936399b803b5c282aa625b1dd2e3c924897ba728887035ebd30a4e9eae4

                                                                                                                                                      SHA512

                                                                                                                                                      8c6c6ec2b6513697995aac13b9f946a7f5442cea77d0d3053ae9cf0d7dedd6942c8eceabfcd0380156403002bea026b3b18d4926fec92a146faf41f0144a7958

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                                                                      Filesize

                                                                                                                                                      471B

                                                                                                                                                      MD5

                                                                                                                                                      da5a9f149955d936a31dc5e456666aac

                                                                                                                                                      SHA1

                                                                                                                                                      195238d41c1e13448f349f43bb295ef2d55cb47a

                                                                                                                                                      SHA256

                                                                                                                                                      79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

                                                                                                                                                      SHA512

                                                                                                                                                      60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                                                                                                      Filesize

                                                                                                                                                      1KB

                                                                                                                                                      MD5

                                                                                                                                                      81afaa383e62ab9fb5c109a8085af9ab

                                                                                                                                                      SHA1

                                                                                                                                                      2e97af515e58fbd5912764d866f0586c850e9517

                                                                                                                                                      SHA256

                                                                                                                                                      a29b6d44e6ba93676969a41736a669b958c5bbdad39961105a5d3ce2a84d94b2

                                                                                                                                                      SHA512

                                                                                                                                                      15c7a56406e19f8e259e838b67f6c3b8675aa266a8daadff28198a3cd9c0af65cd6ad9273eca126070ed1090f1e50d500fb32e8149a64a4fff5e5668157e787a

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                                                                                      Filesize

                                                                                                                                                      1KB

                                                                                                                                                      MD5

                                                                                                                                                      42198b52f6db40a5d0aeaeccb8d79ba2

                                                                                                                                                      SHA1

                                                                                                                                                      5619e78fc43bf2cb49fbfc6bdbf3f1625df166a4

                                                                                                                                                      SHA256

                                                                                                                                                      f4301ed013980f23ee45db7e47cbced2a11d6820de70631a24189f5e0c918212

                                                                                                                                                      SHA512

                                                                                                                                                      40dd68133c3e1dd2ca9fb708d511bac30fa6788c1401e498452d4110d9223a13fb8c023221c7e52a2eed6ecc9466ec3fa5900596db026119fe05c57043e91d55

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                                                                                      Filesize

                                                                                                                                                      727B

                                                                                                                                                      MD5

                                                                                                                                                      e48b6e4b5351b7f68acc6375f58b4832

                                                                                                                                                      SHA1

                                                                                                                                                      b17b7199b60c22b91a3df390d7a1c7874c7892a9

                                                                                                                                                      SHA256

                                                                                                                                                      fed4553c22581ce3e71b78d3d45bddc8137beb99d2ff71a5423da909d6848d8c

                                                                                                                                                      SHA512

                                                                                                                                                      5f3af281f1ec2292f0a0a905ad24a07c793c8e8ac0be9a0c86e9c1588b7f9cd6028c70433d7c228d60c7c9dbe1a1d3dd0afd3bf3795b388b6d48444edb1444b5

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                                                                                      Filesize

                                                                                                                                                      508B

                                                                                                                                                      MD5

                                                                                                                                                      f74db18605da39c14691c1c02f17ad54

                                                                                                                                                      SHA1

                                                                                                                                                      2368b8b69ad40d7e03a1af91131dbb2ee2b0264e

                                                                                                                                                      SHA256

                                                                                                                                                      b534c829f54768d0691d5c1db1120d18b7ee62116c50e539edf871a55efde67f

                                                                                                                                                      SHA512

                                                                                                                                                      3bec0d4bbdcde3b635af89796aab9b493c0b033a6577c0066e8e8269d24c0a501cd5f1f0a0942a72347dad34a9e4a7ae93c7f3c454e776777d7b12b76ebeef9f

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                                                                                      Filesize

                                                                                                                                                      536B

                                                                                                                                                      MD5

                                                                                                                                                      37a77e4f5f75a379d63cb23f75e5379c

                                                                                                                                                      SHA1

                                                                                                                                                      b05ec6d86eec9995a06d27ebc489d15133409346

                                                                                                                                                      SHA256

                                                                                                                                                      eb1ebbcbf1f48e10026259c44b504ca36655ef1b1c8d1655ecfe4ea3cb080031

                                                                                                                                                      SHA512

                                                                                                                                                      4a658b2b0d89a95f4ca2081b3fcc2398e57a3e2e02e63cd0be13e7e7cb6b1a2a567ab06145b4b33d97c68e2deabb293be5c678092f091381bc8c2c30c6c65886

