Overview

overview

8

Static

static

Yandex (1).exe

windows7-x64

8

Yandex (1).exe

windows10-1703-x64

8

Yandex (1).exe

windows10-2004-x64

8

Resubmissions

11-11-2022 20:39

221111-zfffxsec2w 8

11-11-2022 19:29

221111-x7grysde7z 8

Analysis

  • max time kernel
    314s
  • max time network
    318s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-11-2022 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yandex (1).exe

  • Size

    2.2MB

  • MD5

    841b79c3bd9ef08da8616faa4df033f0

  • SHA1

    eb1eb7a7b862360c64477ba1a0eb2b490c5530e3

  • SHA256

    efb4786e8b964e62b97f4b60fd4d6ad2d14a4a112d76d920a19bc93bd4610f45

  • SHA512

    14fc348bcd379bfffeb004f25988ccbcf35413039bd82c301575017a62fd44c516e20c43db818c8fb5170e9abfa1186179864983157241a268fa4f0a78c4c848

  • SSDEEP

    49152:bILXlcHvCEPMae+z2b9lJ/gXDs+R+r5u8Qeg:sBcPHMae+Sb9lJ/YeKf

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Checks computer location settings 2 TTPs 19 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 16 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Modifies data under HKEY_USERS 22 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 9 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yandex (1).exe
    "C:\Users\Admin\AppData\Local\Temp\Yandex (1).exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4332
    • C:\Users\Admin\AppData\Local\Temp\Yandex (1).exe
      "C:\Users\Admin\AppData\Local\Temp\Yandex (1).exe" --parent-installer-process-id=4332 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\f93d8559-ff62-43ff-9058-15c6fca1d2d3.tmp\" --brand-name=yandex --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --make-browser-default-after-import --ok-button-pressed-time=422297459 --progress-window=196660 --send-statistics --the-interface-availability=190411288 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\772e1ccb-db2e-4848-9a31-a9a01a486773.tmp\" --verbose-logging"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4968
      • C:\Users\Admin\AppData\Local\Temp\ybB933.tmp
        "C:\Users\Admin\AppData\Local\Temp\ybB933.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\f93d8559-ff62-43ff-9058-15c6fca1d2d3.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=48 --install-start-time-no-uac=424125641 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=422297459 --progress-window=196660 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\772e1ccb-db2e-4848-9a31-a9a01a486773.tmp" --verbose-logging
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2832
        • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\f93d8559-ff62-43ff-9058-15c6fca1d2d3.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=48 --install-start-time-no-uac=424125641 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=422297459 --progress-window=196660 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\772e1ccb-db2e-4848-9a31-a9a01a486773.tmp" --verbose-logging
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:3104
          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe
            "C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\f93d8559-ff62-43ff-9058-15c6fca1d2d3.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=48 --install-start-time-no-uac=424125641 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=422297459 --progress-window=196660 --send-statistics --source=lite --the-interface-availability=190411288 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\772e1ccb-db2e-4848-9a31-a9a01a486773.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=513480531
            5⤵
            • Executes dropped EXE
            • Modifies registry class
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:2104
            • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe
              C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=2104 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xa71198,0xa711a8,0xa711b4
              6⤵
              • Executes dropped EXE
              PID:2388
            • C:\Windows\TEMP\sdwra_2104_419317634\service_update.exe
              "C:\Windows\TEMP\sdwra_2104_419317634\service_update.exe" --setup
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Drops file in Program Files directory
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:4104
              • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
                "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe" --install
                7⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:1652
            • C:\Users\Admin\AppData\Local\Temp\scoped_dir2104_1008626121\explorer.exe
              "C:\Users\Admin\AppData\Local\Temp\scoped_dir2104_1008626121\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:3980
              • C:\Users\Admin\AppData\Local\Temp\scoped_dir2104_1008626121\explorer.exe
                C:\Users\Admin\AppData\Local\Temp\scoped_dir2104_1008626121\explorer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=3980 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x2b0,0x2b4,0x2b8,0x298,0x2bc,0x1201198,0x12011a8,0x12011b4
                7⤵
                • Executes dropped EXE
                PID:2084
            • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
              C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
              6⤵
              • Executes dropped EXE
              • Checks computer location settings
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:3972
              • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
                7⤵
                • Executes dropped EXE
                • Checks computer location settings
                • Suspicious use of FindShellTrayWindow
                PID:4380
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
              6⤵
              • Executes dropped EXE
              PID:2844
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2104_1575276260\Browser-bin\clids_yandex.xml"
              6⤵
              • Executes dropped EXE
              PID:3684
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:4768
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source2104_1575276260\Browser-bin\clids_searchband.xml"
              6⤵
              • Executes dropped EXE
              PID:244
  • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe" --run-as-service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1844 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0xe48ae8,0xe48af8,0xe48b04
      2⤵
      • Executes dropped EXE
      PID:1984
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe" --update-scheduler
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe" --update-background-scheduler
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        PID:4056
    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=02EC3A33_790F_41DF_B54E_9759366F9F06/*
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2724
  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=196660 --ok-button-pressed-time=422297459 --install-start-time-no-uac=424125641
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3996
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=3996 --annotation=metrics_client_id=20bbe7db2a164b0f99cf77586f64978e --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x184,0x188,0x18c,0x160,0x190,0x7291a3b0,0x7291a3c0,0x7291a3cc
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2476
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2256
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2052 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3776
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=2324 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1612
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=2912 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4696
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Video Capture" --mojo-platform-channel-handle=3048 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4012
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3340 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5112
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=3436 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3900
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.5.712\Installer\setup.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.5.712\Installer\setup.exe" --set-as-default-browser
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      PID:4088
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.5.712\Installer\setup.exe
        C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.5.712\Installer\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4088 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0xbd1198,0xbd11a8,0xbd11b4
        3⤵
        • Executes dropped EXE
        PID:1296
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3428 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1860
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=4240 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3832
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4488 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2272
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4204 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:244
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4840 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1608
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=4484 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:472
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.5.712\browser_diagnostics.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.5.712\browser_diagnostics.exe" --uninstall
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:3704
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=5904 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4924
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=5716 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1760
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4900 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3540
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=6700 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4468
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3404 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5152
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5556 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5260
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6764 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5368
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7064 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5424
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7112 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5312
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6204 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5476
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6776 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5548
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6840 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5592
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5496 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5680
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6728 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5732
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5520 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5788
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6100 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:5844
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6340 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5964
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6616 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:6020
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6344 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:6080
