Overview

overview

8

Static

static

7433483273...96.exe

windows7_x64

8

7433483273...96.exe

windows10_x64

8

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    11-05-2021 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe

  • Size

    991KB

  • MD5

    b9f3be6a36336377d5ca0714fad03d70

  • SHA1

    38c60e271606ede3a32e1ad98ff07d722c6cdd7e

  • SHA256

    7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96

  • SHA512

    1b477beaec2bca6a71abb307c6dc5c759cf66f953345ece8cf94343805d89484a4dfe67cded2db5e01e689cb905f31ddc5d56be54b7bd4b34ec0f01fa288647c

Score
8/10
discoverypersistencespywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Checks computer location settings 2 TTPs 14 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 27 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 34 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies data under HKEY_USERS 58 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 10 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 41 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe
    "C:\Users\Admin\AppData\Local\Temp\7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Users\Admin\AppData\Local\Temp\._cache_7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe"
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
        "C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe" /passive /msicl "VID=200 YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y "
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2104
      • C:\Users\Admin\AppData\Local\Temp\._cache_7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe
        C:\Users\Admin\AppData\Local\Temp\._cache_7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe --stat dwnldr/p=8958/cnt=0/dt=2/ct=0/rt=0 --dh 2128 --st 1620748147
        3⤵
        • Executes dropped EXE
        PID:3952
    • C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      2⤵
      • Executes dropped EXE
      PID:2488
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3156
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding C2CFA95F3058E0B09EC3D039286CEABF
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1864
      • C:\Users\Admin\AppData\Local\Temp\0C731CE9-21AE-4127-839C-FAE369003C4D\lite_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\0C731CE9-21AE-4127-839C-FAE369003C4D\lite_installer.exe" --use-user-default-locale --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --YABROWSER
        3⤵
        • Executes dropped EXE
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        PID:1604
      • C:\Users\Admin\AppData\Local\Temp\CAF6A3A5-A45B-4C90-BCCB-6D0A9B4513EE\seederexe.exe
        "C:\Users\Admin\AppData\Local\Temp\CAF6A3A5-A45B-4C90-BCCB-6D0A9B4513EE\seederexe.exe" "--yqs=y" "--yhp=y" "--ilight=" "--oem=" "--nopin=n" "--pin_custom=n" "--pin_desktop=n" "--pin_taskbar=y" "--locale=us" "--browser=y" "--browser_default=" "--loglevel=trace" "--ess=" "--clids=C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml" "--sender=C:\Users\Admin\AppData\Local\Temp\6FCA9D6B-CB0E-45E5-8488-7E273AC746AB\sender.exe" "--is_elevated=yes" "--ui_level=3" "--good_token=x" "--no_opera=n"
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        • Modifies Internet Explorer start page
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1800
        • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
          C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:2204
          • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
            C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent --pin-taskbar=y --pin-desktop=n /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
            5⤵
            • Executes dropped EXE
            • Checks computer location settings
            • Suspicious use of FindShellTrayWindow
            PID:1784
        • C:\Users\Admin\AppData\Local\Temp\6FCA9D6B-CB0E-45E5-8488-7E273AC746AB\sender.exe
          C:\Users\Admin\AppData\Local\Temp\6FCA9D6B-CB0E-45E5-8488-7E273AC746AB\sender.exe --send "/status.xml?clid=2337526-200&uuid=3960e29a-59FA-45ED-BC42-42BE10ECbf99&vnt=Windows 10x64&file-no=10%0A11%0A12%0A13%0A14%0A15%0A17%0A18%0A20%0A21%0A22%0A23%0A25%0A36%0A38%0A40%0A42%0A43%0A57%0A59%0A89%0A103%0A106%0A123%0A124%0A125%0A129%0A"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:4120
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding D33790CF2A5BA1C75D4F5592E796ADBE
      2⤵
      • Loads dropped DLL
      PID:740
  • C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe
    "C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe" --job-name=yBrowserDownloader-{095C2330-D380-4D09-AFAD-20F7261778D2} --send-statistics --local-path=C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe --YABROWSER --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --silent --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2337555-200&ui=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --use-user-default-locale
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:3888
    • C:\Users\Admin\AppData\Local\Temp\yb39B3.tmp
      "C:\Users\Admin\AppData\Local\Temp\yb39B3.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=288623107 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{095C2330-D380-4D09-AFAD-20F7261778D2} --local-path="C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2337555-200&ui=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ef311c24-d30b-4e2a-99cd-421afdb3ab7e.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4316
      • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\SEARCHBAND.EXE" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=288623107 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{095C2330-D380-4D09-AFAD-20F7261778D2} --local-path="C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2337555-200&ui=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ef311c24-d30b-4e2a-99cd-421afdb3ab7e.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:4344
        • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\SEARCHBAND.EXE" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --cumtom-welcome-page=https://browser.yandex.ru/promo/welcome_com/5/ --install-start-time-no-uac=288623107 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --job-name=yBrowserDownloader-{095C2330-D380-4D09-AFAD-20F7261778D2} --local-path="C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe" --partner-package="C:\Users\Admin\AppData\Local\Temp\PartnerFile" --progress-window=0 --remote-url=http://downloader.yandex.net/downloadable_soft/browser/pseudoportal-ru/Yandex.exe?clid=2337555-200&ui=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --send-statistics --silent --source=lite --use-user-default-locale --variations-update-path="C:\Users\Admin\AppData\Local\Temp\ef311c24-d30b-4e2a-99cd-421afdb3ab7e.tmp" --verbose-logging --yabrowser --yandex-website-icon-file="C:\Users\Admin\AppData\Local\Temp\website.ico" --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=313044912
          4⤵
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4404
          • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe
            C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4404 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=21.3.3.234 --initial-client-data=0x304,0x308,0x30c,0x2e0,0x310,0xec4690,0xec46a0,0xec46ac
            5⤵
            • Executes dropped EXE
            PID:4444
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\21.3.3.234\service_update.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\21.3.3.234\service_update.exe" --setup
            5⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:4536
            • C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe
              "C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe" --install
              6⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:4588
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
            5⤵
            • Executes dropped EXE
            PID:4832
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source4404_631194821\Browser-bin\clids_yandex_second.xml"
            5⤵
            • Executes dropped EXE
            PID:4880
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml"
            5⤵
            • Executes dropped EXE
            PID:4928
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source4404_631194821\Browser-bin\clids_searchband.xml"
            5⤵
            • Executes dropped EXE
            PID:4976
          • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\SEARCHBAND.EXE
            "C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\SEARCHBAND.EXE" /forcequiet
            5⤵
            • Executes dropped EXE
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1808
  • C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe
    "C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe" --run-as-service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4620
    • C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4620 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=21.3.3.234 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0xfc7458,0xfc7468,0xfc7474
      2⤵
      • Executes dropped EXE
      PID:4644
    • C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe" --update-scheduler
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4700
      • C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe
        "C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe" --update-background-scheduler
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        PID:4736
    • C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=39CF29CF_BEC6_4DE7_AF65_D01F54548755/*
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:4764
    • C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe
      "C:\Program Files (x86)\Yandex\YandexBrowser\21.3.3.234\service_update.exe" --update-fingerprint --fingerprint-path="C:\Windows\Fonts\yandex.ttf"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4364
  • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe
    "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Installer\searchbandapp.exe" /install
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2068
    • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe
      "C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\searchbandapp64.exe" /auto
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4328
      • C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\crashreporter64.exe
        C:\Users\Admin\AppData\Local\Yandex\SearchBand\Application\5.0.0.1903\crashreporter64.exe
        3⤵
        • Executes dropped EXE
        PID:4600
  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=0 --install-start-time-no-uac=288623107
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4424
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=4424 --annotation=metrics_client_id=a65c326aa74c4c7c82b51737125a3987 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=21.3.3.234 --initial-client-data=0x154,0x158,0x15c,0x130,0x160,0x7185b190,0x7185b1a0,0x7185b1ac
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4464
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1708 /prefetch:2
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4764
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=network --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --mojo-platform-channel-handle=1756 --enable-elf-protection /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4892
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Storage Service" --mojo-platform-channel-handle=2560 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5020
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2448 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4116
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=audio --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Audio Service" --mojo-platform-channel-handle=2592 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3472
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2600 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2240
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2956 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4496
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=video_capture --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Video Capture" --mojo-platform-channel-handle=3180 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4492
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3616 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:3688
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3912 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4392
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=3916 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Loads dropped DLL
      PID:3516
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=3936 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1116
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5672 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1216
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5684 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4112
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5656 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2568
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5812 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:5124
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5820 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:5192
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5796 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:5224
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5988 /prefetch:8
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:5292
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6004 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5316
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6020 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5352
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6036 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5412
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6168 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5452
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6420 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5472
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6424 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5524
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6428 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5564
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6436 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5652
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --disable-gpu-compositing --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=5964 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:5732
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6628 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:5776
    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6636 /prefetch:8
      2⤵
        PID:5808
      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Speechkit Service" --mojo-platform-channel-handle=11356 /prefetch:8
        2⤵
          PID:6064
        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7468 /prefetch:8
          2⤵
            PID:6056
          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7484 /prefetch:8
            2⤵
              PID:6048
            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7464 /prefetch:8
              2⤵
                PID:6040
              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6024 /prefetch:8
                2⤵
                  PID:6032
                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7460 /prefetch:8
                  2⤵
                    PID:6024
                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7448 /prefetch:8
                    2⤵
                      PID:6016
                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7432 /prefetch:8
                      2⤵
                        PID:6008
                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5984 /prefetch:8
                        2⤵
                          PID:6000
                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7320 /prefetch:8
                          2⤵
                            PID:5988
                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7336 /prefetch:8
                            2⤵
                              PID:5980
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7316 /prefetch:8
                              2⤵
                                PID:5972
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6960 /prefetch:8
                                2⤵
                                  PID:5964
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6948 /prefetch:8
                                  2⤵
                                    PID:5956
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6936 /prefetch:8
                                    2⤵
                                      PID:5944
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6924 /prefetch:8
                                      2⤵
                                        PID:5936
                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6912 /prefetch:8
                                        2⤵
                                          PID:5928
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6900 /prefetch:8
                                          2⤵
                                            PID:5920
                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6896 /prefetch:8
                                            2⤵
                                              PID:5912