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                                                                                                      Filesize

                                                                                                                                                      540B

                                                                                                                                                      MD5

                                                                                                                                                      56d0acd7151b11eb07b8f736d7bd787c

                                                                                                                                                      SHA1

                                                                                                                                                      6ae39d82066595a1a39172b06bd187d2e5c9c116

                                                                                                                                                      SHA256

                                                                                                                                                      a123a14f27bc2df0ccced373967a2c703f53cf342a4953d979aa663fe0c542e3

                                                                                                                                                      SHA512

                                                                                                                                                      37df477667c9b322566e265ced267fa07c3b0e85000b16002e16d1d1bb3a1bbc0e6309e23401dbbc68ae6c4fc67af64fc2b3a8b05bea1b46d3b3c66f836dfc8c

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                                                                                      Filesize

                                                                                                                                                      434B

                                                                                                                                                      MD5

                                                                                                                                                      4d69d7019736e8062dbf437b8886a268

                                                                                                                                                      SHA1

                                                                                                                                                      99607182f7e2fc4a6bfe64cd503b61ed54cedccd

                                                                                                                                                      SHA256

                                                                                                                                                      74b1ea5ac62e08d93d60073b6867685d3bdbe86989291603ea681fa70ae73ebd

                                                                                                                                                      SHA512

                                                                                                                                                      051aa609e4105d05da3169bdc134abbdf752a9076d6ef86106126175657b0c3ecaf990f83923b24f28c3631abc6e44406beb8400497ba0ebe437909d2802d6b6

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                                                                      Filesize

                                                                                                                                                      430B

                                                                                                                                                      MD5

                                                                                                                                                      7563cb6d3b112bf5c6e0040a1395adae

                                                                                                                                                      SHA1

                                                                                                                                                      ae6cb0630664193d6451c37799a9d8d65d365b10

                                                                                                                                                      SHA256

                                                                                                                                                      d0299fe74e012330f6b461df13ac8dedf0349d0d6aa0f201e74bc139f5bdfc07

                                                                                                                                                      SHA512

                                                                                                                                                      b20c923432b992219a2c0c89758631101cc9e72bb3f003f657a22a5e35aff1cf9b8c3716fc7b32b3b358475a1973187f04f4285c347392092b5a24a0b4364e92

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                                                                                                      Filesize

                                                                                                                                                      536B

                                                                                                                                                      MD5

                                                                                                                                                      bc0b8ba50e301e8161b06a16c1cd096f

                                                                                                                                                      SHA1

                                                                                                                                                      6895213068a3328f7968b6bd7f35acf55850547c

                                                                                                                                                      SHA256

                                                                                                                                                      a633e78d7cc1dbd4af077983729a0f11dfb893ad907439a8b4d88b0e89e13474

                                                                                                                                                      SHA512

                                                                                                                                                      602f7ce1251a3cfe5f87917bf66ba3575fa1abc4f318a39444631940a0457038ad78d487df5b0aa156085aea7a08239bff767ad01143ed5990429f31c37ce8ba

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                                                                                      Filesize

                                                                                                                                                      506B

                                                                                                                                                      MD5

                                                                                                                                                      951c1d54cdcc681c3e2d7dcc3450c28d

                                                                                                                                                      SHA1

                                                                                                                                                      af76b3422c6d37f15a277c7ae0741b986528b350

                                                                                                                                                      SHA256

                                                                                                                                                      27eb8ce9bb90b568566aad49c9e2e2246d61501075ba07692d0e7ad41a9c1c44

                                                                                                                                                      SHA512

                                                                                                                                                      603f01ab9460231d302ab6114d27d2bd77ce8a821774afc1b79fabe109c8d339d2f27a36600a40660e3a3886907ca72e597ee54cb52792e686c46b3bf55cd995

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                                                                                      Filesize

                                                                                                                                                      442B

                                                                                                                                                      MD5

                                                                                                                                                      f3e9bef5e8dd99efe9787648fde747a0

                                                                                                                                                      SHA1

                                                                                                                                                      65ff7b94c20054d0006aa331f04e9a1c79e2770e

                                                                                                                                                      SHA256

                                                                                                                                                      31e1ebdba0c233465cca2fffa2a06a8ffaef9e3f3ab23aad7b27988d0b023236

                                                                                                                                                      SHA512

                                                                                                                                                      ee6a0068fad09746a656fd1fba5bce186057d48986469271bcd79829418496dfe5085529febe1a74ed6cc8e0282b0b8dc8b9f1500201ae2707da429b1f680175

