Overview

overview

10

Static

static

Yandex.exe

windows7-x64

8

Yandex.exe

windows10-1703-x64

10

Yandex.exe

windows10-2004-x64

8

Resubmissions

17-10-2022 19:36

221017-ybkpeacgf7 10

17-10-2022 17:27

221017-v1ye1scfdl 8

17-10-2022 14:10

221017-rg6qhacbgq 8

Analysis

  • max time kernel
    1572s
  • max time network
    1573s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17-10-2022 19:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yandex.exe

  • Size

    2.4MB

  • MD5

    09bb3df23630c9111a5860cb96bde6ad

  • SHA1

    217d78e392e7ef295596862175eb353977a85738

  • SHA256

    e36891d982acaa5b12e27cf55fae3581e29dd0ef35d0dd98ae93296034b5177e

  • SHA512

    8a216eac67b5d4bc54781a166cd48ab8a68e0b983fb346c14030eca060046fe7484f76fa4eb006164c5781684cad82f7d29afaf9514e70c81feffe70df402f31

  • SSDEEP

    49152:CsEpJsMKSCZrcPEGuW9Q+iA5H5u8QeuL:CsEpuBZrcPEGuWMxt

Score
10/10
azorultnymaimsocelarscollectiondiscoveryevasioninfostealerpersistencespywarestealerthemidatrojan

Malware Config

Extracted

Family

nymaim

C2

45.15.156.54

85.31.46.167

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • NyMaim

    NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    trojannymaim
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Socelars

    Socelars is an infostealer targeting browser cookies and credit card credentials.

    stealersocelars
  • evasion 1 IoCs

    evasion.