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6884 /prefetch:8
                                              2⤵
                                                PID:5904
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6872 /prefetch:8
                                                2⤵
                                                  PID:5896
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6860 /prefetch:8
                                                  2⤵
                                                    PID:5888
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6848 /prefetch:8
                                                    2⤵
                                                      PID:5824
                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6484 /prefetch:8
                                                      2⤵
                                                      • Executes dropped EXE
                                                      PID:5692
                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6464 /prefetch:8
                                                      2⤵
                                                        PID:5616
                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5652 /prefetch:8
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        PID:4968
                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=8248 /prefetch:8
                                                        2⤵
                                                          PID:2880
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --disable-gpu-compositing --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=10780 /prefetch:1
                                                          2⤵
                                                          • Checks computer location settings
                                                          PID:2408
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=4212 /prefetch:8
                                                          2⤵
                                                            PID:484
                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=9944 /prefetch:8
                                                            2⤵
                                                              PID:5056
                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7924 /prefetch:8
                                                              2⤵
                                                                PID:5040
                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7960 /prefetch:8
                                                                2⤵
                                                                  PID:5060
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5992 /prefetch:8
                                                                  2⤵
                                                                    PID:6024
                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5256 /prefetch:8
                                                                    2⤵
                                                                      PID:5668
                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=8380 /prefetch:8
                                                                      2⤵
                                                                        PID:5896
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5648 /prefetch:8
                                                                        2⤵
                                                                          PID:6060
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=6556 /prefetch:8
                                                                          2⤵
                                                                            PID:5388
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=8092 /prefetch:8
                                                                            2⤵
                                                                              PID:5176
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=8024 /prefetch:8
                                                                              2⤵
                                                                              • Executes dropped EXE
                                                                              PID:5616
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7372 /prefetch:8
                                                                              2⤵
                                                                                PID:5720
                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=11188 /prefetch:8
                                                                                2⤵
                                                                                  PID:5804
                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5860 /prefetch:8
                                                                                  2⤵
                                                                                    PID:5844
                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=9920 /prefetch:8
                                                                                    2⤵
                                                                                      PID:5768
                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=11076 /prefetch:8
                                                                                      2⤵
                                                                                        PID:5820
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=7308 /prefetch:8
                                                                                        2⤵
                                                                                          PID:5808
                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=9960 /prefetch:8
                                                                                          2⤵
                                                                                            PID:5340
                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=9952 /prefetch:8
                                                                                            2⤵
                                                                                              PID:4436
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=11072 /prefetch:8
                                                                                              2⤵
                                                                                                PID:6092
                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=9664 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:4408
                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=9728 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:6136
                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5672 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:6116
                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=4152 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:5296
                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=4204 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:5484
                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=10124 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:5660
                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=8376 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:5740
                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Утилиты Windows" --mojo-platform-channel-handle=2256 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:6008
                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=7532 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:5140
                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=1468 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:5056
                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=none --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Импорт профилей" --mojo-platform-channel-handle=1692 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:6048
                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --disable-gpu-compositing --lang=ru --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://yastatic.net --enable-instaserp --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=2268 /prefetch:1
                                                                                                                      2⤵
                                                                                                                      • Checks computer location settings
                                                                                                                      PID:5912
                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Data Decoder Service" --mojo-platform-channel-handle=5280 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:5288
                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1696,8868790147710902427,1238636314786124173,131072 --lang=ru --service-sandbox-type=utility --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Распаковщик файлов" --mojo-platform-channel-handle=2088 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:5520
                                                                                                                      • C:\Windows\system32\AUDIODG.EXE
                                                                                                                        C:\Windows\system32\AUDIODG.EXE 0x3a4
                                                                                                                        1⤵
                                                                                                                          PID:4868
                                                                                                                        • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                          C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                          1⤵
                                                                                                                            PID:4268
                                                                                                                          • C:\Windows\system32\compattelrunner.exe
                                                                                                                            C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW
                                                                                                                            1⤵
                                                                                                                              PID:4292
                                                                                                                            • C:\Windows\system32\DllHost.exe
                                                                                                                              C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                              1⤵
                                                                                                                                PID:6016
                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --bits_job_guid={3553CFF6-6F38-43F8-BC61-2F6541EBF1D0}
                                                                                                                                1⤵
                                                                                                                                  PID:5592
                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1620748202 --annotation=last_update_date=0 --annotation=launches_after_update=0 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5592 --annotation=metrics_client_id=a65c326aa74c4c7c82b51737125a3987 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=21.3.3.234 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7185b190,0x7185b1a0,0x7185b1ac
                                                                                                                                    2⤵
                                                                                                                                      PID:5260
                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1580,1777719611844824512,18151296399848712582,131072 --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1596 /prefetch:2
                                                                                                                                      2⤵
                                                                                                                                        PID:5152
                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,1777719611844824512,18151296399848712582,131072 --lang=ru --service-sandbox-type=network --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --mojo-platform-channel-handle=1796 --enable-elf-protection /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                          PID:5648
                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={FB503CAA-B566-4CE1-A68B-2433849A6592}
                                                                                                                                        1⤵
                                                                                                                                          PID:6120
                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                            C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1620748202 --annotation=last_update_date=1620748202 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=6120 --annotation=metrics_client_id=a65c326aa74c4c7c82b51737125a3987 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=21.3.3.234 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7185b190,0x7185b1a0,0x7185b1ac
                                                                                                                                            2⤵
                                                                                                                                              PID:4112
                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1588,9736205862282552462,13722117004193576360,131072 --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1648 /prefetch:2
                                                                                                                                              2⤵
                                                                                                                                                PID:5280
                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,9736205862282552462,13722117004193576360,131072 --lang=ru --service-sandbox-type=network --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --mojo-platform-channel-handle=1920 --enable-elf-protection /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:5096
                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={490FABE7-6BA3-49AB-AF27-7C341FE5D3FC}
                                                                                                                                                1⤵
                                                                                                                                                  PID:5532
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1620748202 --annotation=last_update_date=1620748202 --annotation=launches_after_update=2 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=5532 --annotation=metrics_client_id=a65c326aa74c4c7c82b51737125a3987 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=21.3.3.234 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7185b190,0x7185b1a0,0x7185b1ac
                                                                                                                                                    2⤵
                                                                                                                                                      PID:4316
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --field-trial-handle=1596,11055380296440937106,6902596508788745617,131072 --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1608 /prefetch:2
                                                                                                                                                      2⤵
                                                                                                                                                        PID:4352
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,11055380296440937106,6902596508788745617,131072 --lang=ru --service-sandbox-type=network --user-id=3960e29a-59FA-45ED-BC42-42BE10ECbf99 --brand-id=yandex --partner-id=pseudoportal-ru --process-name="Network Service" --mojo-platform-channel-handle=1792 --enable-elf-protection /prefetch:8
                                                                                                                                                        2⤵
                                                                                                                                                          PID:5248