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6716 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5912
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6376 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:6140
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6156 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:3944
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7196 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:3940
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7200 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:416
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7208 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5320
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7184 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
      2⤵
        PID:5408
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6756 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5236
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6748 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        PID:5216
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8248 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
        2⤵
          PID:5816
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=3776 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
          2⤵
          • Checks computer location settings
          PID:5284
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=3832 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
          2⤵
            PID:1104
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=3500 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
            2⤵
              PID:5024
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=5000 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
              2⤵
              • Checks computer location settings
              PID:1808
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=ru --service-sandbox-type=utility --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --mojo-platform-channel-handle=3784 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
              2⤵
                PID:4996
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3672 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                2⤵
                  PID:5944
                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=9952 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                  2⤵
                    PID:5980
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=9844 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
                    2⤵
                    • Checks computer location settings
                    PID:6076
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=760 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                    2⤵
                      PID:5520
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=9384 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                      2⤵
                        PID:2028
                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=2568 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                        2⤵
                          PID:2244
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=9868 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                          2⤵
                            PID:1756
                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=9924 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                            2⤵
                              PID:2272
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=9912 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:1
                              2⤵
                              • Checks computer location settings
                              PID:6036
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6028 --field-trial-handle=1944,i,5491048616563502590,4396177405657203658,131072 /prefetch:8
                              2⤵
                                PID:6176
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x498 0x428
                              1⤵
                              • Suspicious use of AdjustPrivilegeToken
                              PID:3984
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --bits_job_guid={4CD3B794-5C74-4CE1-B25A-9244D8092982}
                              1⤵
                              • Enumerates system info in registry
                              PID:5956
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1668198794 --annotation=last_update_date=1668198794 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5956 --annotation=metrics_client_id=20bbe7db2a164b0f99cf77586f64978e --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7291a3b0,0x7291a3c0,0x7291a3cc
                                2⤵
                                  PID:5792
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2112 --field-trial-handle=2032,i,16567447507419649368,17463091342844330117,131072 /prefetch:8
                                  2⤵
                                    PID:1848
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1856 --field-trial-handle=2032,i,16567447507419649368,17463091342844330117,131072 /prefetch:2
                                    2⤵
                                      PID:1624
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={08A8E10D-0534-4477-9A39-2E7E6790048C}
                                    1⤵
                                    • Enumerates system info in registry
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5344
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1668198794 --annotation=last_update_date=1668198794 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5344 --annotation=metrics_client_id=20bbe7db2a164b0f99cf77586f64978e --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7291a3b0,0x7291a3c0,0x7291a3cc
                                      2⤵
                                        PID:5604
                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1804 --field-trial-handle=1968,i,13312748233937847375,13434767378415690597,131072 /prefetch:2
                                        2⤵
                                          PID:5824
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1828 --field-trial-handle=1968,i,13312748233937847375,13434767378415690597,131072 /prefetch:8
                                          2⤵
                                            PID:5948
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={069D84F6-D5E3-438C-92C5-B311D8AC9E30}
                                          1⤵
                                          • Enumerates system info in registry
                                          PID:5320
                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                            C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1668198794 --annotation=last_update_date=1668198794 --annotation=launches_after_update=3 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5320 --annotation=metrics_client_id=20bbe7db2a164b0f99cf77586f64978e --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.5.712 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7291a3b0,0x7291a3c0,0x7291a3cc
                                            2⤵
                                              PID:5452
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1832 --field-trial-handle=2112,i,16917429725742480545,3074624381017613912,131072 /prefetch:2
                                              2⤵
                                                PID:4352
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=26A083B3-D386-412F-BA5A-FFA6E708C2A4 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2028 --field-trial-handle=2112,i,16917429725742480545,3074624381017613912,131072 /prefetch:8
                                                2⤵
                                                  PID:2784
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
                                                1⤵
                                                • Adds Run key to start application
                                                • Enumerates system info in registry
                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SendNotifyMessage
                                                PID:5256
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa000f46f8,0x7ffa000f4708,0x7ffa000f4718
                                                  2⤵
                                                    PID:5316
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
                                                    2⤵
                                                      PID:5456
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
                                                      2⤵
                                                        PID:4756
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
                                                        2⤵
                                                          PID:2020
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                                                          2⤵
                                                            PID:5272
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
                                                            2⤵
                                                              PID:3840
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
                                                              2⤵
                                                                PID:4404
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 /prefetch:8
                                                                2⤵
                                                                  PID:5884
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5668 /prefetch:8
                                                                  2⤵
                                                                    PID:3060
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                                                                    2⤵
                                                                      PID:4448
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                                                                      2⤵
                                                                      • Drops file in Program Files directory
                                                                      PID:2244
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x1d8,0x248,0x7ff7d6815460,0x7ff7d6815470,0x7ff7d6815480
                                                                        3⤵
                                                                          PID:4616
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                                                                        2⤵
                                                                          PID:5880
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8268296373777331250,6684295734605973450,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
                                                                          2⤵
                                                                            PID:5584
                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                          1⤵
                                                                            PID:4172

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v6

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.5.712\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            9f9f1a056d5ff8142b94110e790f736d