    evasion
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 27 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 31 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 13 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 10 IoCs
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 15 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 33 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 25 IoCs
    evasionspywaretrojan
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k netsvcs -s Schedule
    1⤵
    • Drops file in System32 directory
    PID:1056
    • C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
      C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe
      2⤵
        PID:5652
        • C:\Windows\SysWOW64\schtasks.exe
          /C /create /F /sc minute /mo 5 /tn "Event Viewer Snap-in Launcher (29762912)" /tr "C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe"
          3⤵
          • Creates scheduled task(s)
          PID:3916
    • c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
      1⤵
        PID:1128
      • c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s Themes
        1⤵
          PID:1148
        • c:\windows\system32\svchost.exe
          c:\windows\system32\svchost.exe -k netsvcs -s SENS
          1⤵
            PID:1352
          • c:\windows\system32\svchost.exe
            c:\windows\system32\svchost.exe -k netsvcs -s UserManager
            1⤵
              PID:1392
            • c:\windows\system32\svchost.exe
              c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
              1⤵
                PID:1868
              • c:\windows\system32\svchost.exe
                c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
                1⤵
                  PID:2252
                • c:\windows\system32\svchost.exe
                  c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
                  1⤵
                    PID:2320
                  • c:\windows\system32\svchost.exe
                    c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
                    1⤵
                      PID:2416
                    • c:\windows\system32\svchost.exe
                      c:\windows\system32\svchost.exe -k netsvcs -s WpnService
                      1⤵
                        PID:2428
                      • c:\windows\system32\svchost.exe
                        c:\windows\system32\svchost.exe -k netsvcs -s Browser
                        1⤵
                          PID:2708
                        • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
                          "C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
                          1⤵
                          • Modifies system certificate store
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SetWindowsHookEx
                          • Suspicious use of WriteProcessMemory
                          PID:2476
                          • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
                            "C:\Users\Admin\AppData\Local\Temp\Yandex.exe" --check-the-interface
                            2⤵
                              PID:3908
                            • C:\Users\Admin\AppData\Local\Temp\Yandex.exe
                              "C:\Users\Admin\AppData\Local\Temp\Yandex.exe" --parent-installer-process-id=2476 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\41980fe7-0bc6-48e3-beb6-c34bfe7f02c2.tmp\" --brand-name=yandex --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --ok-button-pressed-time=415856706 --progress-window=458834 --send-statistics --the-interface-availability=150630000 --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\9c475d6e-a4f3-4819-b1f9-e09f6a2d229e.tmp\" --verbose-logging"
                              2⤵
                              • Suspicious use of WriteProcessMemory
                              PID:4132
                              • C:\Users\Admin\AppData\Local\Temp\yb8041.tmp
                                "C:\Users\Admin\AppData\Local\Temp\yb8041.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\41980fe7-0bc6-48e3-beb6-c34bfe7f02c2.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=33 --install-start-time-no-uac=416825454 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=415856706 --progress-window=458834 --send-statistics --source=lite --the-interface-availability=150630000 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9c475d6e-a4f3-4819-b1f9-e09f6a2d229e.tmp" --verbose-logging
                                3⤵
                                • Executes dropped EXE
                                • Suspicious use of WriteProcessMemory
                                PID:4904
                                • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe
                                  "C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\41980fe7-0bc6-48e3-beb6-c34bfe7f02c2.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=33 --install-start-time-no-uac=416825454 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=415856706 --progress-window=458834 --send-statistics --source=lite --the-interface-availability=150630000 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9c475d6e-a4f3-4819-b1f9-e09f6a2d229e.tmp" --verbose-logging
                                  4⤵
                                  • Executes dropped EXE
                                  • Suspicious use of WriteProcessMemory
                                  PID:3992
                                  • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe
                                    "C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\BROWSER.PACKED.7Z" --searchband-file="C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\SEARCHBAND.EXE" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\41980fe7-0bc6-48e3-beb6-c34bfe7f02c2.tmp" --brand-name=yandex --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --clids-searchband-file="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml" --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=33 --install-start-time-no-uac=416825454 --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --ok-button-pressed-time=415856706 --progress-window=458834 --send-statistics --source=lite --the-interface-availability=150630000 --variations-update-path="C:\Users\Admin\AppData\Local\Temp\9c475d6e-a4f3-4819-b1f9-e09f6a2d229e.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=444741343
                                    5⤵
                                    • Executes dropped EXE
                                    • Modifies registry class
                                    • Modifies system certificate store
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of WriteProcessMemory
                                    PID:1960
                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe
                                      C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=1960 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x304,0x308,0x30c,0x2e0,0x310,0x6421d8,0x6421e8,0x6421f4
                                      6⤵
                                      • Executes dropped EXE
                                      PID:1408
                                    • C:\Windows\TEMP\sdwra_1960_100543684\service_update.exe
                                      "C:\Windows\TEMP\sdwra_1960_100543684\service_update.exe" --setup
                                      6⤵
                                      • Executes dropped EXE
                                      • Drops file in Program Files directory
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of WriteProcessMemory
                                      PID:3620
                                      • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                        "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --install
                                        7⤵
                                        • Executes dropped EXE
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4248
                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_2024377228\explorer.exe
                                      "C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_2024377228\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
                                      6⤵
                                      • Executes dropped EXE
                                      • Checks computer location settings
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of WriteProcessMemory
                                      PID:224
                                      • C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_2024377228\explorer.exe
                                        C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_2024377228\explorer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=224 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x10e21d8,0x10e21e8,0x10e21f4
                                        7⤵
                                        • Executes dropped EXE
                                        PID:4960
                                    • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                      C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent
                                      6⤵
                                      • Executes dropped EXE
                                      • Checks computer location settings
                                      • Suspicious use of WriteProcessMemory
                                      PID:4244
                                      • C:\Users\Admin\AppData\Local\Temp\pin\explorer.exe
                                        C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe --silent /pin-path="C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.lnk" --is-pinning
                                        7⤵
                                        • Executes dropped EXE
                                        • Checks computer location settings
                                        • Suspicious use of FindShellTrayWindow
                                        PID:2096
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
                                      6⤵
                                      • Executes dropped EXE
                                      PID:948
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1960_345391510\Browser-bin\clids_yandex.xml"
                                      6⤵
                                      • Executes dropped EXE
                                      PID:4016
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids_searchband.xml"
                                      6⤵
                                      • Executes dropped EXE
                                      PID:3256
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=searchband --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source1960_345391510\Browser-bin\clids_searchband.xml"
                                      6⤵
                                      • Executes dropped EXE
                                      PID:4732
                          • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                            "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --run-as-service
                            1⤵
                            • Executes dropped EXE
                            • Drops file in System32 directory
                            • Drops file in Program Files directory
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of WriteProcessMemory
                            PID:4672
                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                              "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=4672 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x617ae8,0x617af8,0x617b04
                              2⤵
                              • Executes dropped EXE
                              PID:2560
                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                              "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-scheduler
                              2⤵
                              • Executes dropped EXE
                              • Drops file in Windows directory
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of WriteProcessMemory
                              PID:592
                              • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --update-background-scheduler
                                3⤵
                                • Executes dropped EXE
                                • Drops file in Windows directory
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1920
                            • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                              "C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe" --statistics=https://api.browser.yandex.ru/installstats/send/dtype=stred/pid=457/cid=72992/path=extended_stat/vars=-action=version_folder_files_check_unused,-brand_id=unknown,-error=FONT_NOT_FOUND,-files_mask=66977119,-installer_type=service_audit,-launched=false,-old_style=0,-old_ver=,-result=0,-stage=error,-target=version_folder_files_check,-ui=0C94D5DE_0365_44BA_890D_90CAE3061C52/*
                              2⤵
                              • Executes dropped EXE
                              • Drops file in System32 directory
                              • Modifies data under HKEY_USERS
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2892
                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=458834 --ok-button-pressed-time=415856706 --install-start-time-no-uac=416825454
                            1⤵
                            • Executes dropped EXE
                            • Checks computer location settings
                            • Loads dropped DLL
                            • Adds Run key to start application
                            • Drops file in Windows directory
                            • Enumerates system info in registry
                            • Modifies data under HKEY_USERS
                            • Modifies registry class
                            • Modifies system certificate store
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of SetWindowsHookEx
                            • Suspicious use of WriteProcessMemory
                            PID:4948
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=4948 --annotation=metrics_client_id=6bf0c1057e94498eb4ab2473e0defe98 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x154,0x158,0x15c,0x130,0x160,0x715da3b0,0x715da3c0,0x715da3cc
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              PID:2640
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:2
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4044
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=1880 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4648
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Storage Service" --mojo-platform-channel-handle=2164 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4844
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=ru --service-sandbox-type=audio --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Audio Service" --mojo-platform-channel-handle=2600 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5068
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=3396 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                              2⤵
                              • Executes dropped EXE
                              • Checks computer location settings
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1320
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Video Capture" --mojo-platform-channel-handle=3712 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1756
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --allow-prefetch --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3748 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                              2⤵
                              • Executes dropped EXE
                              • Checks computer location settings
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5076
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3816 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3460
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --extension-process --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3824 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                              2⤵
                              • Executes dropped EXE
                              • Checks computer location settings
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3796
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3836 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                              2⤵
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4684
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=4024 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                              2⤵
                              • Executes dropped EXE
                              • Checks computer location settings
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:1188
                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe
                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\22.9.3.891\browser_diagnostics.exe" --uninstall
                              2⤵
                                PID:1892
                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4000 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                2⤵
                                  PID:980
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=speechkit.mojom.Speechkit --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Speechkit Service" --mojo-platform-channel-handle=4820 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5028
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=5576 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1960
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=6296 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                  2⤵
                                  • Executes dropped EXE
                                  • Checks computer location settings
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1164
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5772 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                  2⤵
                                  • Executes dropped EXE
                                  • Checks computer location settings
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4884
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=5616 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4996
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=3388 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4168
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --ya-custo-process --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4032 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                  2⤵
                                  • Executes dropped EXE
                                  • Checks computer location settings
                                  • Loads dropped DLL
                                  PID:3720
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6572 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1900
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5936 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1156
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6752 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4312
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4236 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2812
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6364 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3908
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4576 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1268
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6784 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4956
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6848 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:660
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6892 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4244
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6884 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2436
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6348 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3104
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6044 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Loads dropped DLL
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5052
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6876 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2648
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4460 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:4264
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3880 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:420
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6932 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:980
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6944 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:3732
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6956 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:1072
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=4568 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:4544
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6688 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:3996
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=6356 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:208
                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7048 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                  2⤵
                                    PID:4656
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7052 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                    2⤵
                                    • Executes dropped EXE
                                    PID:1400
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=3600 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                    2⤵
                                    • Checks computer location settings
                                    PID:2260
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=8484 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1892
                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=6740 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                    2⤵
                                      PID:3288
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Утилиты Windows" --mojo-platform-channel-handle=6760 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                      2⤵
                                      • Checks computer location settings
                                      PID:4016
                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=7548 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                      2⤵
                                        PID:1048
                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=7460 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                        2⤵
                                          PID:3168
                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=8992 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                          2⤵
                                            PID:820
                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Импорт профилей" --mojo-platform-channel-handle=6368 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                            2⤵
                                              PID:4028
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=8756 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                              2⤵
                                              • Checks computer location settings
                                              PID:4632
                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4240 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                              2⤵
                                                PID:4168
                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 --enable-elf-protection /prefetch:2
                                                2⤵
                                                  PID:4372
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=4936 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                  2⤵
                                                  • Checks computer location settings
                                                  PID:4896
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=8588 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                  2⤵
                                                  • Checks computer location settings
                                                  PID:4536
                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5188 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                  2⤵
                                                    PID:4200
                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6588 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                    2⤵
                                                      PID:2756