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\BRAND_COMMON
                                                                                                                                                      Filesize

                                                                                                                                                      23.3MB

                                                                                                                                                      MD5

                                                                                                                                                      105d3263b0bca342b425fc45702c8856

                                                                                                                                                      SHA1

                                                                                                                                                      00180722d29af289bb7d2138a52b9d784ce367da

                                                                                                                                                      SHA256

                                                                                                                                                      7547bc1f22cb361a4e644f899f8494faa013e15f05b75b77e1ea596532dc4fee

                                                                                                                                                      SHA512

                                                                                                                                                      f6d3a7a25af1c10bbf5fb18b406f30c2c7d92778731f6b6d3eb6f181bc7854e920f99e1f55d2fdc0484bd1bd9bb13942ef13da85d1823c1f5cba16568cb45efb

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\BROWSER.PACKED.7Z
                                                                                                                                                      Filesize

                                                                                                                                                      90.8MB

                                                                                                                                                      MD5

                                                                                                                                                      5e99de825a34c299b8eef00c8d475e3d

                                                                                                                                                      SHA1

                                                                                                                                                      6fc1d9ef19f3d2aae0fb4ac596afbb24b408d83d

                                                                                                                                                      SHA256

                                                                                                                                                      6f945efb7783b3ba9b8b48ffef9dc62322d11d51c401bbeaa1cf0aebf768b4ed

                                                                                                                                                      SHA512

                                                                                                                                                      dd272ce4dd7f4529fb4b4a182cab7fa63bae0f455ea5bf843888c59d9fc13d1564b0f436b5afcd2c3d449979dcd82e0c71f45b6ae54e41e1ebbb649dd060e68a

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\brand_yandex
                                                                                                                                                      Filesize

                                                                                                                                                      2.1MB

                                                                                                                                                      MD5

                                                                                                                                                      cff7f43a37e2081aa5271b2e42e20699

                                                                                                                                                      SHA1

                                                                                                                                                      9d50fec6b4b583e6b90cbc6906bb6838ded606d8

                                                                                                                                                      SHA256

                                                                                                                                                      58ee5e657246dadd99f6194ffe082a27a8896aaa4500ff6773054a3929a912fd

                                                                                                                                                      SHA512

                                                                                                                                                      4eb33ae0d9c9afb8116c9454b1ce06cefc6f59f21463ba9c04d45ed09b3fe61d1ef3aee1570e92d2657d4f6d33a603288f5ff5c04464bb6da75e16002763e2de

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe
                                                                                                                                                      Filesize

                                                                                                                                                      3.9MB

                                                                                                                                                      MD5

                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                      SHA1

                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                      SHA256

                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                      SHA512

                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe
                                                                                                                                                      Filesize

                                                                                                                                                      3.9MB

                                                                                                                                                      MD5

                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                      SHA1

                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                      SHA256

                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                      SHA512

                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe
                                                                                                                                                      Filesize

                                                                                                                                                      3.9MB

                                                                                                                                                      MD5

                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                      SHA1

                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                      SHA256

                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                      SHA512

                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_B8AB5.tmp\setup.exe
                                                                                                                                                      Filesize

                                                                                                                                                      3.9MB

                                                                                                                                                      MD5

                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                      SHA1

                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                      SHA256

                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                      SHA512

                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\clids.xml
                                                                                                                                                      Filesize

                                                                                                                                                      599B

                                                                                                                                                      MD5

                                                                                                                                                      dae47d5fb36af27a9869750c11f52494

                                                                                                                                                      SHA1

                                                                                                                                                      366629747a061c7bd6a6883f5364734cecfc697a

                                                                                                                                                      SHA256

                                                                                                                                                      37ec2fcea5119863c67d94c2d269ec242e294cb76c9674e793d7280b6fd13c90

                                                                                                                                                      SHA512

                                                                                                                                                      6937d3a2f3c4ecd3544a473a79808f1932e036cbafe6bff11d51f5d131fd8b6e594dbdfb254f96f49177cac5517e536bc14d855beaf3c81349ddbf7324bf79b4

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\distrib_info
                                                                                                                                                      Filesize