                                                                                                                                                      Network

                                                                                                                                                      MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                                                      Initial Access

                                                                                                                                                      Execution

                                                                                                                                                      Persistence

                                                                                                                                                      Registry Run Keys / Startup Folder

                                                                                                                                                      1
                                                                                                                                                      T1060

                                                                                                                                                      Privilege Escalation

                                                                                                                                                      Defense Evasion

                                                                                                                                                      Modify Registry

                                                                                                                                                      4
                                                                                                                                                      T1112

                                                                                                                                                      Install Root Certificate

                                                                                                                                                      1
                                                                                                                                                      T1130

                                                                                                                                                      Credential Access

                                                                                                                                                      Credentials in Files

                                                                                                                                                      1
                                                                                                                                                      T1081

                                                                                                                                                      Discovery

                                                                                                                                                      Query Registry

                                                                                                                                                      4
                                                                                                                                                      T1012

                                                                                                                                                      System Information Discovery

                                                                                                                                                      4
                                                                                                                                                      T1082

                                                                                                                                                      Peripheral Device Discovery

                                                                                                                                                      1
                                                                                                                                                      T1120

                                                                                                                                                      Lateral Movement

                                                                                                                                                      Collection

                                                                                                                                                      Data from Local System

                                                                                                                                                      1
                                                                                                                                                      T1005

                                                                                                                                                      Exfiltration

                                                                                                                                                      Command and Control

                                                                                                                                                      Impact

                                                                                                                                                      Replay Monitor

                                                                                                                                                      Loading Replay Monitor...

                                                                                                                                                      Downloads

                                                                                                                                                      • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        MD5

                                                                                                                                                        16c7891d743cb7038d68afb53ae226f0

                                                                                                                                                        SHA1

                                                                                                                                                        026b1d49cead5a094b76fe580343a323e850f4ba

                                                                                                                                                        SHA256

                                                                                                                                                        316776a1d7cf610a6b1d8d8fb92ddaa1984f239501551d27b5a2cc53e9797751

                                                                                                                                                        SHA512

                                                                                                                                                        884fe9247b50dde9265e9dc3daa2cd949b08bbbb169a2f35ce67ed3facc9394783a97111f055d78202e4d4b9dfa6a5313ef9e0f835b2c443b505d215764fb4ea

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                        MD5

                                                                                                                                                        16c7891d743cb7038d68afb53ae226f0

                                                                                                                                                        SHA1

                                                                                                                                                        026b1d49cead5a094b76fe580343a323e850f4ba

                                                                                                                                                        SHA256

                                                                                                                                                        316776a1d7cf610a6b1d8d8fb92ddaa1984f239501551d27b5a2cc53e9797751

                                                                                                                                                        SHA512

                                                                                                                                                        884fe9247b50dde9265e9dc3daa2cd949b08bbbb169a2f35ce67ed3facc9394783a97111f055d78202e4d4b9dfa6a5313ef9e0f835b2c443b505d215764fb4ea

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501
                                                                                                                                                        MD5