                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4456 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                      2⤵
                                                        PID:2272
                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=6684 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                        2⤵
                                                          PID:736
                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8220 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                          2⤵
                                                            PID:2540
                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=1760 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                            2⤵
                                                              PID:4968
                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=3124 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                              2⤵
                                                                PID:4872
                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=3936 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                2⤵
                                                                • Checks computer location settings
                                                                PID:1040
                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=7552 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                2⤵
                                                                  PID:2248
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=7312 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                  2⤵
                                                                  • Checks computer location settings
                                                                  PID:4728
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=7828 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                  2⤵
                                                                  • Checks computer location settings
                                                                  PID:2272
                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5412 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:392
                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=7680 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:2500
                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=spell_checker.mojom.SpellChecker --lang=ru --service-sandbox-type=utility --utility-enable-offline-spellchecker --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Проверка правописания" --mojo-platform-channel-handle=5248 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:4952
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=8776 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                        2⤵
                                                                        • Checks computer location settings
                                                                        PID:1340
                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=7176 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:692
                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=8032 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:4020
                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=4492 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:3348
                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=file_rating.mojom.FileRating --lang=ru --service-sandbox-type=utility --utility-enable-file-rating --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="File Rating Service" --mojo-platform-channel-handle=6488 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:2648
                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=3880 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                2⤵
                                                                                • Checks computer location settings
                                                                                PID:1640
                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Quarantine Service" --mojo-platform-channel-handle=8080 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:1812
                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=ru --service-sandbox-type=utility --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Распаковщик файлов" --mojo-platform-channel-handle=5516 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:4328
                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=8220 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:4072
                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=3816 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:2668
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=8632 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                        2⤵
                                                                                        • Checks computer location settings
                                                                                        PID:2916
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=5888 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                        2⤵
                                                                                        • Checks computer location settings
                                                                                        PID:4004
                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe
                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe" /uid:"895ba639-9815-4a3f-b7bb-0b6784e51da7" /yandex_uid:"9695090311666035513" /version:"21.2.26.0" /lang:"ru" /browser:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" /iv:"1" /report_dir:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport" /browser_user_gui_detect_cure
                                                                                        2⤵
                                                                                          PID:5288
                                                                                          • C:\Users\Admin\AppData\Local\Temp\YandexRescueTool\bct.exe
                                                                                            /session:L3VpZDo4OTViYTYzOS05ODE1LTRhM2YtYjdiYi0wYjY3ODRlNTFkYTcgL3lhbmRleF91aWQ6OTY5NTA5MDMxMTY2NjAzNTUxMyAvdmVyc2lvbjoyMS4yLjI2LjAgL2xhbmc6cnUgL2Jyb3dzZXI6QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxBcHBsaWNhdGlvblxicm93c2VyLmV4ZSAvaXY6MSAvcmVwb3J0X2RpcjoiQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxVc2VyIERhdGFcUmVzY3VlVG9vbFJlcG9ydCIgL2Jyb3dzZXJfdXNlcl9ndWlfZGV0ZWN0X2N1cmUgL2Jyb3dzZXJfYnVpbGQgL2NsaWQ6YnJvIC9wYXJlbnRfcGlkOjUyODg=
                                                                                            3⤵
                                                                                            • Drops file in System32 directory
                                                                                            PID:5504
                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=6132 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                          2⤵
                                                                                            PID:5612
                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5748 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                            2⤵
                                                                                              PID:5320
                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7596 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                              2⤵
                                                                                                PID:5352
                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=8136 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:5456
                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7848 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:5640
                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7916 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:5740
                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=8252 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:5792
                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7336 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:5824
                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=8932 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:5428
                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=8108 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:5300
                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5884 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:5656
                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5932 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:5860
                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=8464 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:5984
                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=8304 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:5296
                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7352 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:5480
                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7328 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:5820
                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7764 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:3268
                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=3784 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:5632
                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=696 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                              2⤵
                                                                                                                                PID:5864
                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7024 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                2⤵
                                                                                                                                  PID:5624
                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=5504 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:1276
                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7032 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                      PID:2492
                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7012 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                      2⤵
                                                                                                                                        PID:5876
                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7000 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                        2⤵
                                                                                                                                          PID:5556
                                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --mojo-platform-channel-handle=6972 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:5848
                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7128 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                            2⤵
                                                                                                                                              PID:4884
                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7116 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                              2⤵
                                                                                                                                                PID:68
                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Data Decoder Service" --mojo-platform-channel-handle=7040 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:5988
                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --mojo-platform-channel-handle=10420 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5516
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=5964 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                      PID:1592
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --mojo-platform-channel-handle=11260 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                      • Checks computer location settings
                                                                                                                                                      PID:4184
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --mojo-platform-channel-handle=10776 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                      • Checks computer location settings
                                                                                                                                                      PID:1324
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --help-url=https://api.browser.yandex.ru/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://webntp.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --display-capture-permissions-policy-allowed --enable-instaserp --disable-gpu-compositing --lang=ru --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --mojo-platform-channel-handle=4432 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                      • Checks computer location settings
                                                                                                                                                      PID:3980
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=file_rating.mojom.FileRating --lang=ru --service-sandbox-type=utility --utility-enable-file-rating --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="File Rating Service" --mojo-platform-channel-handle=10560 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                      2⤵
                                                                                                                                                        PID:4004
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Quarantine Service" --mojo-platform-channel-handle=10936 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                        2⤵
                                                                                                                                                          PID:5364
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=proxy_resolver.mojom.ProxyResolverFactory --lang=ru --service-sandbox-type=service --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name=Прокси-сервер V8 --mojo-platform-channel-handle=11632 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                          2⤵
                                                                                                                                                            PID:6060
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=10520 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                            2⤵
                                                                                                                                                              PID:4156
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueTool\21.2.26.0\YandexRescueTool.exe" /uid:"895ba639-9815-4a3f-b7bb-0b6784e51da7" /yandex_uid:"9695090311666035513" /version:"21.2.26.0" /lang:"ru" /browser:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" /iv:"1" /report_dir:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport" /browser_user_silent_detect /detect_report_html:"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\RescueToolReport\DetectReport.html"
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4260
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\YandexRescueTool\bct.exe
                                                                                                                                                                  /session:L3VpZDo4OTViYTYzOS05ODE1LTRhM2YtYjdiYi0wYjY3ODRlNTFkYTcgL3lhbmRleF91aWQ6OTY5NTA5MDMxMTY2NjAzNTUxMyAvdmVyc2lvbjoyMS4yLjI2LjAgL2xhbmc6cnUgL2Jyb3dzZXI6QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxBcHBsaWNhdGlvblxicm93c2VyLmV4ZSAvaXY6MSAvcmVwb3J0X2RpcjoiQzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxZYW5kZXhcWWFuZGV4QnJvd3NlclxVc2VyIERhdGFcUmVzY3VlVG9vbFJlcG9ydCIgL2Jyb3dzZXJfdXNlcl9zaWxlbnRfZGV0ZWN0IC9kZXRlY3RfcmVwb3J0X2h0bWw6IkM6XFVzZXJzXEFkbWluXEFwcERhdGFcTG9jYWxcWWFuZGV4XFlhbmRleEJyb3dzZXJcVXNlciBEYXRhXFJlc2N1ZVRvb2xSZXBvcnRcRGV0ZWN0UmVwb3J0Lmh0bWwiIC9icm93c2VyX2J1aWxkIC9ub19ndWkgL3NjYW5fbW9kZTpkZXRlY3QgL25vX2xhdW5jaF91YWMgL2NsaWQ6YnJvIC9wYXJlbnRfcGlkOjQyNjA=
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                  PID:5400
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=hips_info_provider.mojom.HipsInfoProvider --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name=hips_info_provider.mojom.HipsInfoProvider --mojo-platform-channel-handle=6284 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                                2⤵
                                                                                                                                                                • Checks whether UAC is enabled
                                                                                                                                                                PID:5560
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=deep_links_provider.mojom.DeepLinksProvider --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="DeepLinks service" --mojo-platform-channel-handle=6032 --field-trial-handle=1804,i,7213460759604548102,11324356421450068966,131072 /prefetch:8
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:5256
                                                                                                                                                              • \??\c:\windows\system32\svchost.exe
                                                                                                                                                                c:\windows\system32\svchost.exe -k netsvcs -s BITS
                                                                                                                                                                1⤵
                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                PID:1568
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater --bits_job_guid={3C7245C4-17CB-409D-805C-73826A8296A6}
                                                                                                                                                                  2⤵
                                                                                                                                                                  • Enumerates system info in registry
                                                                                                                                                                  PID:3736
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                    C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042701 --annotation=last_update_date=1666042701 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=3736 --annotation=metrics_client_id=6bf0c1057e94498eb4ab2473e0defe98 --annotation=micromode=broupdater --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x144,0x148,0x14c,0xdc,0x150,0x715da3b0,0x715da3c0,0x715da3cc
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:2648
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1716 --field-trial-handle=1812,i,14426076544257801539,708458358834726337,131072 /prefetch:2
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:3584
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2036 --field-trial-handle=1812,i,14426076544257801539,708458358834726337,131072 /prefetch:8
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:4776
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=install --bits_job_guid={2DE6BFEB-B297-4370-B552-BF0F701DE2A9}
                                                                                                                                                                        2⤵
                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                        PID:68
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                          C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042701 --annotation=last_update_date=1666042701 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=68 --annotation=metrics_client_id=6bf0c1057e94498eb4ab2473e0defe98 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x150,0x154,0x158,0x12c,0x15c,0x715da3b0,0x715da3c0,0x715da3cc
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:4536
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1696 --field-trial-handle=1808,i,1013262469609655708,13680166608806335824,131072 /prefetch:2
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:2668
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=2000 --field-trial-handle=1808,i,1013262469609655708,13680166608806335824,131072 /prefetch:8
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:3876
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --broupdater-stat-bits --broupdater-stat-name=dayuse --bits_job_guid={39E57277-9C7E-4DE8-8879-BCC07CAF9D30}
                                                                                                                                                                              2⤵
                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                              PID:340
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1666042701 --annotation=last_update_date=1666042701 --annotation=launches_after_update=1 --annotation=machine_id=f5ea51da667ecd6b5f2b9d06e4a3fc52 --annotation=main_process_pid=340 --annotation=metrics_client_id=6bf0c1057e94498eb4ab2473e0defe98 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=22.9.3.891 --initial-client-data=0x140,0x144,0x148,0x120,0x14c,0x715da3b0,0x715da3c0,0x715da3cc
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:1180
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1636 --field-trial-handle=1820,i,8839357868387071313,14284891314578213338,131072 /prefetch:2
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:4604
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=ru --service-sandbox-type=none --user-id=895BA639-9815-4A3F-B7BB-0B6784E51DA7 --brand-id=yandex --process-name="Network Service" --mojo-platform-channel-handle=288 --field-trial-handle=1820,i,8839357868387071313,14284891314578213338,131072 /prefetch:8
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:660
                                                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                                                    C:\Windows\system32\svchost.exe -k WspService
                                                                                                                                                                                    2⤵
                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                    • Modifies data under HKEY_USERS
                                                                                                                                                                                    • Modifies registry class
                                                                                                                                                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                    PID:2308
                                                                                                                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                  C:\Windows\system32\AUDIODG.EXE 0x3a0
                                                                                                                                                                                  1⤵
                                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                  PID:2212
                                                                                                                                                                                • C:\Windows\system32\DllHost.exe
                                                                                                                                                                                  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                  1⤵
                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                  PID:4656
                                                                                                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:164
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Temp2_Sprint.Finereader.5.0.Office.keygen.by.CORE.zip\Sprint.Finereader.5.0.Office.keygen.by.CORE.exe