                                                                            SHA1

                                                                            16e149a2ab881984bca78b6cc0a5fa9b4e784b75

                                                                            SHA256

                                                                            0ebaece3045def20575107d149307ec5cf0c2a62d8262661222de12d85cbe95c

                                                                            SHA512

                                                                            f2108c26283e3ab85768623665a9e184cfaa583e6d5e105cb446351da5f4dca61b4f72598b963a1322f9e7d089822ae61148f1c7b28e752f9fddbba13aad0a5a

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            e30fa779463f324c73bdbb94bbd36eed

                                                                            SHA1

                                                                            06c935c085d44482e09ee25d2b57c38dc96c7d5f

                                                                            SHA256

                                                                            774ca053ff5e83bb0781fcede91c015432509706073fcb162a6c0efb26fe09a1

                                                                            SHA512

                                                                            95bb836722933fa30f4bc7fe4d14d6d1963bac39cccc1b3db9499ae1d9f2af222713cead78fd032337ceeb80a257749175358071c44147255917666dd649080c

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            e30fa779463f324c73bdbb94bbd36eed

                                                                            SHA1

                                                                            06c935c085d44482e09ee25d2b57c38dc96c7d5f

                                                                            SHA256

                                                                            774ca053ff5e83bb0781fcede91c015432509706073fcb162a6c0efb26fe09a1

                                                                            SHA512

                                                                            95bb836722933fa30f4bc7fe4d14d6d1963bac39cccc1b3db9499ae1d9f2af222713cead78fd032337ceeb80a257749175358071c44147255917666dd649080c

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            e30fa779463f324c73bdbb94bbd36eed

                                                                            SHA1

                                                                            06c935c085d44482e09ee25d2b57c38dc96c7d5f

                                                                            SHA256

                                                                            774ca053ff5e83bb0781fcede91c015432509706073fcb162a6c0efb26fe09a1

                                                                            SHA512

                                                                            95bb836722933fa30f4bc7fe4d14d6d1963bac39cccc1b3db9499ae1d9f2af222713cead78fd032337ceeb80a257749175358071c44147255917666dd649080c

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            a8bafae648ee8dfd0e477d92cfe761ba

                                                                            SHA1

                                                                            8a7c5c3c8e694b04670cbce26e2d1512fcd22a95

                                                                            SHA256

                                                                            02a1322f1e5af8c4156971d2558413ac32a705c26d04564423793686cfb448cb

                                                                            SHA512

                                                                            75f531f432e90ca091d6da7726773be279c9be281ae47fa2d9f8a967cadf8de74e46ce959a1c933366c964d38e7f953e41b4fd885cdc6fd7da75039ca715a733

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            21fb6a0fd290966f6a4dabc627a54809

                                                                            SHA1

                                                                            a1ee3e64437e30f4e379feabedc85833defa3257

                                                                            SHA256

                                                                            0ccf3bbfb9d415e8f04c5080ab1c4bba5d5eae15b846f46488caa1cbf035349c

                                                                            SHA512

                                                                            4b6e3a1130e50856f06c9ac7ce9c101efdac3e17bca7a82e80cdfda3e2aa3460bbf8b993272ce1abad9f4d51137e92c6d89c89392c45478f0d77d1b86f885467

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            21fb6a0fd290966f6a4dabc627a54809

                                                                            SHA1

                                                                            a1ee3e64437e30f4e379feabedc85833defa3257

                                                                            SHA256

                                                                            0ccf3bbfb9d415e8f04c5080ab1c4bba5d5eae15b846f46488caa1cbf035349c

                                                                            SHA512

                                                                            4b6e3a1130e50856f06c9ac7ce9c101efdac3e17bca7a82e80cdfda3e2aa3460bbf8b993272ce1abad9f4d51137e92c6d89c89392c45478f0d77d1b86f885467

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            21fb6a0fd290966f6a4dabc627a54809

                                                                            SHA1

                                                                            a1ee3e64437e30f4e379feabedc85833defa3257

                                                                            SHA256

                                                                            0ccf3bbfb9d415e8f04c5080ab1c4bba5d5eae15b846f46488caa1cbf035349c

                                                                            SHA512

                                                                            4b6e3a1130e50856f06c9ac7ce9c101efdac3e17bca7a82e80cdfda3e2aa3460bbf8b993272ce1abad9f4d51137e92c6d89c89392c45478f0d77d1b86f885467

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            89d29afb99538830d9a6236ac7e4f32d

                                                                            SHA1

                                                                            80e6bab69f3f041032e5753ab41ac3e0ec85217f

                                                                            SHA256

                                                                            cab57c1133ff123ca1dc7bd6f496af32eb987ef6a8a64969f47ba7f11370e097

                                                                            SHA512

                                                                            97c05e90e9f8ed78b91ac10821f5384f70c7c94343ac82b4e61d79aaae58d8144efccb4a74d5e761290cbbc06401f9261ca0595157bb1de6a68c0258714d0536

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            01571f2dd89eaf430497ae0bcad69391

                                                                            SHA1

                                                                            9c1e0802ee83a1e147fa4f4fbf8474c0d821c952

                                                                            SHA256

                                                                            c3075ace1d63f5bfdeec9fd4afe3b202b3fe8fb989662cccd675afbdb1f1841c

                                                                            SHA512

                                                                            39374188abb9fa039fbc3d6b78a6172e83d34fc5f3931b6c436ad472b67436906e81509673f6e2ea0d2e6eabab3f7f396aa4ed675edd8849604747904aa93fcf

                                                                            Download Submit
                                                                          • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            1c2ce3a3a52ff87e42d89ef2378cf6a9