                                                                                                                                                        1ebec61b25461c0185d87eef53ff6258

                                                                                                                                                        SHA1

                                                                                                                                                        762e464265993d47da3ec32e60e7bc48a5d40d89

                                                                                                                                                        SHA256

                                                                                                                                                        8480c4b9a2d195fa75fc66a6898f2e5be53905a052ef0a0889674a20169a6f38

                                                                                                                                                        SHA512

                                                                                                                                                        762d0e404857bca5eb29e6a945218b15cc6be209a53ff7c72df7997d803bc63a08fc261338e654a8b300c1cb55eb1ec51163963629d4050aba6da62818dd68e7

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037
                                                                                                                                                        MD5

                                                                                                                                                        4cde0f7d535a1775b13b748952fed1cd

                                                                                                                                                        SHA1

                                                                                                                                                        d06cef4b4908274a18293f03e6d5dc3bfc65275f

                                                                                                                                                        SHA256

                                                                                                                                                        c5a346027dd101ab644d3d1aef0d32369d2368884b3b9065df7021d9480d1337

                                                                                                                                                        SHA512

                                                                                                                                                        19f7dc131619a65c2ad572e9555a0d2497b879abf28720e651ba9775f635be715f3e3840bb7dace55f240301e6f2d0d0d4b3ce51d1b7858aabcacc493a918fa2

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9
                                                                                                                                                        MD5

                                                                                                                                                        395ae3dff0d88066b4773efa59cd4b12

                                                                                                                                                        SHA1

                                                                                                                                                        23571353cd5abe71b7f65b5593736b4fb62eeac8

                                                                                                                                                        SHA256

                                                                                                                                                        75db73f772a12e2338ed647a30fd237a5ca8310bd960e67a339edbd5e64f8ab2

                                                                                                                                                        SHA512

                                                                                                                                                        bd09737cabd59a6fae288e641f85916fd15af54316ee636b5b11c1be29ecf1ad7eb5b1c89e528f15fc7649f948331c0dcd82b415849ef273273fea92a7a50907

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489
                                                                                                                                                        MD5

                                                                                                                                                        01324231a142239f16e67ac98054329b

                                                                                                                                                        SHA1

                                                                                                                                                        80f4b235b19fc744d77701456e8f0ce416dc5823

                                                                                                                                                        SHA256

                                                                                                                                                        e4a7d0af3ce2634cd4872eb55ace9bfc78fe57e34cbe474e44b1f4e4dc47b13d

                                                                                                                                                        SHA512

                                                                                                                                                        504e34f7ea9cb7a6eecd65a184fd4e83d93982e1821739f7cae8b9436e6bdfe5ad748dd7c69cedb289c30671fba7790b62da336e71c3d936a2a047dbdb042b51

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_A026C9CD7BA14377D055F4A2325D4501
                                                                                                                                                        MD5

                                                                                                                                                        86157f077209ff4e1608124d8865bbb5

                                                                                                                                                        SHA1

                                                                                                                                                        c7b9253d6b2966c572963ca6a17103ed8923c527

                                                                                                                                                        SHA256

                                                                                                                                                        60ba3fe1674608c8811008da78dca5af65ae7f17db5c2eabd7d018660d636224

                                                                                                                                                        SHA512

                                                                                                                                                        9a381385464a8e4d6dbe446e145dbf77c945fbca13d0fd090b2ad9700a92ed2ec69f678ae338dc8bc0bbc2b48f7f2ce0ddb1070dcaf8ca17e2bfbf43281997b8

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_D21903E2722B551F252C717985D24037
                                                                                                                                                        MD5

                                                                                                                                                        fa435d76f20d47bd2edac1b564183b94

                                                                                                                                                        SHA1

                                                                                                                                                        23c69fde5068c42a3472368881796af9402f455d

                                                                                                                                                        SHA256

                                                                                                                                                        b096a1eededd5b5162bea7180ed8866a27a4b54f93ff3d194e1fc49f1684865d

                                                                                                                                                        SHA512

                                                                                                                                                        41ba97ce9d5f9e5e2025a28fee9050d5c0dc3f8d73096de00f296d0339c62ea7a3d53d21660bff904ebf2b84e5f305bba912875ded704b7c0dd2c442352352dd

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA81A73291E20E6ACF6CACA76D5C942_2A2080AC7EEFAA81BA7361978F5743B9
                                                                                                                                                        MD5

                                                                                                                                                        6f2ba79892ba69c2e2ebe3af67466f6e

                                                                                                                                                        SHA1

                                                                                                                                                        90faf5ad9a4683c41b531c13aeef417e8a40958c

                                                                                                                                                        SHA256

                                                                                                                                                        1fb7122b9aae96ebf2acbb28d8b017cf9c4529506316d8937d5aa4d07fed875b

                                                                                                                                                        SHA512

                                                                                                                                                        4d9d763b75bac088146b5611fbcd2df52b01573db766d2eb62e7e56c7d1355c3e45d66af2af7b044420c60658d9849100de570b511a96d6bd1bed36798be991e

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DF8D319B9741B9E1EBE906AACEA5CBBA_A2E0B287EC2147F84DD8A330B45D3489
                                                                                                                                                        MD5

                                                                                                                                                        c40eecd7db8240afe1972ac063609fa7

                                                                                                                                                        SHA1

                                                                                                                                                        a0950ea85338aa949a41ad559b6df0d0b43d052a

                                                                                                                                                        SHA256

                                                                                                                                                        228e610b353ef99b5758a2e8a4b103167af2d1ddddeb42f39eecda732d7cb6cb

                                                                                                                                                        SHA512

                                                                                                                                                        713f274faf1d0e7f5432b240bf7c6ea88634689bae1f4289f27a19a10c0f8e27326cd1132cad14ff594b7a7ec41853381211961f4d8011bdfd2415b1197228b4

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe
                                                                                                                                                        MD5

                                                                                                                                                        7109bb5c4a3ed977186f220d2fa0573e

                                                                                                                                                        SHA1

                                                                                                                                                        c8a77426927e765ef8509fb10696c879819e8353

                                                                                                                                                        SHA256

                                                                                                                                                        4de910d7ae4d9e6ef087bc585c324f9590291e45ca0a94e0c15491fc6a8153a2

                                                                                                                                                        SHA512

                                                                                                                                                        a943144fe64863cab2b447338640b7a585de71df000fca0a3d4c3b569164e95bf14382f2bb50c3d4f118d82fde1f3099ca745fe961a43cdd4a06216f1df052e1

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe
                                                                                                                                                        MD5

                                                                                                                                                        7109bb5c4a3ed977186f220d2fa0573e

                                                                                                                                                        SHA1

                                                                                                                                                        c8a77426927e765ef8509fb10696c879819e8353

                                                                                                                                                        SHA256

                                                                                                                                                        4de910d7ae4d9e6ef087bc585c324f9590291e45ca0a94e0c15491fc6a8153a2

                                                                                                                                                        SHA512

                                                                                                                                                        a943144fe64863cab2b447338640b7a585de71df000fca0a3d4c3b569164e95bf14382f2bb50c3d4f118d82fde1f3099ca745fe961a43cdd4a06216f1df052e1