                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\Temp2_Sprint.Finereader.5.0.Office.keygen.by.CORE.zip\Sprint.Finereader.5.0.Office.keygen.by.CORE.exe"
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:4804
                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen.bat" "
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:1028
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-pr.exe
                                                                                                                                                                                            keygen-pr.exe -p83fsase3Ge
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:552
                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\RarSFX2\key.exe
                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\RarSFX2\key.exe"
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:4932
                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX2\key.exe
                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\RarSFX2\key.exe -txt -scanlocal -file:potato.dat
                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                      PID:2536
                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-4.exe
                                                                                                                                                                                                  keygen-step-4.exe
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                  • Checks computer location settings
                                                                                                                                                                                                  PID:3008
                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\RarSFX1\License Keys.exe
                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\RarSFX1\License Keys.exe"
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:3916
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\RarSFX1\License Keys.exe
                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\RarSFX1\License Keys.exe" -q
                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                          PID:4632
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\RarSFX1\KiffAppE2.exe
                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\RarSFX1\KiffAppE2.exe"
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:3736
                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RarSFX1\mp3studios_91.exe
                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\RarSFX1\mp3studios_91.exe"
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                          • Drops file in Program Files directory
                                                                                                                                                                                                          PID:4780
                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                            cmd.exe /c taskkill /f /im chrome.exe
                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                              PID:224
                                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                taskkill /f /im chrome.exe
                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                PID:4476
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                              • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                              PID:4312
                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xdc,0xe0,0xe4,0xb8,0xe8,0x7ffa88564f50,0x7ffa88564f60,0x7ffa88564f70
                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                  PID:3792
                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1672 /prefetch:8
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                    PID:340
                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2328 /prefetch:8
                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                      PID:492
                                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                        PID:4604
                                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                          PID:2756
                                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1620 /prefetch:2
                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                            PID:4372
                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                              PID:5016
                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                PID:5140
                                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4424 /prefetch:8
                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                  PID:5972
                                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:8
                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                    PID:6000
                                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4712 /prefetch:8
                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                      PID:6012
                                                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5272 /prefetch:8
                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                        PID:6100
                                                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                          PID:6132
                                                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5468 /prefetch:8
                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                            PID:6140
                                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5524 /prefetch:8
                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                              PID:5332
                                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4560 /prefetch:8
                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                PID:5372
                                                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                  PID:5808
                                                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                    PID:5860
                                                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:8
                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                      PID:6040
                                                                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                        PID:5984
                                                                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                          PID:6108
                                                                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:8
                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                            PID:4568
                                                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1360 /prefetch:8
                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                              PID:6048
                                                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,14585592104336143277,7993479846773412890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                PID:5768
                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\RarSFX1\pb1119.exe
                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\RarSFX1\pb1119.exe"
                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                              PID:3944
                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /c start /min cmd /c del "C:\Users\Admin\AppData\Local\Temp\RarSFX1\pb1119.exe" aeg222g522
                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                  PID:3916
                                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                    cmd /c del "C:\Users\Admin\AppData\Local\Temp\RarSFX1\pb1119.exe" aeg222g522
                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                      PID:372
                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\RarSFX1\Setup.exe
                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\RarSFX1\Setup.exe"
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                                                                                                                                                                                  • Checks BIOS information in registry
                                                                                                                                                                                                                                                                  • Checks whether UAC is enabled
                                                                                                                                                                                                                                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                                                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                                                                                                                                  PID:5820
                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\loader.exe
                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\loader.exe"
                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                      PID:4656
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                        /C /create /F /sc minute /mo 5 /tn "Event Viewer Snap-in Launcher (29762912)" /tr "C:\Users\Admin\AppData\Roaming\EventViewer\eventvwr.exe"
                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                        • Creates scheduled task(s)
                                                                                                                                                                                                                                                                        PID:5788
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                        /C /Query /XML /TN "Event Viewer Snap-in Launcher (29762912)"
                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                          PID:6080
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                          /C /create /F /tn "Event Viewer Snap-in Launcher (29762912)" /XML "C:\Users\Admin\AppData\Roaming\EventViewer\tfnme73946158264.tmp"
                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                          • Creates scheduled task(s)
                                                                                                                                                                                                                                                                          PID:3792
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 580
                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                          • Program crash
                                                                                                                                                                                                                                                                          PID:5516
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                        "C:\Windows\System32\cmd.exe" /C timeout 5 & del "C:\Users\Admin\AppData\Local\Temp\RarSFX1\Setup.exe"
                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                          PID:3112
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                            timeout 5
                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                            • Delays execution with timeout.exe
                                                                                                                                                                                                                                                                            PID:5116
                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\RarSFX1\kakica.exe
                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\RarSFX1\kakica.exe"
                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                          PID:1744
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 524
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:5820
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 792
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:5232
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 836
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:5652
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 872
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:5428
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 976
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:5572
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 948
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:3264
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 1144
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:5352
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 1156
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:6096
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 1312
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                            • Program crash
                                                                                                                                                                                                                                                                            PID:4328
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            "C:\Windows\System32\cmd.exe" /c taskkill /im "kakica.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\RarSFX1\kakica.exe" & exit
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                              PID:5872
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                taskkill /im "kakica.exe" /f
                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                                                                                PID:5616
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RarSFX0\keygen-step-1.exe
                                                                                                                                                                                                                                                                          keygen-step-1.exe
                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                          • Accesses Microsoft Outlook profiles
                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                          • outlook_office_path
                                                                                                                                                                                                                                                                          • outlook_win_path
                                                                                                                                                                                                                                                                          PID:4684
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            "C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "keygen-step-1.exe"
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                              PID:4004
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                                                                                C:\Windows\system32\timeout.exe 3
                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                • Delays execution with timeout.exe
                                                                                                                                                                                                                                                                                PID:4184
                                                                                                                                                                                                                                                                      • C:\Windows\system32\rundll32.exe
                                                                                                                                                                                                                                                                        rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                        • Process spawned unexpected child process
                                                                                                                                                                                                                                                                        PID:3920
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                          rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                                                                                                                          PID:4040
                                                                                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                                                                                                        • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                        PID:5760
                                                                                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa97914f50,0x7ffa97914f60,0x7ffa97914f70
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                            PID:6072
                                                                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1348 /prefetch:2
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                              PID:1460
                                                                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                PID:5912
                                                                                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                  PID:4328
                                                                                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                    PID:3304
                                                                                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                      PID:384
                                                                                                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1892 /prefetch:8
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                        PID:5852
                                                                                                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                          PID:4964
                                                                                                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4572 /prefetch:8
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                            PID:5228
                                                                                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4712 /prefetch:8
                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                              PID:6084
                                                                                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4844 /prefetch:8
                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                PID:5264
                                                                                                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                  PID:5848
                                                                                                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                    PID:5420
                                                                                                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                      PID:5600
                                                                                                                                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
                                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                                        PID:5404
                                                                                                                                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                          PID:5372
                                                                                                                                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                            PID:6136
                                                                                                                                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
                                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                                              PID:6040
                                                                                                                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5412 /prefetch:8
                                                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                                                PID:4772
                                                                                                                                                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5544 /prefetch:8
                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                  PID:5936
                                                                                                                                                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
                                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                                    PID:5212
                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1584,11620359133671116969,9980068132090903660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
                                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                                      PID:5180
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                    • Modifies registry class
                                                                                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                    PID:6072
                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\browser_broker.exe
                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\browser_broker.exe -Embedding
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                    PID:4888
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                    • Suspicious behavior: MapViewOfSection
                                                                                                                                                                                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                    PID:2364
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                    • Modifies registry class
                                                                                                                                                                                                                                                                                                                    PID:6136
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                    • Modifies registry class
                                                                                                                                                                                                                                                                                                                    PID:1824
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                                                                                                                                                                                                                                                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                                                      PID:5788