                                                                            SHA1

                                                                            598364722c21f785ef8d44f3c9eabea4f21f8551

                                                                            SHA256

                                                                            077fc95f7ff1ab6c1472c8eef2960c13fb511a1726853e11d5e00e9b538a7aa3

                                                                            SHA512

                                                                            d77fda09e9030bc7d5ce0644f10e8a70cacac0371b6017bed1e542964892108dd1fb9e6b6eec1d65bf72fea36c18de732e5fa5918c1b494cd539af5ade14e28d

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            7200465878dd196f216d4177d304184d

                                                                            SHA1

                                                                            c2257a556134049c8abb898694793bcc41a09ee9

                                                                            SHA256

                                                                            4fe5021018313f6b1b238b26eef9cd3903e9ee53a20980721ccd6f80658013e2

                                                                            SHA512

                                                                            e28370ac5dfc9bf0890b45044a5e0185c3e5c8e870afbe63104a8761e38b05b1fd661ebd2be7dd39b47b778bbb3ecfc7ed6c478e4f7436e7f21b0544c2f398ba

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_10F204F67590689C25A3C1C3FBC116B1
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            6147c7b5148ce98103cbf0bac13d39fc

                                                                            SHA1

                                                                            309c57ec9dfb4601da52d4f30d13830fef78188d

                                                                            SHA256

                                                                            b442dcc4451e3a32cb452c9227f430407014b6892724250c6e9796d21a61142a

                                                                            SHA512

                                                                            d04abcefc7dc089563c8d401942acc66b7eb7cbf298b52af25b023daf749e3309e37a95e05632321d40e45dfe5e87e9d166f673663f19cd7a430d398adda70a4

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            fe1a48194f793de2cb62df25dbb2be96

                                                                            SHA1

                                                                            35ba8161cc83d97efc87b152a9de68b0134f9832

                                                                            SHA256

                                                                            bffe4d5299ff29e897d84c1d0770d6882ad623233da9c0237ab7ae91a83738cc

                                                                            SHA512

                                                                            371b0a360d0beb858dcbf5891faff6419e6b330e74ece7cc15971f2b0968f432586cb9e045eb53e1426105799d8bfde69d2410c5255b521488c317e3915c8329

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                            Filesize

                                                                            727B

                                                                            MD5

                                                                            ab7888077621c2e80cc5246614668f10

                                                                            SHA1

                                                                            ec8442d6ab0e420386ae951ae7d3cfee2caa1012

                                                                            SHA256

                                                                            8d15eea6e933f3b9d4a4b58b3da9f28f7c06f3869c9a8198cfe3b1bb4fc9001c

                                                                            SHA512

                                                                            f2e153ba54c4504c60d81f7e08475e1a6e9a4539444c9b42a321127b1988e3bdd90516e8810f7c664a74e565b5c9cf4ead92b7c93ca8d631ce40e831785010ac

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                            Filesize

                                                                            471B

                                                                            MD5

                                                                            da5a9f149955d936a31dc5e456666aac

                                                                            SHA1

                                                                            195238d41c1e13448f349f43bb295ef2d55cb47a

                                                                            SHA256

                                                                            79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

                                                                            SHA512

                                                                            60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            4f7209e18b17f1c9682909c133636705

                                                                            SHA1

                                                                            694d0ac3e890d1a8f98c3c00677148bf87549bed

                                                                            SHA256

                                                                            2f08692e14c7927b0f0cd9e659ede49ccaf7f499e4eec32b371cf69d7b4f5558

                                                                            SHA512

                                                                            1dd07a4ab7a901328a8486c62f54a60fa8cb77808660fcd78d003f4e252e819f51ca7e3d4726c5a791cee9cda18e997da917e91337985769991a492f9fe0dec8

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            a2fc39c505462cf21afb0562c4a7900a

                                                                            SHA1

                                                                            2e5ca7899792f9bb867327446411fa4aa6d9636d

                                                                            SHA256

                                                                            5e7a7cc7f989b93f9a93f8dafa06eb2641bea5fb9fe5aeb3ec90658356ada089

                                                                            SHA512

                                                                            a417c8c0fcb3600b36e47823e3bab396ddbcba7c508fc940d14fe24f9c5997160b373101937cc733693bfcf90716a0ab2afefb8bb341b1f540b70827ce6d6cae

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                            Filesize

                                                                            727B

                                                                            MD5

                                                                            fa9d8b6cd98317157012fbadc87a86a0

                                                                            SHA1

                                                                            95b9de3eb73ff08f34c6d090361e5352af335255

                                                                            SHA256

                                                                            996fe670b70f4dbec7febbc061119da89d92194bb903137743f7964f83ac1682

                                                                            SHA512

                                                                            64a71d3957911a93c017b5e8869007667d6249e217a58ca693e4b04560c1de19dca080a669730c5bdf78ac0c1e67deda00e9ebba1ad3387c4d87c5fbf8baf11a

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                            Filesize

                                                                            508B

                                                                            MD5

                                                                            138b88b16c70e3207b1512fcec02a4d6

                                                                            SHA1

                                                                            6193cfae4b4b6de715f9dd866ded09f204991e31

                                                                            SHA256

                                                                            322923a2a7eb89b2a5f69d31202b242266466cf0e3cd42657cfdea0660d30e95

                                                                            SHA512

                                                                            d7689d1f1e7db0b51b8decee682f35916bad9569e20004186cdd1d9453e02331df560ce4327b39db5b1750b53f1395ea00455725ee703a77716be892e6819d5b

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_10F204F67590689C25A3C1C3FBC116B1
                                                                            Filesize

                                                                            536B

                                                                            MD5

                                                                            b906cc2a07ea2b1852641580492f377c

                                                                            SHA1

                                                                            973724251d7e94a289a8696520e55c6c5e58fb90

                                                                            SHA256

                                                                            ae69c6f740d6d4765d85ed758579aac932a5fd6d8a3fa7d170f6077f50e8b96d

                                                                            SHA512

                                                                            d34e0dcc26b3f79ce07127f39186988521c8cd473ef1b76f1b037e161e197e072badd10ded93e4b9f4ed75dd08c37e8434808e44693f76f321c8b60cf44b88a6