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_7433483273e783867f5cddf6c9648f18faaa566d7f266eaa48aaa964f0390b96.exe
                                                                                                                                                        MD5

                                                                                                                                                        7109bb5c4a3ed977186f220d2fa0573e

                                                                                                                                                        SHA1

                                                                                                                                                        c8a77426927e765ef8509fb10696c879819e8353

                                                                                                                                                        SHA256

                                                                                                                                                        4de910d7ae4d9e6ef087bc585c324f9590291e45ca0a94e0c15491fc6a8153a2

                                                                                                                                                        SHA512

                                                                                                                                                        a943144fe64863cab2b447338640b7a585de71df000fca0a3d4c3b569164e95bf14382f2bb50c3d4f118d82fde1f3099ca745fe961a43cdd4a06216f1df052e1

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\0C731CE9-21AE-4127-839C-FAE369003C4D\lite_installer.exe
                                                                                                                                                        MD5

                                                                                                                                                        3a02e5063012607da6d2e87f6eaace2a

                                                                                                                                                        SHA1

                                                                                                                                                        8663d75c8b67f0d88152c6da3e525eaad8c52e18

                                                                                                                                                        SHA256

                                                                                                                                                        d6cd6c6b67a74405c85dee8839cc50b4e208c4b2fd20af676b402cb119637ce3

                                                                                                                                                        SHA512

                                                                                                                                                        0aca5fdc0ba392a926ce8f93e2a900ed69cf627835b11e8ce63fe7ff83cea1167152f3de27e75a93153a73c47a04bf33f7df9d31217ce8b8cfb1fba3a93203a6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\6FCA9D6B-CB0E-45E5-8488-7E273AC746AB\sender.exe
                                                                                                                                                        MD5

                                                                                                                                                        3622a481a75029c309940218af0eb232

                                                                                                                                                        SHA1

                                                                                                                                                        9c64e58619e64e9b30afa03433edf23a5f936a1a

                                                                                                                                                        SHA256

                                                                                                                                                        b4caa54898bcb8d1e4bf424d1eed05e9d4c8e0cfa3f722a6628f700f6ff1492d

                                                                                                                                                        SHA512

                                                                                                                                                        3edbbb09d5dab177c4fa42a8447ba1956a783b58dcb2a99d60b09fd260aa399efe71721dee15647156396de755a3fcba0821ee9caed84bb449a37aad5440d38b

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\6FCA9D6B-CB0E-45E5-8488-7E273AC746AB\sender.exe
                                                                                                                                                        MD5

                                                                                                                                                        3622a481a75029c309940218af0eb232

                                                                                                                                                        SHA1

                                                                                                                                                        9c64e58619e64e9b30afa03433edf23a5f936a1a

                                                                                                                                                        SHA256

                                                                                                                                                        b4caa54898bcb8d1e4bf424d1eed05e9d4c8e0cfa3f722a6628f700f6ff1492d

                                                                                                                                                        SHA512

                                                                                                                                                        3edbbb09d5dab177c4fa42a8447ba1956a783b58dcb2a99d60b09fd260aa399efe71721dee15647156396de755a3fcba0821ee9caed84bb449a37aad5440d38b

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                                                                                                                                                        MD5

                                                                                                                                                        e3abbcda7bcb5417e7292a4babda2140

                                                                                                                                                        SHA1

                                                                                                                                                        19950a487927f4bee78775683e3c5e13c58135f8

                                                                                                                                                        SHA256

                                                                                                                                                        8513ef1f1001080e8da0004f947058e833cd04fa29a898511992d87666b1b875

                                                                                                                                                        SHA512

                                                                                                                                                        a419b0556fa92700d36bd10a3efac5fbe00496c394cf29b091d91cedcc7fc4cb503c7805c86ada9fb7a47a1c8a5c9c248287b98be0175bbf581460cae7ef3ba0

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\7F4987FB1A6E43d69E3E94B29EB75926\YandexPackSetup.exe
                                                                                                                                                        MD5

                                                                                                                                                        e3abbcda7bcb5417e7292a4babda2140

                                                                                                                                                        SHA1

                                                                                                                                                        19950a487927f4bee78775683e3c5e13c58135f8

                                                                                                                                                        SHA256

                                                                                                                                                        8513ef1f1001080e8da0004f947058e833cd04fa29a898511992d87666b1b875

                                                                                                                                                        SHA512

                                                                                                                                                        a419b0556fa92700d36bd10a3efac5fbe00496c394cf29b091d91cedcc7fc4cb503c7805c86ada9fb7a47a1c8a5c9c248287b98be0175bbf581460cae7ef3ba0

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\CAF6A3A5-A45B-4C90-BCCB-6D0A9B4513EE\seederexe.exe
                                                                                                                                                        MD5

                                                                                                                                                        1490f7dfcd766cce6d57be30950cc158

                                                                                                                                                        SHA1

                                                                                                                                                        e8240d3ef72146276b53d056c1e41831962aa67f

                                                                                                                                                        SHA256

                                                                                                                                                        417c45dc0e73eae14df419acddd751bf378b64ee5c8862053bf03c983676b210

                                                                                                                                                        SHA512

                                                                                                                                                        a23bd3ad7f6e2fe3802c120c9399642f015f6ca8dc65e42aa23104c7e78199974054ef5a1e861349b20faa327dab1f2f78ce6034f34b131c5f67cd0b136e37ba

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe
                                                                                                                                                        MD5

                                                                                                                                                        7931d5100242e6fc0ca3ff2dfe0f74fa

                                                                                                                                                        SHA1

                                                                                                                                                        3984301bcf28055a5f2619a1e4d1211b48916482

                                                                                                                                                        SHA256

                                                                                                                                                        c512e108729bc8bd62fb56fd390e002864e939fde055b1ffb3b823e5c0a68b05

                                                                                                                                                        SHA512

                                                                                                                                                        171d4e87411d6b55dff5035f808fc23eb3db76a5239008bfd64cfea7ab1528b9dbc3d894b65fe8988432ae440e259d29e1bcf72d978a00ea6e8220a378f9011c

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe
                                                                                                                                                        MD5

                                                                                                                                                        7931d5100242e6fc0ca3ff2dfe0f74fa

                                                                                                                                                        SHA1

                                                                                                                                                        3984301bcf28055a5f2619a1e4d1211b48916482

                                                                                                                                                        SHA256

                                                                                                                                                        c512e108729bc8bd62fb56fd390e002864e939fde055b1ffb3b823e5c0a68b05

                                                                                                                                                        SHA512

                                                                                                                                                        171d4e87411d6b55dff5035f808fc23eb3db76a5239008bfd64cfea7ab1528b9dbc3d894b65fe8988432ae440e259d29e1bcf72d978a00ea6e8220a378f9011c

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe
                                                                                                                                                        MD5