                                                                                                                                                      293B

                                                                                                                                                      MD5

                                                                                                                                                      5ff4663cf4ed5b1c4c7e84ae7a26484b

                                                                                                                                                      SHA1

                                                                                                                                                      738deb4f237c34acab7ecf6a2899c7bd94ecd34a

                                                                                                                                                      SHA256

                                                                                                                                                      f69eb6cd9983e819f7c1273598046ace4ef35c97cc651b89b460bb05dbd58c81

                                                                                                                                                      SHA512

                                                                                                                                                      f9f7a15bd4d811d0a0a986d24b18d76434f89f81f6554cf0f707a0298a26f0732389e85394d186dd22a6c0306b8568c94d5583891196328e0e3945f44af59bbc

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      78a06d4f38dabca1c9b97e90a2c64471

                                                                                                                                                      SHA1

                                                                                                                                                      2b0f44a44fe99cdc5c5dcf485af73bc95ec11d9b

                                                                                                                                                      SHA256

                                                                                                                                                      3734d79bcf1613152da81889ece14dce8186011e90b8212f4088864978746754

                                                                                                                                                      SHA512

                                                                                                                                                      2e8e68a9ce0ac3c39aeae7bebfb739bb11567699949deba04f98dfee8934672c2f5d24746b98a294d6473df584a22373ee2413e1f05e0cef7b6c2a2d68cf4595

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      78a06d4f38dabca1c9b97e90a2c64471

                                                                                                                                                      SHA1

                                                                                                                                                      2b0f44a44fe99cdc5c5dcf485af73bc95ec11d9b

                                                                                                                                                      SHA256

                                                                                                                                                      3734d79bcf1613152da81889ece14dce8186011e90b8212f4088864978746754

                                                                                                                                                      SHA512

                                                                                                                                                      2e8e68a9ce0ac3c39aeae7bebfb739bb11567699949deba04f98dfee8934672c2f5d24746b98a294d6473df584a22373ee2413e1f05e0cef7b6c2a2d68cf4595

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                      Filesize

                                                                                                                                                      27KB

                                                                                                                                                      MD5

                                                                                                                                                      c0024e88178fac8542070a9b79060fdd

                                                                                                                                                      SHA1

                                                                                                                                                      4cf0d2ef632c006609387d39b07ab0b2e36ac47c

                                                                                                                                                      SHA256

                                                                                                                                                      aef88e2de396dd823b6be14cdc86bcf08a2488e8526e207c204902ce5f908522

                                                                                                                                                      SHA512

                                                                                                                                                      77b269b76df6eab897f971038590064aaf85931f39e8725537f68d7f8764c9d2036e6875070d796430250d496393c73f91225c31ea84c9b7613dfc38b4243760

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                      Filesize

                                                                                                                                                      28KB

                                                                                                                                                      MD5

                                                                                                                                                      73fe3d1900dce2250c04d3ba3e0c8889

                                                                                                                                                      SHA1

                                                                                                                                                      654a872686f1b8b1e653a38e0cf7e7f63b44a3c1

                                                                                                                                                      SHA256

                                                                                                                                                      0eeaad99a2679baea41b71ba3e20d60cdd038f1e68cdb4638c58a6f2a1a9dfb1

                                                                                                                                                      SHA512

                                                                                                                                                      f4b2df9b62fbcdcf2b398261cdf9a745a845378a4fe17fd7ad15849161f2e7a694ba22ee6bd350a9ea0eb074400de4dc7b69651aa4e9378f72e264530e2a5c68

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                                                                                      Filesize

                                                                                                                                                      129KB

                                                                                                                                                      MD5

                                                                                                                                                      ea23ca99cef3154fa52e403162fbfbb0

                                                                                                                                                      SHA1

                                                                                                                                                      7b6bf4ef68cf929fbe2a8a5bd06577c68e19b8ba

                                                                                                                                                      SHA256

                                                                                                                                                      c23a22d152a3a2a12104c63477dc742d18b9624797048e46f76457a8eee7811b

                                                                                                                                                      SHA512

                                                                                                                                                      b213e9280c3944c053ba8cbd0f9b211a1f3c3bd2e36c8b1a4363040b69ea1822dd90803067b383008f84456bf8f53000d710b744fce936f5fab15aa2cdae3170

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                                                                                      Filesize