                                                                                                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                                                                                                    MITRE ATT&CK Matrix ATT&CK v6

                                                                                                                                                                                                                                                                                                                    Initial Access

                                                                                                                                                                                                                                                                                                                    Execution

                                                                                                                                                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1053

                                                                                                                                                                                                                                                                                                                    Persistence

                                                                                                                                                                                                                                                                                                                    Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1060

                                                                                                                                                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1053

                                                                                                                                                                                                                                                                                                                    Privilege Escalation

                                                                                                                                                                                                                                                                                                                    Scheduled Task

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1053

                                                                                                                                                                                                                                                                                                                    Defense Evasion

                                                                                                                                                                                                                                                                                                                    Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1497

                                                                                                                                                                                                                                                                                                                    Modify Registry

                                                                                                                                                                                                                                                                                                                    3
                                                                                                                                                                                                                                                                                                                    T1112

                                                                                                                                                                                                                                                                                                                    Install Root Certificate

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1130

                                                                                                                                                                                                                                                                                                                    Credential Access

                                                                                                                                                                                                                                                                                                                    Credentials in Files

                                                                                                                                                                                                                                                                                                                    5
                                                                                                                                                                                                                                                                                                                    T1081

                                                                                                                                                                                                                                                                                                                    Discovery

                                                                                                                                                                                                                                                                                                                    Query Registry

                                                                                                                                                                                                                                                                                                                    6
                                                                                                                                                                                                                                                                                                                    T1012

                                                                                                                                                                                                                                                                                                                    Virtualization/Sandbox Evasion

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1497

                                                                                                                                                                                                                                                                                                                    System Information Discovery

                                                                                                                                                                                                                                                                                                                    6
                                                                                                                                                                                                                                                                                                                    T1082

                                                                                                                                                                                                                                                                                                                    Lateral Movement

                                                                                                                                                                                                                                                                                                                    Collection

                                                                                                                                                                                                                                                                                                                    Data from Local System

                                                                                                                                                                                                                                                                                                                    5
                                                                                                                                                                                                                                                                                                                    T1005

                                                                                                                                                                                                                                                                                                                    Email Collection

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1114

                                                                                                                                                                                                                                                                                                                    Exfiltration

                                                                                                                                                                                                                                                                                                                    Command and Control

                                                                                                                                                                                                                                                                                                                    Web Service

                                                                                                                                                                                                                                                                                                                    1
                                                                                                                                                                                                                                                                                                                    T1102

                                                                                                                                                                                                                                                                                                                    Impact

                                                                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Yandex\YandexBrowser\22.9.3.891\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      9KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      0dae39343f8c6c7e6275a8042300a0fd

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      18a71e56197ad0317ed1e608918e1a67a473f1c0

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      1fe8cf7ac552807d3cbaf8713f334b7ea61378340342f6283f815badb5519765

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      75d789ccb77817d010fa7b4c67086301768feffb7f6145d5573cc9695cf64bae684697e18cb74332b0e1190791c2641d7c88fef25e6d87ec502f986120cb9398

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      451B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      d50425d76e36932a48c23cdc09ebe36f

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      8a58c182599af081c3541a9b524913d8e5446b8c

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      2b56d016cbeb670692fe2600a673150903d4161c29bdcedc7a37c5bb29d99ce7

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      b609515d1e0772f2cd9214f0a3654f9fef8b9854325821e4a4f103b3c991345fe845fd279576dc89ccddd8cfe1aaf5b872224e04ff2bffc4484c62a3761f3a74

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      a6af70e46aa2399202074a2d6a5b7d55

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      6e6eaa5695783c520b83c0139a9b25a8a33327a4

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      22e2b604df384b596d0d5214f908de39a59d0ca431e5c4908f2dcbc927fb56f5

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      a4b9ec1317ad7b6ae185b71d9aced9eb396d0315a398c9c60a9f315b8018203e2d27b2cc9b828d898e8aa9b6363cf84cb24bda8019856d8c3d02b29f7b1b429c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      bdfa375fc9d186deb28177f9945f36ba

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      07d3025928a8e03fb214d34290d30336f97a22f1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      a7838716fec9acf77f800da779c9027d9517622f99d49b180cea6f275f452393

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      a30c0245366058144d8da63e63bde47fdf4390f4ed274528fdc613b7c26bce2cd06ab58f1ce31c1d10aea3614dbae68459a6c4d1c07f7bcb0bb4d45651df0548

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      363ca7067d2d29b0ed3d9011360f8ccc

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9541a11293d11c1173863d680bf252588dd1b1b6

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      3a25e5d2e8a461de85b17574182aab6bf8d3603921fbd76c10b518a6e412017e

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      5e4827bc7e556a47ba00d74a56a43d90f1a4bd9ee40400c5a6bdc373dcebb1a162c13550aec9fa5d26970f13bab83d203c1aa7b4c9bbdf8fddfcff63e99ef76f

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      d56a21a02e646d2c69ccdefccb9214bd

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      b28a03951a1b5e45052cdcf87e00420ed5ec1e5e

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      80dd5ae4b368f148eccb259bdeb7408be51106b7eebf15eea031721b50f4e37f

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      3be54662fe745912ea4792cf538a1d358ee7977ec13b8560ba21e64075cb00359a396f71bfef82dd492af6afc640b2f67feb152567fcd36d07fbb35ed0a87eba

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      bdc4a36bd916b35b15034cc9b1f6debd

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      6550b927ff82a4677ec3a59ac8895d0b012b04a0

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      c9e0b10f80d634358912069f6a65612c75db20a607c2c07b9cb5e5ecdc0a47f1

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      fe13fbbb9e44acbae8e90fbb957a4da990614d4f59a61382f871da0e8ab2efdf43e2614a21d63856da2538ec2f3b88526662b895337c33a568f5dba5c5f381b5

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f562b34d5615d482bdfcf8ebcf3ed1ea

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      0a219490cbe4356aee820ad13a199f62a49201ed

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      241361df6902b8dbcb72e7e957a4a1e275ff875eb2b65b8a94dcb8fbbfca6a71

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      6c860bc610ed429aab64b62d8a86d54f527e4cae4abe4d0a2f8ed6727ebf65a296659d6068e9f01bdbf32850daf6288fb456a38c38b5e3ef9c7406b140092b0c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      4e13d95dafb9d5229f087dcc7619f1b7

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      bda1d19b15571d7590ca5223e5a62de8fa0bd928

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      9ef1578794e88fb0588e80029dc917bd876e8f70258e564ce4b0afca3c164407

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      5c8baedf478f0d39b93f96b4053f214ef46170041a80df6b9c18bc58b32ba56cda92179014ddc715ee914f6c29ffc412119ac4f88dc072b4f015f1cc54d9168d