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                            Filesize

                                                                            540B

                                                                            MD5

                                                                            8206271ff4658cf34ad0196a58e98093

                                                                            SHA1

                                                                            427a91633bef9046a30bed88e5733e4386658344

                                                                            SHA256

                                                                            14569962c5ef23bd2c11e7daacb2816f2b1b73ae553402373aefdb119926e20c

                                                                            SHA512

                                                                            094ee1efdfa3082dceae17692d73b9a4abbc069f60d8deaf552fc07656176e20b44723e37f9bf9847cbbfd88c2bb0bc67275b3485d079763e62f5654dbc834aa

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                            Filesize

                                                                            434B

                                                                            MD5

                                                                            d9358d4c5884f6f497fe917e8c9b1627

                                                                            SHA1

                                                                            7c26002e0891eef0f66036a19018ab50833066f0

                                                                            SHA256

                                                                            35f942139761d9d86e95101e8339cccabd4fb8c0c9705383c89a4d16cdbfeedf

                                                                            SHA512

                                                                            bba8166889519390547e91c214bfab171af751479a08f97daa1b3d94e33b5a6f1fd933bdd801fa272fa3b4439c48a18cc30728467af1c7584bfb6ed0cd49eb9f

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                            Filesize

                                                                            430B

                                                                            MD5

                                                                            26258f4fafcbd666e0d356246193953e

                                                                            SHA1

                                                                            04bc41aa42685efa7b040c2ca14900464c016216

                                                                            SHA256

                                                                            8d98a36d262a805d0164aac713c9937c4377ee9d3ca3b7d74b21e8fb66a49943

                                                                            SHA512

                                                                            b81e304f57c28d81b8c1696d931984a0b58db74d21ace2a4b62a5ca751fa70db3aed6f38f2c50d6873ff90e5656dcc3d17e32825f909fa84cade9e5be1a5ed66

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                            Filesize

                                                                            536B

                                                                            MD5

                                                                            8cbbedad77165c943bfa929063c19f24

                                                                            SHA1

                                                                            a9dee2a5b380407b249c045dc295432e177335ff

                                                                            SHA256

                                                                            e85896063ec4ada727c3e92c1eccaa442f4c1ed1b0512237f8d4e19e5c0da4bc

                                                                            SHA512

                                                                            c2b6ea1ae136dcdca7663d413a1b538204de3b2cff63b951572d1f22ad01fef5baba7cec39a5c907976bb8deb9c1e3b7290c36e0cb3d88a88ee98a4453f3301c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                            Filesize

                                                                            536B

                                                                            MD5

                                                                            8cbbedad77165c943bfa929063c19f24

                                                                            SHA1

                                                                            a9dee2a5b380407b249c045dc295432e177335ff

                                                                            SHA256

                                                                            e85896063ec4ada727c3e92c1eccaa442f4c1ed1b0512237f8d4e19e5c0da4bc

                                                                            SHA512

                                                                            c2b6ea1ae136dcdca7663d413a1b538204de3b2cff63b951572d1f22ad01fef5baba7cec39a5c907976bb8deb9c1e3b7290c36e0cb3d88a88ee98a4453f3301c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                            Filesize

                                                                            506B

                                                                            MD5

                                                                            682a733cba64db3fc82d3256e1aba9eb

                                                                            SHA1

                                                                            dd3160ca6dfdb9e1727dc33be520aad566bde08a

                                                                            SHA256

                                                                            d42d7ff46adafced60c8c23a559b46fe9381664fb5c69d9e1056dc7a685d0d4c

                                                                            SHA512

                                                                            02178fd1c430d71a57084a5cb48edcab6fbe5150bebad3b1cc2dd480a097d14fb70372f7774ae55241cbea311d3e1d1d6b2ae42be04f13b7bfa2d383e1fd6c8d

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                            Filesize

                                                                            442B

                                                                            MD5

                                                                            b8221d4b9ad68ebe7fa6d0e5407bdfd3

                                                                            SHA1

                                                                            48ea90ee70a30c374e87de8320b1e6979dcff613

                                                                            SHA256

                                                                            ffd16f0291d61d6f7001d4c05507d92d79ed703431d398dd1760c2d6b007d8c6

                                                                            SHA512

                                                                            6787a12919f9a8b23161b047eb26bb00eab40193f166be8b2f91ddcb18fa23f619ab8e34840aa428e5f20095a08b384606fbc4d87fd7b8d679aad53fd511dd5f

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\BRAND_COMMON
                                                                            Filesize

                                                                            23.3MB

                                                                            MD5

                                                                            704b9e56754deca9d8cab59ac416a5e3

                                                                            SHA1

                                                                            53bc4648a7f7814f427a61f008d134acec760d33

                                                                            SHA256

                                                                            5f80c7a26858ccd008a834ed04871c9032f4723a8d83349b000942467f6c0342

                                                                            SHA512

                                                                            ac54dbb212ef720820c2cc5388066e936c10f29d3090b7cb6fa43480e2aed796d7a6f9180682fcf236ae25d4a361600f377966e5a9461f20cd5aec97c79ce0a2

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\BROWSER.PACKED.7Z
                                                                            Filesize

                                                                            90.9MB

                                                                            MD5

                                                                            3ad7309946977c3f43a59773b89dad06

                                                                            SHA1

                                                                            57d1dd503684071e12814094feb0d11ada7edf39

                                                                            SHA256

                                                                            6fa1128a06a132a85ddaa3ac347c4810bffc73579448fef846f1f5ecd8833d5a

                                                                            SHA512

                                                                            d6c60dc22976dc788932081c2fc4d7db2a820b38d7d13a05162acc3f2f9b81617fca762cdb84ba2b491bfe615b53fff56eb79a48b54c6c65665dd876d96f87e2