                                                                                                                                                        7931d5100242e6fc0ca3ff2dfe0f74fa

                                                                                                                                                        SHA1

                                                                                                                                                        3984301bcf28055a5f2619a1e4d1211b48916482

                                                                                                                                                        SHA256

                                                                                                                                                        c512e108729bc8bd62fb56fd390e002864e939fde055b1ffb3b823e5c0a68b05

                                                                                                                                                        SHA512

                                                                                                                                                        171d4e87411d6b55dff5035f808fc23eb3db76a5239008bfd64cfea7ab1528b9dbc3d894b65fe8988432ae440e259d29e1bcf72d978a00ea6e8220a378f9011c

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\YB_ED637.tmp\setup.exe
                                                                                                                                                        MD5

                                                                                                                                                        7931d5100242e6fc0ca3ff2dfe0f74fa

                                                                                                                                                        SHA1

                                                                                                                                                        3984301bcf28055a5f2619a1e4d1211b48916482

                                                                                                                                                        SHA256

                                                                                                                                                        c512e108729bc8bd62fb56fd390e002864e939fde055b1ffb3b823e5c0a68b05

                                                                                                                                                        SHA512

                                                                                                                                                        171d4e87411d6b55dff5035f808fc23eb3db76a5239008bfd64cfea7ab1528b9dbc3d894b65fe8988432ae440e259d29e1bcf72d978a00ea6e8220a378f9011c

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\YandexSearch00000.log
                                                                                                                                                        MD5

                                                                                                                                                        7be5203238eb664c9b7514c275a28fac

                                                                                                                                                        SHA1

                                                                                                                                                        537052e773c16cbe8a4101da31e87745f2bda49f

                                                                                                                                                        SHA256

                                                                                                                                                        587077aa11d5f68db6ea45494b84fd008729dc9c30c02ffc904935dbf6df7374

                                                                                                                                                        SHA512

                                                                                                                                                        6d5323a925374695c7cb75fcc9044b7500b2ec131191c1b0dec98204fcb45ad6b12319a868cb674ddebdc00e3473a25f07f9da1a0514108b6c50efaa25c3c5dd

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\clids-yasearch.xml
                                                                                                                                                        MD5

                                                                                                                                                        c39f6f67fe148fc35043a3fadd91d9a4

                                                                                                                                                        SHA1

                                                                                                                                                        b61329c6bd21b3f1a3a3446e5b1c25c4853ae781

                                                                                                                                                        SHA256

                                                                                                                                                        886641aac075e73f5331e51b11b6b2b7caaa2ddcda8139bd3fcd9cee86f20248

                                                                                                                                                        SHA512

                                                                                                                                                        af07c026bd5c1abf59a3928163078c2f109c1146ef8b92db5ef055b69788daeb516d43d0d10e9c91420c9ac1e9e883f49225e4bf7297efd983b20dc7f2fb8850

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                                                                                        MD5

                                                                                                                                                        ffb0c77c9d4d688259bb46f434e03eb5

                                                                                                                                                        SHA1

                                                                                                                                                        acfd1629c554a423563851bdb97c141878ee5b43

                                                                                                                                                        SHA256

                                                                                                                                                        4a9b4179a7d1bf7b50170180b68fe519ca751d10ff088d447b8924b2789c26b0

                                                                                                                                                        SHA512

                                                                                                                                                        7d1f111308217999693c9d2fb9487f83e8c008cdc933cdfcd2c5475899e614eeb6fe13add1e6d7723e01e524dff37ebce6c6ca146454e24425cb4ae99e711536

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                                                                                        MD5

                                                                                                                                                        ffb0c77c9d4d688259bb46f434e03eb5

                                                                                                                                                        SHA1

                                                                                                                                                        acfd1629c554a423563851bdb97c141878ee5b43

                                                                                                                                                        SHA256

                                                                                                                                                        4a9b4179a7d1bf7b50170180b68fe519ca751d10ff088d447b8924b2789c26b0

                                                                                                                                                        SHA512

                                                                                                                                                        7d1f111308217999693c9d2fb9487f83e8c008cdc933cdfcd2c5475899e614eeb6fe13add1e6d7723e01e524dff37ebce6c6ca146454e24425cb4ae99e711536

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                                                                                                                                                        MD5

                                                                                                                                                        fa4a68bf3210f747a4bc077d29266f7e

                                                                                                                                                        SHA1

                                                                                                                                                        86ecbcc072c31e621f337248e6fe2eaf4b9e8a70

                                                                                                                                                        SHA256

                                                                                                                                                        c68f2fb792c1fa5cd8656e856df54a17e669649e41ad86b50f6c2cc9deef505a

                                                                                                                                                        SHA512

                                                                                                                                                        d1d440107eddd4e08336698f6608adfd512bf0d6134011350675e2cccee9a2b3cdfa989e3cf8c6a960ba246d69f334cd6042c9ab6be273bb69e65cdc61ab8d51

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\tmp1800aaaaaa
                                                                                                                                                        MD5

                                                                                                                                                        dc595f5eb36201c63a6fdfc8879954f3

                                                                                                                                                        SHA1

                                                                                                                                                        6ada0b82267bff0913e963939acf7e7fe6055d8c

                                                                                                                                                        SHA256

                                                                                                                                                        09a59214fe30a096a5ec4209af46489cb27fe17c06cee6aaf0b98b17e1318505

                                                                                                                                                        SHA512

                                                                                                                                                        678dc29481777e54f929d8b5e9d80deba794c138493b4a39c9481d35e3e813dcb3b07f0b085117cf16992a600c9d80fc2b285cb6b5e91ba194b5340b3bee932d

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                                                                                        MD5

                                                                                                                                                        68867649b721efba9793098e143e0c11

                                                                                                                                                        SHA1

                                                                                                                                                        b2c2ffe274c8d7de47a33a09dd2152d87df63984

                                                                                                                                                        SHA256

                                                                                                                                                        207ddb03caad0e81053974a14ad01a5ebf2ae1e5969766d8677c6986053f2597

                                                                                                                                                        SHA512

                                                                                                                                                        74b454296987ac202602431c5b5bee13b9fb3224a0e7152fc437bdfe6ff6afe3bb187e4aebfc79ed9c2a01a91b60b723a2dbb1948faa4ccea35e702b853b7a5c

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\yb39B3.tmp
                                                                                                                                                        MD5

                                                                                                                                                        b37ebe9372a528842ebf633bbf1a6987

                                                                                                                                                        SHA1

                                                                                                                                                        175e7b8f50cba1c9f02d4f979343b4245b6e4ebc

                                                                                                                                                        SHA256

                                                                                                                                                        06480ac95c5113d36086c3368a6fb433d5491fa3ad76f87aa2ed66a2b47fbb83

                                                                                                                                                        SHA512

                                                                                                                                                        d7eae59deb555118859d97164bc1f44a54fba0c3fdb4c3a838c44dff6730043cdab6340d725aef999f17ed05ca4509fee3923f78d38d5269e584d68fe02557b1