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Yandex\YandexBrowser\service_update.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      b14573cd2fc2f8296a3c517766553b18

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      2c26de2d36a333fd10fc1484f13518e4a1dade1c

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      e0ca5c9029d6fbe1fa055149158c1a008c756618dbb0aab9b2f0fe49757f558e

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      494d9dc434adb56fc98b09880ef0247957b9d14ad481b815f22047336c7df1936e2e83786d2a4e05154ef201774b248db7e541628621a6d2f4f29cf7aba600e6

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      78154cdfa4f3f55bed9d75a156074339

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      b9686803da5ce4655f8b8280107c5a88274bc977

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      67cc746c24ad9141cb4f4c3db4ab4b7daefb279fb614cde9fe27fe2f049d595a

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      9898512c0eb45f7a44c358cab353ff65eb9aea2eaae8db8b6eb0c3b81e76ee2d7e69472a8df6dda11211995582e415f23453ac86f6592cd312a06e85fe8660ed

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      b30216b2d5ababe5952ca2b85c061881

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      03bf1e69f431e43885186f636c6e44be827cd764

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      6bc776d5191da994ebf83a86f9f6c693ef898bfe02a07a2507ccc28edf7e0162

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      eb5656782b6eae8a5344ed3a9df181e77dea25130a86d52000156c5d8980904a42d8c9079a60cbdd8d86cc7a6acc5d6d9059498a7a5eb90fcda6254d22c140e9

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      a653da18e33a7c95e1b00169ac83f18b

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      a8fdcd775755be20e7f69512fad319e40abf8eba

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      9b736d37d9d38fbc955faae3a72873747fa3060792de3bd5902d9ad5e9c3daab

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      e8c32d936763e7a53571b32e771713d15990ccacdb39764cc202128e5ca1494beeca3a7d687e326613dc6eaa5058ef5c8ebda8249fd69b7655454713dd772912

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      727B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      3dc4181e96e768b9f4bbf41d1afa1dc1

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9ee79c2f26bf520c4e8a3b36daff9ce8e6e3cca8

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      a72e1936399b803b5c282aa625b1dd2e3c924897ba728887035ebd30a4e9eae4

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      8c6c6ec2b6513697995aac13b9f946a7f5442cea77d0d3053ae9cf0d7dedd6942c8eceabfcd0380156403002bea026b3b18d4926fec92a146faf41f0144a7958

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      471B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      da5a9f149955d936a31dc5e456666aac

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      195238d41c1e13448f349f43bb295ef2d55cb47a

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      81afaa383e62ab9fb5c109a8085af9ab

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      2e97af515e58fbd5912764d866f0586c850e9517

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      a29b6d44e6ba93676969a41736a669b958c5bbdad39961105a5d3ce2a84d94b2

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      15c7a56406e19f8e259e838b67f6c3b8675aa266a8daadff28198a3cd9c0af65cd6ad9273eca126070ed1090f1e50d500fb32e8149a64a4fff5e5668157e787a

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      2d9b3451bf865eebf9d53a173b4683c5

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      911426c1b05e1b4a9e3ce0d2da4485d4e8bd6692

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      5605e792857829ce294da76fc4f36d42e958759fe0e10d262aa7ecb86429b2f2

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      031b3e3ad77cb274376be3dd2f3033cceb698c1634211c8a8b2ce6918026bdf2fae3282dfc76f3820b74c8ee2487d6270ecda4697a4dba74adc276a4945deb78

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      727B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      e48b6e4b5351b7f68acc6375f58b4832

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      b17b7199b60c22b91a3df390d7a1c7874c7892a9

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      fed4553c22581ce3e71b78d3d45bddc8137beb99d2ff71a5423da909d6848d8c

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      5f3af281f1ec2292f0a0a905ad24a07c793c8e8ac0be9a0c86e9c1588b7f9cd6028c70433d7c228d60c7c9dbe1a1d3dd0afd3bf3795b388b6d48444edb1444b5

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      508B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      cb08181e8763ad7acd9c952f7f3aa539

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      7a4cfdef462c3770ac12b2f1dde825c3f7b9fec5

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      9899826bd4f9c57023a33c208fc25e0207593c9e2c6a352a5f58fb05c24ec104

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      17bdaa779b82fb8a7f853e888269b3278ec1d96db1614d5fbbe77b94e78d37fddd8078b37769881e5d820a9b566b1356a58051fe0ff7a71bb4965b38c182a582

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_BD3730E24B5091FBD030C756E510C3A2
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      536B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      d9a4b3d26c08b7ffb992c9236872d3ee

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      5f36e77728d9e3a6252a1efd01bb9d31e04a5695

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      326918196dadef01b7f19054f77f8d8aba41a2ca40620e35e0b7a9af6f5afdc3

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      8fdc9e5b7777c3e5a35b33c51951701fed162bf663a2d115d6bb25ff7c6687a117276986a57913be43f8594783986184d623ef406e86d98aa6df5a7bf3992d2b

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_EBD7B8AF3A6D56C51CDE1B85E8C855A8
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      540B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      d57ebc07616d5f596aad21eca382c524

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      c6db64d7b892f67159f2ce409cfe6be8f88b1a35

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      2bad97e9576db73ff95ac69d5216bca283022b5b8668934a7542f0a63540ed3a

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      78fbb940dd6c62b8547bbd6e71a166c2c81fc3f48e8e067055e304abc664bf1fb52e974feca934f49db95de5a0f2bbdf36d275d5c2f9038606002fe1cde55f4c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3E3E9689537B6B136ECF210088069D55_A925FAB5FFC3CEDB8E62B2DCCBBBB4F2
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      434B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      57c05fa0adfd4c1934b7bdaa11f8cf99

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      5ec4ae49a9f2778dbca000fc0296a50cbca8fda8

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      e92a0eb681f7d44843dbfb167d2d44166bf8a45f8012b838e09b4abacb562ce0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      830ce444c9b02a5d6f1522f87640586a0acb008964d9db93e8b43d0bc706a9fd0e37fba4c6e22077b75ca4fe4d0bfb0a695a8f96763b5b682c34345d5d620f24

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      430B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f83b004054676e5791154e1723894e58

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9f625890cfe0b32a7bb8206214c3d8bb8725cc21

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      9f9c8d79f4f896e5257c52205cd6ac9690c7be3036f568463970fae522d4bbe8

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      d198f13782588538e979395b92f73b0149c92e1dc16238eea75c11231cc4db8bded5712b42423c18c3afd35f5ebed9955d2447a1fcf7301c3bb5b37e554650da

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      536B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      4a1f0fe4b9c556c06dc7ce0e04b54920

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      238e3b126ab99fea0193f809880d4d6bf1a8c009

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      e1de8c73e29b05763bb6ef577ad386e243da5334a2289ef5462d03bd29eda7d5

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      9dd7db74dc8e1fe07aa02395e839351bd85eb1ac0b2589e7b2429159eb23ad544f4376f74b8276c296193dddd4e34536d139f9a92f4a15a222d0e78c169213a1

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      506B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      7eb8649827c67ba60fe7c1b07f840b5e

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      e64a51affb5445c5a8d6a4feb11305d9d9677568

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      31140b14c3fa995f5b51c5e39505c1a59eaef32307ebf1bc5e947d709ebbc34c

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      9d17955f7bae82219987e98c12e98e00cd18f24cc79006a4caebeb8cd14dcdb5aa5261f94ab5b5bb7e30023cc00f6e3efff1b7f5f3279c2d7aa213079636d7b0

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      442B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      dc1e0fb9d0e7938caab3f8c223180611

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      824b25cf7ec54846495b5b4edfee6e9024a86041

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      66f1cd376479b286d42539e7d5d626f617d4be07755fc3a3d85fb0e21a8e7a80

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      720e2848223b1a4cb216267fefc2f39fe90c3a4c22bd7dde4cfba144a1be42313c5466e729fe443f9aa161096639a48a0b9da801ff232e96abd142824182d0b7

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\BRAND_COMMON
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      23.3MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      105d3263b0bca342b425fc45702c8856