                                                                                                                                                      129KB

                                                                                                                                                      MD5

                                                                                                                                                      ea23ca99cef3154fa52e403162fbfbb0

                                                                                                                                                      SHA1

                                                                                                                                                      7b6bf4ef68cf929fbe2a8a5bd06577c68e19b8ba

                                                                                                                                                      SHA256

                                                                                                                                                      c23a22d152a3a2a12104c63477dc742d18b9624797048e46f76457a8eee7811b

                                                                                                                                                      SHA512

                                                                                                                                                      b213e9280c3944c053ba8cbd0f9b211a1f3c3bd2e36c8b1a4363040b69ea1822dd90803067b383008f84456bf8f53000d710b744fce936f5fab15aa2cdae3170

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_1604365873\explorer.exe
                                                                                                                                                      Filesize

                                                                                                                                                      3.9MB

                                                                                                                                                      MD5

                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                      SHA1

                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                      SHA256

                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                      SHA512

                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir2848_1604365873\explorer.exe
                                                                                                                                                      Filesize

                                                                                                                                                      3.9MB

                                                                                                                                                      MD5

                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                      SHA1

                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                      SHA256

                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                      SHA512

                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\website.ico
                                                                                                                                                      MD5

                                                                                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                      SHA1

                                                                                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                      SHA256

                                                                                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                      SHA512

                                                                                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                                                                                      Filesize

                                                                                                                                                      5KB

                                                                                                                                                      MD5

                                                                                                                                                      6674b91388f10247327a49afa81bd8c1

                                                                                                                                                      SHA1

                                                                                                                                                      00c04ca0541085c2b470b61c204222eed68a893f

                                                                                                                                                      SHA256

                                                                                                                                                      6ac963074096dcc52cd85f6c4051e739ef44459cbc165d2c9b14f9408d987a98

                                                                                                                                                      SHA512

                                                                                                                                                      5814ebf91b8250413a88f751918bf96b8412a20abf17ecc037ba7eb2d8583ffafeb21ac4d2828cd142f2f027c2854028f2dec122bf2819d44f139bc0ea3f541e

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                                                                                      Filesize

                                                                                                                                                      22KB

                                                                                                                                                      MD5

                                                                                                                                                      e5d67a0778b8d65ccf77ad3c4332e0cb

                                                                                                                                                      SHA1

                                                                                                                                                      8254e583c84fb5640946ef35a997cd9284e23d9f

                                                                                                                                                      SHA256

                                                                                                                                                      bbf7ec2f800f131d07c452e755d0a53281df2443bdf49fc7ac7c4acde91c261d

                                                                                                                                                      SHA512

                                                                                                                                                      270dde4413869e63bfd029cead2a88595e88756775df4d5c0bbc2b44548fa24a019e7efb98b74993512c284af90123937b09872c6751ba3bace9431d550b4a96

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\ybEF85.tmp
                                                                                                                                                      Filesize

                                                                                                                                                      149.8MB

                                                                                                                                                      MD5

                                                                                                                                                      ff228e3e10f4d98d961e8a361861180d

                                                                                                                                                      SHA1

                                                                                                                                                      30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                                                                                      SHA256

                                                                                                                                                      b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                                                                                      SHA512

                                                                                                                                                      1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                                                                                      Filesize

                                                                                                                                                      591KB

                                                                                                                                                      MD5

                                                                                                                                                      10d2e0956493b129149705225fa3efb3

                                                                                                                                                      SHA1

                                                                                                                                                      547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                                                                                                      SHA256

                                                                                                                                                      a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                                                                                                      SHA512

                                                                                                                                                      df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                                                                                      Filesize

                                                                                                                                                      591KB

                                                                                                                                                      MD5

                                                                                                                                                      10d2e0956493b129149705225fa3efb3

                                                                                                                                                      SHA1

                                                                                                                                                      547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                                                                                                      SHA256

                                                                                                                                                      a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                                                                                                      SHA512

                                                                                                                                                      df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      Filesize

                                                                                                                                                      3.8MB

                                                                                                                                                      MD5

                                                                                                                                                      2fadcc66fdf395c8fd19a424745a855c

                                                                                                                                                      SHA1

                                                                                                                                                      b40174f66741be5f5afc814b3797dd5af7891b30

                                                                                                                                                      SHA256

                                                                                                                                                      d43da70412b55377532192ab6658074bd73592ab1552a1bb53edf823ee655972

                                                                                                                                                      SHA512

                                                                                                                                                      3ac2d369e2708309bac2796071bbd53c32fb462ea0373898c5701d3d776b4ce573eb28275148cebff2f2602cf8922f4dd7ddd9ecc533988a1a05e8578b6b6633

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
                                                                                                                                                      Filesize