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe
                                                                                                                                                        MD5

                                                                                                                                                        97ebc29e51f4383714028319a7e14b3d

                                                                                                                                                        SHA1

                                                                                                                                                        52225704ad8a77342f4e5ae26acc9dc974b1b663

                                                                                                                                                        SHA256

                                                                                                                                                        e9847cf182b6ac4e0f5ca6148ad7c6ca87b07f850eec652cda638a55ea33a2b7

                                                                                                                                                        SHA512

                                                                                                                                                        ee882571976c0031e420b4e766f7d29972cee099883a88fd52c8bfeba4e27033fa8823e63958037f50ae4a28f2839fbf4e58ede6b0d2ab7e226258f56c43be8f

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{46C0611B-BD1A-4850-A713-B9428CEF362F}.exe
                                                                                                                                                        MD5

                                                                                                                                                        97ebc29e51f4383714028319a7e14b3d

                                                                                                                                                        SHA1

                                                                                                                                                        52225704ad8a77342f4e5ae26acc9dc974b1b663

                                                                                                                                                        SHA256

                                                                                                                                                        e9847cf182b6ac4e0f5ca6148ad7c6ca87b07f850eec652cda638a55ea33a2b7

                                                                                                                                                        SHA512

                                                                                                                                                        ee882571976c0031e420b4e766f7d29972cee099883a88fd52c8bfeba4e27033fa8823e63958037f50ae4a28f2839fbf4e58ede6b0d2ab7e226258f56c43be8f

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{5B964E0E-B9A3-4276-9ED9-4D5A5720747A}\YandexSearch.msi
                                                                                                                                                        MD5

                                                                                                                                                        98749718959eea953136dc47f4d2d111

                                                                                                                                                        SHA1

                                                                                                                                                        76e1cf2dd17a09dc09808d086016a46c2656aaf6

                                                                                                                                                        SHA256

                                                                                                                                                        bd153b3e95f3db3fb4c6494f048c4fa3debeba80d96374ceadaddc03c354c1ce

                                                                                                                                                        SHA512

                                                                                                                                                        e5504777834c27fc0ad00ab7d35b810f4af09d97e93fd66edf6cabb71a8843ba4f19647344a856dbcc346b0382b94468ceb60db4d0041b4ebdae74f1a6334a7b

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                                                                                        MD5

                                                                                                                                                        fa4a68bf3210f747a4bc077d29266f7e

                                                                                                                                                        SHA1

                                                                                                                                                        86ecbcc072c31e621f337248e6fe2eaf4b9e8a70

                                                                                                                                                        SHA256

                                                                                                                                                        c68f2fb792c1fa5cd8656e856df54a17e669649e41ad86b50f6c2cc9deef505a

                                                                                                                                                        SHA512

                                                                                                                                                        d1d440107eddd4e08336698f6608adfd512bf0d6134011350675e2cccee9a2b3cdfa989e3cf8c6a960ba246d69f334cd6042c9ab6be273bb69e65cdc61ab8d51

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                                                                                        MD5

                                                                                                                                                        fa4a68bf3210f747a4bc077d29266f7e

                                                                                                                                                        SHA1

                                                                                                                                                        86ecbcc072c31e621f337248e6fe2eaf4b9e8a70

                                                                                                                                                        SHA256

                                                                                                                                                        c68f2fb792c1fa5cd8656e856df54a17e669649e41ad86b50f6c2cc9deef505a

                                                                                                                                                        SHA512

                                                                                                                                                        d1d440107eddd4e08336698f6608adfd512bf0d6134011350675e2cccee9a2b3cdfa989e3cf8c6a960ba246d69f334cd6042c9ab6be273bb69e65cdc61ab8d51

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk
                                                                                                                                                        MD5

                                                                                                                                                        268b0ad2b555da42ad37ea5fb05255dd

                                                                                                                                                        SHA1

                                                                                                                                                        59c051533e7d2a1ea1f10cefe6408a1633a5d8f4

                                                                                                                                                        SHA256

                                                                                                                                                        5679b8d055dd57805373b01d77cd727e717ea80bbf05a2695ef678b182e57013

                                                                                                                                                        SHA512

                                                                                                                                                        d3346b49298ce4783d5149e918bda3c61d7bbe9467c7a2fc87c17aeba32547e3a58157c4dbb133343a8510404b8081f69ae60c27ba5cab0535fa45c19617a6d3

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
                                                                                                                                                        MD5

                                                                                                                                                        73c24d043acafc7b4e81cdc14b0c88d1

                                                                                                                                                        SHA1

                                                                                                                                                        bb5bc67fde23b4b6732955a62f35b4f1bbc4fa73

                                                                                                                                                        SHA256

                                                                                                                                                        e7a51fb11e5e5d0659f278c13c39db0015cc97d3fae2f2136a7048e8e35b382b

                                                                                                                                                        SHA512

                                                                                                                                                        70c45b2a41111902e3b0b8c4691a6b7000a007494623f2138412a59eb2cd1483a13e6f123f797aa9682503970462d008f18a72622770e04080cc910c531e4e6e

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Яндекс.website
                                                                                                                                                        MD5

                                                                                                                                                        450a0e55609d098d2ea2b925cacadc69

                                                                                                                                                        SHA1

                                                                                                                                                        f61417be427d11d8afba5cdfd54fe592591714b9

                                                                                                                                                        SHA256

                                                                                                                                                        243faedb5afcb7c6b55536c770d2a679ac1f2ef3e5304c6c052d60742333b438

                                                                                                                                                        SHA512

                                                                                                                                                        340b02469d463905cca59b275bf4010bf5c27ec517470ab8747a9b409848551deb35a41def12f4748b8272a1453cbd60bfedd871214f4d13f4804f7406348b71

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Yandex\clids-yabrowser.xml
                                                                                                                                                        MD5

                                                                                                                                                        7922c3eba961f32b3040c5d059dd8fd9

                                                                                                                                                        SHA1

                                                                                                                                                        ef17dd30c68cc810c6b785318eba06c9f8d009da

                                                                                                                                                        SHA256

                                                                                                                                                        9929509cfd22af01e022b9b288ad68a8274fdafcd8b9f289ce61bec1e86718e0

                                                                                                                                                        SHA512

                                                                                                                                                        0cd0a169a6f399d58b710bfdcdaffc0f451b99653481b12b9d1c017cc16837e36eb7cd394197d1e00b1669a38040ccf3017985fdf85c9d3213eec8979d72c827

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\Yandex\ui
                                                                                                                                                        MD5