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      00180722d29af289bb7d2138a52b9d784ce367da

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      7547bc1f22cb361a4e644f899f8494faa013e15f05b75b77e1ea596532dc4fee

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f6d3a7a25af1c10bbf5fb18b406f30c2c7d92778731f6b6d3eb6f181bc7854e920f99e1f55d2fdc0484bd1bd9bb13942ef13da85d1823c1f5cba16568cb45efb

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\BROWSER.PACKED.7Z
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      90.8MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      5e99de825a34c299b8eef00c8d475e3d

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      6fc1d9ef19f3d2aae0fb4ac596afbb24b408d83d

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      6f945efb7783b3ba9b8b48ffef9dc62322d11d51c401bbeaa1cf0aebf768b4ed

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      dd272ce4dd7f4529fb4b4a182cab7fa63bae0f455ea5bf843888c59d9fc13d1564b0f436b5afcd2c3d449979dcd82e0c71f45b6ae54e41e1ebbb649dd060e68a

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\brand_yandex
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.1MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      cff7f43a37e2081aa5271b2e42e20699

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9d50fec6b4b583e6b90cbc6906bb6838ded606d8

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      58ee5e657246dadd99f6194ffe082a27a8896aaa4500ff6773054a3929a912fd

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      4eb33ae0d9c9afb8116c9454b1ce06cefc6f59f21463ba9c04d45ed09b3fe61d1ef3aee1570e92d2657d4f6d33a603288f5ff5c04464bb6da75e16002763e2de

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\YB_0DE85.tmp\setup.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\clids.xml
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      599B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      dae47d5fb36af27a9869750c11f52494

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      366629747a061c7bd6a6883f5364734cecfc697a

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      37ec2fcea5119863c67d94c2d269ec242e294cb76c9674e793d7280b6fd13c90

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      6937d3a2f3c4ecd3544a473a79808f1932e036cbafe6bff11d51f5d131fd8b6e594dbdfb254f96f49177cac5517e536bc14d855beaf3c81349ddbf7324bf79b4

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\distrib_info
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      293B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      5ff4663cf4ed5b1c4c7e84ae7a26484b

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      738deb4f237c34acab7ecf6a2899c7bd94ecd34a

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      f69eb6cd9983e819f7c1273598046ace4ef35c97cc651b89b460bb05dbd58c81

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f9f7a15bd4d811d0a0a986d24b18d76434f89f81f6554cf0f707a0298a26f0732389e85394d186dd22a6c0306b8568c94d5583891196328e0e3945f44af59bbc

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      10KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      027e6aa3d4bfaed3b4e1a0cebc14c9c1

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      7b2de8427bca60172cac1eb8ad6db58e4b60d2d0

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      6455f601b8aab4da0ff4f3a1b875c8a0bfb245ecd4080a234e98c86fce7776a0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      0e046df3f7e95bc51450c3290cf6f80bd541d2be60340a19f79236fd1e042aaf55b20691aa5b8e7a173a34b041741be46a979fb6b88f02721a524f9dedd5ff95

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      10KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      3d49cf5e0faab98cbf599c81e9399643

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9d8d9f9babbd563a344fb58c20f866fa39f04317

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      a259715f2de5881121d690fffc2358eb4bd60d8e55a29ea1aec74c408ea26238

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      7c8894d8e9a3f936464090761ed02dab54b8f6cb33d94f9af714bbcdd5f7bda4d21d0b59c5e759088c9fabcc0fe6cc30faedfea0eff1c4762c59974bc81c37b3

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      16KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      ebba5fafb7e5ef64c0932d56658b5b6e

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9279252fd9d7ffece498ccc5052d7a0c87c8893c

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      9787f099eb8eaf514dbe66cec460b174db4c3a297bdaf9b74522bec66439bf13

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      d883c2453f017d8911ddeb34aa88de367705b25008188c13944cf5f82c3174c1c5b849db62ede1225131aed93f628c7f7e530b67dd8e827a549dd0aa7bc9d054

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      16KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      1956b4372f454b259583d3c0fa6b851f

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      f64bfb052877becce8de3f8f685736d7fa1889fd

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      1bdb7737db37cad56dea1d550d0821c00c5f3b649bbf72572d6461b88fd4f33f

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      e365c26f37b898a486197f8273170f77ea6b82c5e496ee0407316d28c724789c6da9b74d26741e3610ffed0917ff07295a653b0b8a728b9544ea3383521ae99c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      27KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      cfa81744645da432cfa88cefae51249d

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      ceaac0da80c77bc7c1c8e7f80a9842d55c553b5f

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      59c79717451d7e5f762eee0602b3de99f3e556fd31cef35818c08391aab22809

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1a07edaca442dd9da97f8481b0ef77ffba7745fb33a60c1bc38c05f97ab860dd07944a215722f3d410fdbfc2e6c4d57df20ab092c162fb2bb259ddf00e31bf18

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\lite_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      28KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f32d21ca589b2da210b7eadf152b42ce

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      d2a3ec406d23c145738b694eafd0deda9e523578

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      c806d3df4232ed0a00faa7bce8fc28558fc64e9c49861cac6c38e36a45d8b045

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      dc7f39d5cc054922ddfc2987e714cd17a779928b6d08d71903290931dfdf4ecf8026cee5a92c8ee1e91f87c2a750c423a00191e7e9e1e157413183383f574be3

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      129KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      ea23ca99cef3154fa52e403162fbfbb0

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      7b6bf4ef68cf929fbe2a8a5bd06577c68e19b8ba

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      c23a22d152a3a2a12104c63477dc742d18b9624797048e46f76457a8eee7811b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      b213e9280c3944c053ba8cbd0f9b211a1f3c3bd2e36c8b1a4363040b69ea1822dd90803067b383008f84456bf8f53000d710b744fce936f5fab15aa2cdae3170

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\master_preferences
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      129KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      ea23ca99cef3154fa52e403162fbfbb0

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      7b6bf4ef68cf929fbe2a8a5bd06577c68e19b8ba

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      c23a22d152a3a2a12104c63477dc742d18b9624797048e46f76457a8eee7811b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      b213e9280c3944c053ba8cbd0f9b211a1f3c3bd2e36c8b1a4363040b69ea1822dd90803067b383008f84456bf8f53000d710b744fce936f5fab15aa2cdae3170

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_2024377228\explorer.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_2024377228\explorer.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3.9MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      7600b48ce4fb19c29eae3079d826c699

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      9306e894d2645f71a49a3006b5046896a9917ef9

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      f5e44bb904f6fe2b59ca129b53c44d7e25f6ce0b65a51203a4a23a6dfe40871b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1a11be3bc8487f1ec7168d7843674a5192b737f28be66a91fe073d824d69605608633b0ca7fad845dedb22f46849b89619f547e10f360f32ff49998fd9daff6c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\website.ico
                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      ea680fe2a626f4461b4ab4354a7b9c52

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      46c5b7b9bb3fb0c0af530ff27ba2c8f57b5ce7cf

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      d8bd56e01cad03e65c1605a8b9e5a34c4bc08aef2c68e0144228996e9ad0d08c

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      171eeb0f9c7c557d67eb938e4fa9a0d147cb9dd33a075102c7ce55f2828cb82fa0227b7613a46c6cbaf5da0d9b382eb0e1e101daa59f7ce449d6b7dd71f2e1a8

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\yandex_browser_installer.log
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      22KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      04136795242ec19526b86ba201f059ce

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      79c0e0cb276f70d89f0c4b5225929aec64530214

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      3fe615433cb70a8626acc4b2e8df2f50c92a10fe6f13d3e1fc5876ad6da9c07b

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      c83c1edc6161393056734eb20eb1ace6918cf264c1718278d6e0d31cd2ef741794a2d2c0d2c1323bb980babe97eb52add807bbc83beb86d1514473d60f793223

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\yb8041.tmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      149.8MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      ff228e3e10f4d98d961e8a361861180d