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\brand_yandex
                                                                            Filesize

                                                                            2.1MB

                                                                            MD5

                                                                            c6e892b2169cbcd078ff55ce415872db

                                                                            SHA1

                                                                            7b57f5a96c9744630548ee3ea3d35ebb3a8ab2fd

                                                                            SHA256

                                                                            8a922259be1b2c13bfeb626da78113c4913b52ec7795f13da3eba85ad85b8998

                                                                            SHA512

                                                                            1cd11b3833be359702c17453165a959f3a82f005cf39a4c26d306c3073706b868c103794bf3ef5eac5b14e2f7de078e872033989336f4104da5ca178b57808f9

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe
                                                                            Filesize

                                                                            3.9MB

                                                                            MD5

                                                                            92f18837910719b7d57737f22add2728

                                                                            SHA1

                                                                            56a980f693447b2e9d89b27e7173dfd900e644fb

                                                                            SHA256

                                                                            715a9352ab4a0338ccfd854349a1fd025b4c9c5572b367e1e5898662f2a9c402

                                                                            SHA512

                                                                            c7e5e6112d21f3be16f1fce5e65cc26b80ebed056d3d895429736c89e0e0552310611220a89e6652aee759d5307362d438037969248fca97a47bcfba0d073a4c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe
                                                                            Filesize

                                                                            3.9MB

                                                                            MD5

                                                                            92f18837910719b7d57737f22add2728

                                                                            SHA1

                                                                            56a980f693447b2e9d89b27e7173dfd900e644fb

                                                                            SHA256

                                                                            715a9352ab4a0338ccfd854349a1fd025b4c9c5572b367e1e5898662f2a9c402

                                                                            SHA512

                                                                            c7e5e6112d21f3be16f1fce5e65cc26b80ebed056d3d895429736c89e0e0552310611220a89e6652aee759d5307362d438037969248fca97a47bcfba0d073a4c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe
                                                                            Filesize

                                                                            3.9MB

                                                                            MD5

                                                                            92f18837910719b7d57737f22add2728

                                                                            SHA1

                                                                            56a980f693447b2e9d89b27e7173dfd900e644fb

                                                                            SHA256

                                                                            715a9352ab4a0338ccfd854349a1fd025b4c9c5572b367e1e5898662f2a9c402

                                                                            SHA512

                                                                            c7e5e6112d21f3be16f1fce5e65cc26b80ebed056d3d895429736c89e0e0552310611220a89e6652aee759d5307362d438037969248fca97a47bcfba0d073a4c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\YB_C9F05.tmp\setup.exe
                                                                            Filesize

                                                                            3.9MB

                                                                            MD5

                                                                            92f18837910719b7d57737f22add2728

                                                                            SHA1

                                                                            56a980f693447b2e9d89b27e7173dfd900e644fb

                                                                            SHA256

                                                                            715a9352ab4a0338ccfd854349a1fd025b4c9c5572b367e1e5898662f2a9c402

                                                                            SHA512

                                                                            c7e5e6112d21f3be16f1fce5e65cc26b80ebed056d3d895429736c89e0e0552310611220a89e6652aee759d5307362d438037969248fca97a47bcfba0d073a4c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\clids.xml
                                                                            Filesize

                                                                            599B

                                                                            MD5

                                                                            dae47d5fb36af27a9869750c11f52494

                                                                            SHA1

                                                                            366629747a061c7bd6a6883f5364734cecfc697a

                                                                            SHA256

                                                                            37ec2fcea5119863c67d94c2d269ec242e294cb76c9674e793d7280b6fd13c90

                                                                            SHA512

                                                                            6937d3a2f3c4ecd3544a473a79808f1932e036cbafe6bff11d51f5d131fd8b6e594dbdfb254f96f49177cac5517e536bc14d855beaf3c81349ddbf7324bf79b4

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\distrib_info
                                                                            Filesize

                                                                            317B

                                                                            MD5

                                                                            e92c8760fd5e433923bd03a375d1798c

                                                                            SHA1

                                                                            933e331d87291c7fcd942b717ee456095aaaefe8

                                                                            SHA256

                                                                            9ab9819802e815694c19c8f1eae8481f593367a7eae8a5ea760cd194e50efa70

                                                                            SHA512

                                                                            8455a6b31a0c36c77b9a09d1d1aa4ab2db1f35284e75b92f56a2788fdf4f1129118913ecf29b6bc64bf7530318f30a90402255b14195e9be9a45a5160cbcc00d

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                            Filesize

                                                                            13KB

                                                                            MD5

                                                                            94527bbeecf928d9e5c36e22da29edc5

                                                                            SHA1

                                                                            24c3924bc4831c71715beb6e7e019b1f25a1a278

                                                                            SHA256

                                                                            26e1a03fb16cd3c9fab8c484cbc899787e26db9ce4ba6b811477582d3dcda0f3

                                                                            SHA512

                                                                            a02c297b8cf33072ea84719cc9fa0b9084883d5d991901df9907aa1e59c42a4d2821156cb680e2585248fde7a8ff3e2563c252729595e726c709b2eb23d91b7f

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                            Filesize

                                                                            13KB

                                                                            MD5

                                                                            5162e3a0a7d3e3b497d1dbe13c83c0b9

                                                                            SHA1

                                                                            29ed47bc103a7d3ca2787f65886f9db5976d0d46

                                                                            SHA256

                                                                            16ea521496d6d0a6e1e0ac3704e1013657c11d00d625facc613f095a5634a25a

                                                                            SHA512

                                                                            24f23fb27ca4520383e9e1d7d6a9522f512ee5ee92e6b39aef6897637f75ebd1958ccb076f4ddb7fdca3c47ea6893641e93db44860fee11093dd85e6d4950a75

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            4ac00cc3f4fbc9c7a08c8fe74a2eec2f