                                                                                                                                                      48B

                                                                                                                                                      MD5

                                                                                                                                                      b07ddfe1481eb8ab474f8413f97612c0

                                                                                                                                                      SHA1

                                                                                                                                                      ddfda8f079a239dc6f80c6d13085d37b570e50c6

                                                                                                                                                      SHA256

                                                                                                                                                      53d61d59437bea683daa78196fcc9d4130fbbafc073af79d3797f47387a01249

                                                                                                                                                      SHA512

                                                                                                                                                      306813bf31e842ebe1aaf6a69e538e35806d69b70ce50f411b3315d7157c9aec6fc365e2258af8acdb1eb3cc42500c5efd3ef854fd77adcf4fc988c76820f26b

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yandex.website
                                                                                                                                                      Filesize

                                                                                                                                                      492B

                                                                                                                                                      MD5

                                                                                                                                                      c237fc112a9d718f8132e915847afd2f

                                                                                                                                                      SHA1

                                                                                                                                                      854bce4c4b3707fcd7f88eaca8c590590e8914d4

                                                                                                                                                      SHA256

                                                                                                                                                      f96678a810127b62f806b947351819d58da5a2d49d83d5157090b72c095fd788

                                                                                                                                                      SHA512

                                                                                                                                                      4e2872cdf225c14f8ec2560b7ca033f225e3d32ceb4928200c84a33d6e1f6b8f2fb0a2c37e3d9eec025da5849164f58a5812006b1f7013d12579c88005eff79b

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk
                                                                                                                                                      Filesize

                                                                                                                                                      2KB

                                                                                                                                                      MD5

                                                                                                                                                      5d7f1986b13afd325fe1c7b2f0aea25d

                                                                                                                                                      SHA1

                                                                                                                                                      34f2b2f095c5e81bf566ac59da75cf6b8dde18e1

                                                                                                                                                      SHA256

                                                                                                                                                      347317bf027428e6383a60741aa0a26c715d542c224b05c342d81b20356c5c98

                                                                                                                                                      SHA512

                                                                                                                                                      e59fd9cd941ac87e3076175faaf8229d32aed05fb14b5efb4559062aa4937ec0a17ad237210d5d28863149058a480f27eb3f01a289523fa1d0c8d32bc836d27a

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Yandex\ui
                                                                                                                                                      Filesize

                                                                                                                                                      38B

                                                                                                                                                      MD5

                                                                                                                                                      a1d21bffbb48cce6ad8a75c984d4f0f0

                                                                                                                                                      SHA1

                                                                                                                                                      c591bb20188db37468f4ba39669250d56d17b907

                                                                                                                                                      SHA256

                                                                                                                                                      e659d29f527887ca407890be27a65ffe51d12d189c913043b3f1366ac2fe13f4

                                                                                                                                                      SHA512

                                                                                                                                                      db670598daa43d06725b0e992ded5ad1ba00a4d73a008366e8b1deb690d3fcb40e66bd2840d4be04c998087eb6ab2fae71adcb60c261e3c95a0314d7de22b788

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Windows\TEMP\sdwra_2848_1399606545\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • C:\Windows\Temp\sdwra_2848_1399606545\service_update.exe
                                                                                                                                                      Filesize

                                                                                                                                                      2.6MB

                                                                                                                                                      MD5

                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                      SHA1

                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                      SHA256

                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                      SHA512

                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                      Download Submit
                                                                                                                                                    • memory/320-230-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/520-251-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/544-242-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/716-148-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/744-213-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/864-174-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/876-212-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1200-171-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1244-195-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1520-233-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1520-210-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1792-132-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1820-262-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1880-211-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/1996-357-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2168-209-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2240-264-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2296-261-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2304-374-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2392-248-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2436-178-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2832-216-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/2848-144-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3092-214-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3216-354-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3220-338-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3228-220-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3228-192-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3248-217-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3268-205-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3532-224-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3576-227-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3768-140-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/3984-138-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/4332-244-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/4436-181-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/4552-258-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/4588-223-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/4740-384-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/4936-185-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5024-198-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5044-378-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5164-270-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5180-396-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5244-341-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5248-391-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5252-346-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5396-274-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5488-276-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5504-279-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5508-363-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5528-283-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5592-288-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5664-294-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5744-299-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5748-398-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5760-369-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5784-303-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5868-309-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5904-314-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/5960-317-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/6040-324-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/6100-328-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download
                                                                                                                                                    • memory/6128-334-0x0000000000000000-mapping.dmp
                                                                                                                                                      Download