                                                                                                                                                        e226d02b1e4e2a0f70b7f14d6e8e8c0b

                                                                                                                                                        SHA1

                                                                                                                                                        e58fdc424741308133c247f81df14061dbd6bacd

                                                                                                                                                        SHA256

                                                                                                                                                        6b07f77ab745bcb019834dbf367cf5e311d4fb3405b3f3d23b3d645864a64f1d

                                                                                                                                                        SHA512

                                                                                                                                                        dd2d761fa27f769b00aa2e443214d67e777133138c0d50a58825119622a505d54b2ddd1316b0fde91e5af9270e4e5720587825fb9fba3b8fee5f0c671de5ba92

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI2D30.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI2E4A.tmp
                                                                                                                                                        MD5

                                                                                                                                                        77f6c8cd91fb34aaf8d4d75c5859b271

                                                                                                                                                        SHA1

                                                                                                                                                        98d30af33076335c3bedadd589d74e4d17e80788

                                                                                                                                                        SHA256

                                                                                                                                                        74ff162259c58073005e66ba20f6e390112453a1e389330c614f56ff6e265b54

                                                                                                                                                        SHA512

                                                                                                                                                        20cac8e67ba0f0a3d9f3b92abfab43fd8eeb0a9ffad3da02d6d6ada97253a137922a92f53485772b4a4d2673b9f643abb3b6407a4d397c9c1d8638f1636ac457

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI2E99.tmp
                                                                                                                                                        MD5

                                                                                                                                                        77f6c8cd91fb34aaf8d4d75c5859b271

                                                                                                                                                        SHA1

                                                                                                                                                        98d30af33076335c3bedadd589d74e4d17e80788

                                                                                                                                                        SHA256

                                                                                                                                                        74ff162259c58073005e66ba20f6e390112453a1e389330c614f56ff6e265b54

                                                                                                                                                        SHA512

                                                                                                                                                        20cac8e67ba0f0a3d9f3b92abfab43fd8eeb0a9ffad3da02d6d6ada97253a137922a92f53485772b4a4d2673b9f643abb3b6407a4d397c9c1d8638f1636ac457

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI2FF2.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI3041.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI3090.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI30D0.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI315D.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI322A.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • C:\Windows\Installer\MSI32B7.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI2D30.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI2E4A.tmp
                                                                                                                                                        MD5

                                                                                                                                                        77f6c8cd91fb34aaf8d4d75c5859b271

                                                                                                                                                        SHA1

                                                                                                                                                        98d30af33076335c3bedadd589d74e4d17e80788

                                                                                                                                                        SHA256

                                                                                                                                                        74ff162259c58073005e66ba20f6e390112453a1e389330c614f56ff6e265b54

                                                                                                                                                        SHA512

                                                                                                                                                        20cac8e67ba0f0a3d9f3b92abfab43fd8eeb0a9ffad3da02d6d6ada97253a137922a92f53485772b4a4d2673b9f643abb3b6407a4d397c9c1d8638f1636ac457

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI2E99.tmp
                                                                                                                                                        MD5

                                                                                                                                                        77f6c8cd91fb34aaf8d4d75c5859b271

                                                                                                                                                        SHA1

                                                                                                                                                        98d30af33076335c3bedadd589d74e4d17e80788

                                                                                                                                                        SHA256

                                                                                                                                                        74ff162259c58073005e66ba20f6e390112453a1e389330c614f56ff6e265b54

                                                                                                                                                        SHA512

                                                                                                                                                        20cac8e67ba0f0a3d9f3b92abfab43fd8eeb0a9ffad3da02d6d6ada97253a137922a92f53485772b4a4d2673b9f643abb3b6407a4d397c9c1d8638f1636ac457

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI2FF2.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI3041.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI3090.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI30D0.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI315D.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI322A.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • \Windows\Installer\MSI32B7.tmp
                                                                                                                                                        MD5

                                                                                                                                                        f6ee185930e588161964f5dbb752ffbd

                                                                                                                                                        SHA1

                                                                                                                                                        0c41195bd91b90d3a581852b6315991f7fd54c52

                                                                                                                                                        SHA256

                                                                                                                                                        a821faa27ba5df16fdfcab152737b641dc759f306dfdd682a28c61f5ee6b16fb

                                                                                                                                                        SHA512

                                                                                                                                                        a752fb1f1d9637e2f83b4fdd27c69ffccdbda6cdd42723906f60ffd17e9801297e850edaa3a47a6a5a5e188cb0aa7ea97eb4d1f577e002c052d871271dc8b8d6

                                                                                                                                                        Download Submit
                                                                                                                                                      • memory/740-230-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/1116-283-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/1216-285-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/1604-150-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/1784-174-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/1800-157-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/1808-229-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/1864-135-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/2020-115-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/2104-122-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/2204-170-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/2240-272-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/2240-268-0x00000000775B2000-0x00000000775B200C-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        12B

                                                                                                                                                        Download
                                                                                                                                                      • memory/2488-121-0x0000000000550000-0x0000000000551000-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        Download
                                                                                                                                                      • memory/2488-118-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/2568-287-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/2680-114-0x0000000000500000-0x000000000064A000-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        1.3MB

                                                                                                                                                        Download
                                                                                                                                                      • memory/3472-262-0x00000000775B2000-0x00000000775B200C-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        12B

                                                                                                                                                        Download
                                                                                                                                                      • memory/3472-266-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/3516-282-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/3688-280-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/3952-124-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4112-286-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4116-261-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4116-258-0x00000000775B2000-0x00000000775B200C-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        12B

                                                                                                                                                        Download
                                                                                                                                                      • memory/4120-177-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4316-184-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4328-241-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4328-254-0x0000029942EB0000-0x0000029942EB1000-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        4KB

                                                                                                                                                        Download
                                                                                                                                                      • memory/4344-188-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4364-233-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4392-281-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4404-194-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4444-200-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4464-238-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4492-279-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4496-277-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4496-274-0x00000000775B2000-0x00000000775B200C-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        12B

                                                                                                                                                        Download
                                                                                                                                                      • memory/4536-205-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4588-208-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4600-242-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4644-213-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4700-216-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4736-219-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4764-243-0x00000000775B2000-0x00000000775B200C-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        12B

                                                                                                                                                        Download
                                                                                                                                                      • memory/4764-245-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4764-222-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4832-225-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4880-226-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4892-246-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4928-227-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4968-284-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/4976-228-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5020-255-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5020-252-0x00000000775B2000-0x00000000775B200C-memory.dmp
                                                                                                                                                        Filesize

                                                                                                                                                        12B

                                                                                                                                                        Download
                                                                                                                                                      • memory/5124-288-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5192-289-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5224-290-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5292-291-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5316-292-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5352-293-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5412-294-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5452-295-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5472-296-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5524-297-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5564-298-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5616-299-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5652-300-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5692-301-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5732-302-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5776-303-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5808-304-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download
                                                                                                                                                      • memory/5824-305-0x0000000000000000-mapping.dmp
                                                                                                                                                        Download