                                                                            SHA1

                                                                            2917454143bf70cd98ce63e88ba6e6aa4afa94ab

                                                                            SHA256

                                                                            6e7eca83854bf6bd6a780e6d9ecb2e5c5aad5ffa59eed5d4dbcdfa1b5775d058

                                                                            SHA512

                                                                            3fb67682d807715572d576cfb508e70e0e10bfedb5bb9d60e11eafeb68c993102266ba85c470167dac019f7143a41ff5396e7f81d33c4d2e161b7d1dd5f41371

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                            Filesize

                                                                            24KB

                                                                            MD5

                                                                            3ba30b51cfd5d29c89fe5cfdd209487e

                                                                            SHA1

                                                                            e8a8b5d15ab15e3874bc5b514516b6b3d27286ed

                                                                            SHA256

                                                                            c5aa2cd0f8840501a30a085a617406da2b298bf54a2171cfd8ca4593a254cb41

                                                                            SHA512

                                                                            8bbf34dd5bdeeb262a1ae9a32bebd5027c695ff2dc99a42cd7460efa3dba9233a531e3a36426119ff896afebd5019c3c4099c1fac86b59468df268625542ec54

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                            Filesize

                                                                            127KB

                                                                            MD5

                                                                            232e2fee6736a853bbf982db72320aac

                                                                            SHA1

                                                                            e705a9a4e4bbc8d5ed7d1ceead3ff6619968134c

                                                                            SHA256

                                                                            26f16f2c7364a56893f561dcca807d72e914c2f2346c12f28f1b42f9ea586e48

                                                                            SHA512

                                                                            9495de901c7a8f1b4c6e93cc0f29ec906166067c8685d9593dd2b37dc1d33c1f11bbdcdd5794025d270337a700a52985142803204f3e842296193c1c0fb4f096

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                            Filesize

                                                                            127KB

                                                                            MD5

                                                                            232e2fee6736a853bbf982db72320aac

                                                                            SHA1

                                                                            e705a9a4e4bbc8d5ed7d1ceead3ff6619968134c

                                                                            SHA256

                                                                            26f16f2c7364a56893f561dcca807d72e914c2f2346c12f28f1b42f9ea586e48

                                                                            SHA512

                                                                            9495de901c7a8f1b4c6e93cc0f29ec906166067c8685d9593dd2b37dc1d33c1f11bbdcdd5794025d270337a700a52985142803204f3e842296193c1c0fb4f096

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir2104_1008626121\explorer.exe
                                                                            Filesize

                                                                            3.9MB

                                                                            MD5

                                                                            92f18837910719b7d57737f22add2728

                                                                            SHA1

                                                                            56a980f693447b2e9d89b27e7173dfd900e644fb

                                                                            SHA256

                                                                            715a9352ab4a0338ccfd854349a1fd025b4c9c5572b367e1e5898662f2a9c402

                                                                            SHA512

                                                                            c7e5e6112d21f3be16f1fce5e65cc26b80ebed056d3d895429736c89e0e0552310611220a89e6652aee759d5307362d438037969248fca97a47bcfba0d073a4c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir2104_1008626121\explorer.exe
                                                                            Filesize

                                                                            3.9MB

                                                                            MD5

                                                                            92f18837910719b7d57737f22add2728

                                                                            SHA1

                                                                            56a980f693447b2e9d89b27e7173dfd900e644fb

                                                                            SHA256

                                                                            715a9352ab4a0338ccfd854349a1fd025b4c9c5572b367e1e5898662f2a9c402

                                                                            SHA512

                                                                            c7e5e6112d21f3be16f1fce5e65cc26b80ebed056d3d895429736c89e0e0552310611220a89e6652aee759d5307362d438037969248fca97a47bcfba0d073a4c

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\website.ico
                                                                            MD5

                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                            SHA1

                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                            SHA256

                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                            SHA512

                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                            Filesize

                                                                            4KB

                                                                            MD5

                                                                            1b05382c539f895cdaa1a7e4c502faff

                                                                            SHA1

                                                                            c586777949b22be84266c5e3e7df08d1c59e399d

                                                                            SHA256

                                                                            dce3339f1030fdb5bfd346fa173816a3e91a115f4eb3943d72f811969a3fdec9

                                                                            SHA512

                                                                            041346436b3924c538b5346885705f220aa640cfe7a469c6cbb86d610e4b71a03b86a5fdaca9c43dfa49501e0e13fae57ff60f01d47f597e7b209200a01b9f4e

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                            Filesize

                                                                            22KB

                                                                            MD5

                                                                            9f25aeee32e1c6886abd04752876de27

                                                                            SHA1

                                                                            ac3edf405137daefa14e6db984d74941d908cb10

                                                                            SHA256

                                                                            ab39342cee0fc02e5d402ac9f508adc44aab6d76d073ac7e7ee2f176656a75ba

                                                                            SHA512

                                                                            276952bd1a832ca145f879ba682bfe4eb3c07b5fc3d9f56c6f2075819e5bed01e2d54e0091809bb289f88b0cae0e6010d09104b2e73a83b587b030b5d7c04610

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Temp\ybB933.tmp
                                                                            Filesize

                                                                            149.9MB

                                                                            MD5

                                                                            9390950e98a038d0afb2e38a37205215

                                                                            SHA1

                                                                            51eb49b4674abfd303e117d11e30e35b1f35613b

                                                                            SHA256

                                                                            34c5e497922d035702216a66e209b6fc77f12b0a57e2248bd3bd7ce152f6b579

                                                                            SHA512

                                                                            8ff1e3499f1b34928c029d02b10bbc45cf8e959acd0bf65260a30bb461f0a78ba0af0070233768e257fed61e31ba665ba9eb50af4f88e6b74e68efb8eeb22951

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                            Filesize

                                                                            592KB

                                                                            MD5

                                                                            8259eb04a6ff623568b1a49e912c26a4

                                                                            SHA1

                                                                            b4113803d77e97b90a7eb6787a1b62465cb90481

                                                                            SHA256

                                                                            2b70b880b2a34f6dea6f7b4d0fdc27f048869566fa4a1d844cc7c2df07201e2f

                                                                            SHA512

                                                                            5ede9ed74a7c4c1a00ae4e987517a94be0a54d4501f56df49d773dd0ab77ca2ad949f301ee339b22f6b73613fcd9b61cac4a79c8ed005cf2b3991a02b62a32f3

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                            Filesize

                                                                            592KB

                                                                            MD5

                                                                            8259eb04a6ff623568b1a49e912c26a4

                                                                            SHA1

                                                                            b4113803d77e97b90a7eb6787a1b62465cb90481

                                                                            SHA256

                                                                            2b70b880b2a34f6dea6f7b4d0fdc27f048869566fa4a1d844cc7c2df07201e2f

                                                                            SHA512

                                                                            5ede9ed74a7c4c1a00ae4e987517a94be0a54d4501f56df49d773dd0ab77ca2ad949f301ee339b22f6b73613fcd9b61cac4a79c8ed005cf2b3991a02b62a32f3

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            Filesize

                                                                            3.8MB

                                                                            MD5

                                                                            fc4d8246330acc949c2cd0a98f48c65e

                                                                            SHA1

                                                                            0ebeffc7ecd70a9d59b42a7ef31af20e238f9e83

                                                                            SHA256

                                                                            d22475235e8ca73d8717eae98a2c865cc2d9ec5f4908ad9f41394ad8e636abc0

                                                                            SHA512

                                                                            c244656e3d20543c4ea65c79fbbcc2e46c7d827d8a6e4e210199767c20004fa553993a1eb69a0e4cbe529ded399c22ac58aabb678abc6b7891fd1a7a9f71533f

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            48B

                                                                            MD5

                                                                            608af808d4b82f6b155f5e955182e14a

                                                                            SHA1

                                                                            f0ae12c593eafb45c85f37d57e7229e09b55c412

                                                                            SHA256

                                                                            97b1828896180d79f6117796a08c6b7cc8a0cb4d23a91497d6224f19f3f88260

                                                                            SHA512

                                                                            35941a5f6f3c25d00d78becd15014c5d355035d800cd3b5904163f325f3984ef998e8feea1c7921e494986ba74c82421be98fc6e63ee38a13e7deed5188d61a4

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk
                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            6d1833f5b873d60c62d47c993e60c135

                                                                            SHA1

                                                                            b8e36d9b9e49e5d4f3de9415a1d1ec20ef550f6f

                                                                            SHA256

                                                                            457ed0d22edfa9e65a77930d669f9905d3dd96493c979e84d3a2c0a822ff66bf

                                                                            SHA512

                                                                            e4e204d3bf8a5e51832fe60edb193dea133a774909fa8689f7049d84b639c4d9169ff8eb5756b1ddf1c5298c980526fea34a1562cdc5be82332ad0f61448a946

                                                                            Download Submit
                                                                          • C:\Users\Admin\AppData\Roaming\Yandex\ui
                                                                            Filesize

                                                                            38B

                                                                            MD5

                                                                            1d506174788c1a2d7c00a6cc40b5168d

                                                                            SHA1

                                                                            0350a967853eb57a85a4bbd657af4e2655385113

                                                                            SHA256

                                                                            da3ed0d4571c833d5e0a27ba81d88b5863ab2ff0b159177529f03be41443b09c

                                                                            SHA512

                                                                            f6532a3c5654efaf4d72cfb0c315c449b08f32838544c1e31ff0221d4c41bb6c12b93aca7b2bd4cab598de40ced27543ab73af696b7239a18fa9c3f75c8829a9

                                                                            Download Submit
                                                                          • C:\Windows\TEMP\sdwra_2104_419317634\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • C:\Windows\Temp\sdwra_2104_419317634\service_update.exe
                                                                            Filesize

                                                                            2.6MB

                                                                            MD5

                                                                            cd0ca2fc38121fdab300560c8c88327a

                                                                            SHA1

                                                                            f5ea49fb1f212c71613037c0dc2c06e88d3cf47e

                                                                            SHA256

                                                                            4d5001f507b27913589639dd54590b9fa4d6ed749b3de5bcef0651bcbc0d43df

                                                                            SHA512

                                                                            bb000c93a0474460c762b21b8100fa6a9a322354ddc7951cfdb52e53acc2e0645508bf800edf2faf8dc9fdd317e69db3ad24c780ab29bca2928aedf706450b1d

                                                                            Download Submit
                                                                          • memory/244-213-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/244-245-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/416-381-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/472-259-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1296-233-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1608-251-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1612-220-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1652-174-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1760-268-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1848-183-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1860-231-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/1984-178-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2084-199-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2104-144-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2256-216-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2272-242-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2388-148-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2476-214-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2724-193-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2832-138-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/2844-210-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3104-140-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3540-273-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3684-211-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3704-261-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3776-217-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3832-239-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3900-228-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3940-375-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3944-370-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3972-206-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/3980-196-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4012-224-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4056-186-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4088-229-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4104-171-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4380-209-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4468-277-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4696-223-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4768-212-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4924-263-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/4968-132-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5112-226-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5152-279-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5216-284-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5236-287-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5260-291-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5312-296-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5320-387-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5368-301-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5408-390-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5424-305-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5476-310-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5548-315-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5592-320-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5680-325-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5732-330-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5788-334-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5844-340-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5912-345-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/5964-349-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/6020-355-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/6080-361-0x0000000000000000-mapping.dmp
                                                                            Download
                                                                          • memory/6140-365-0x0000000000000000-mapping.dmp
                                                                            Download