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      30fb83fafd7e79ed0ecd11a5231773d46a83e9f7

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      b64ea939b798557ffe48495520fb4a0e249a30d316cefc8c4ceca021b4b091ad

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      1763b1fc773aa4a3f6e34157751b7707467916ffee91d0ddf2096fe2bc5bffe677229de1ed35a47d35af4c25139d624189a8d5c418de8174126aef0f0bfc85e9

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      591KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      10d2e0956493b129149705225fa3efb3

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YaPin\Yandex.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      591KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      10d2e0956493b129149705225fa3efb3

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      547ca5cb2eb4ad2dadb93e68869d1d8b26b395c1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      a439fddafa27eacf7bfd86fd46c0683f9cd31c0a752b9abc522be77f295f1b1e

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      df4769611bf5d9a7458e641c97134ad2553bf01a834b2d08e1919153189860fce42cc712ea5182211f03d5c2c6d42967cd43129323adf21b146f21aaab04d253

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      3.8MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      2fadcc66fdf395c8fd19a424745a855c

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      b40174f66741be5f5afc814b3797dd5af7891b30

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      d43da70412b55377532192ab6658074bd73592ab1552a1bb53edf823ee655972

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      3ac2d369e2708309bac2796071bbd53c32fb462ea0373898c5701d3d776b4ce573eb28275148cebff2f2602cf8922f4dd7ddd9ecc533988a1a05e8578b6b6633

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      48B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      b9dde0c5529f9fd789eefe05c6111003

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      a6efd3ab7d3248b8954f2f582023cdca366c4607

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      a68e09b6ac51e2c1aafe2da7b13e5a4a2e029b419550e07fb18f064c42355bf5

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f75a7ae56f9d2d6ff683d9bfdfcfb5b9a6582033c650d86bc23a896db1deb45da5934517ee03d3abc81da43366a9d4bb7ab52b9f3b826a68d26950793173c01f

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      cc3a94edd195cddea0d01993b2e4419d

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      6de25c97649736ecdba5b9da40d57e44d923f35a

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      2fe5b49035ad6921bf3c3c3a8c0f917c7e436ebbaeae3defcafbe3b3fa96533a

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      e4602f416a58992a306812319c1e0b59334ed57909d261c893bbaedd5e58ae71612eea5ddf021e7cb8a0d2c4a8502c1253cbc850d74b271c9ef08bdef983d00c

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Yandex\ui
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      38B

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      bf2c0b185b4993d42f2fbce5304a1f92

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      5ebaee67e7004539d2042412da0e4e0204416d36

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      c480c0ca8807abcaadbb93e94b9991d50fc5cd353e86ce3f9c0af4aa27137ac1

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      b0bec4579b927df6c61ba5f008282fdc42e4a7a8a7e2079148e0d3040876e8971c4db1aef78ece1d0f9822fe7db00ab92ff43ffc9d9c8a36f1eb9934fcfb8c18

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Windows\TEMP\sdwra_1960_100543684\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • C:\Windows\Temp\sdwra_1960_100543684\service_update.exe
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      2.6MB

                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                      f5aef523c78f170e1c01c7d2bd80d207

                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                      97a966c3941a7202d7e62979c21b2244e853d1b1

                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                      48ac6ff5c8bd6bca8428cb03badd8ec91ea1ff32ee2720958b7806d5c2e6cae0

                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                      f5d0cde11c38fc9f56911cd376003c17972e5724edb9b424ea3bf2da08bbd054cc830c16c16bdd5d3de463956ef686ef1b89c00f97eb3736f4c2588642a1d868

                                                                                                                                                                                                                                                                                                                      Download Submit
                                                                                                                                                                                                                                                                                                                    • memory/208-3520-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/224-802-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/420-3191-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/592-752-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/660-2944-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/948-1204-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/980-3238-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/980-2173-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1056-8439-0x0000022337120000-0x0000022337192000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1056-11609-0x00000223370B0000-0x00000223370FD000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1056-11592-0x0000022337220000-0x0000022337292000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1056-11591-0x00000223370B0000-0x00000223370FD000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1072-3341-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1128-11582-0x0000019143850000-0x000001914389D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1128-8438-0x0000019143980000-0x00000191439F2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1128-11607-0x0000019143850000-0x000001914389D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1128-11590-0x0000019143EA0000-0x0000019143F12000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1148-11597-0x000002D029770000-0x000002D0297BD000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1148-8442-0x000002D029D60000-0x000002D029DD2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1148-11598-0x000002D029E50000-0x000002D029EC2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1156-2849-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1164-2484-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1188-1822-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1268-2900-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1320-1689-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1352-11593-0x0000024576E60000-0x0000024576EAD000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1352-11594-0x00000245775B0000-0x0000024577622000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1352-8440-0x0000024577000000-0x0000024577072000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1352-11610-0x0000024576E60000-0x0000024576EAD000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1392-11599-0x0000022003350000-0x000002200339D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1392-11600-0x0000022003FC0000-0x0000022004032000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1392-8443-0x0000022003C00000-0x0000022003C72000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1400-3651-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1408-463-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1568-8431-0x000001EA1D870000-0x000001EA1D8E2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1568-8430-0x000001EA1D680000-0x000001EA1D6CD000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1744-11309-0x0000000000660000-0x000000000070E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      696KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1744-11310-0x0000000000600000-0x0000000000640000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      256KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1744-11327-0x0000000000400000-0x00000000005AA000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.7MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1744-11349-0x0000000000600000-0x0000000000640000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      256KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1744-11351-0x0000000000400000-0x00000000005AA000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.7MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1756-1709-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1868-11595-0x000001EF4AE30000-0x000001EF4AE7D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1868-11596-0x000001EF4B420000-0x000001EF4B492000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1868-8441-0x000001EF4B3A0000-0x000001EF4B412000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1892-1977-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1900-2844-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1920-813-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1960-2295-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/1960-398-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2096-1137-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2252-8435-0x0000020271B80000-0x0000020271BF2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2252-11579-0x0000020272240000-0x00000202722B2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2252-11578-0x0000020271B10000-0x0000020271B5D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2252-11605-0x0000020271B10000-0x0000020271B5D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8750-0x0000025ACF100000-0x0000025ACF204000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.0MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8747-0x0000025ACC9B0000-0x0000025ACC9D0000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8746-0x0000025ACF100000-0x0000025ACF204000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.0MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8742-0x0000025ACC990000-0x0000025ACC9AB000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      108KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8731-0x0000025ACCB00000-0x0000025ACCB72000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8748-0x0000025ACC9D0000-0x0000025ACC9EB000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      108KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8749-0x0000025ACC990000-0x0000025ACC9AB000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      108KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2308-8432-0x0000025ACCB00000-0x0000025ACCB72000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2320-8437-0x0000025177110000-0x0000025177182000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2320-11581-0x00000251770A0000-0x00000251770ED000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2320-11589-0x0000025177200000-0x0000025177272000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2320-11606-0x00000251770A0000-0x00000251770ED000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2416-8445-0x000001B0AE440000-0x000001B0AE4B2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2416-11602-0x000001B0AE930000-0x000001B0AE9A2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2416-11601-0x000001B0ADAD0000-0x000001B0ADB1D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2428-8446-0x0000024B78A10000-0x0000024B78A82000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2428-11603-0x0000024B78390000-0x0000024B783DD000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2428-11604-0x0000024B78B00000-0x0000024B78B72000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2436-2999-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-153-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-173-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-116-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-149-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-148-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-151-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-147-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-117-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-118-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-120-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-121-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-179-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-123-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-124-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-125-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-146-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-152-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-178-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-175-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-126-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-127-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-145-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-128-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-144-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-129-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-154-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-143-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-177-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-130-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-176-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-174-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-155-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-142-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-150-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-172-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-171-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-141-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-170-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-140-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-169-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-156-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-168-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-167-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-166-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-165-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-139-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-138-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-164-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-137-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-163-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-131-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-136-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-162-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-115-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-132-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-161-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-160-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-133-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-157-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-158-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-134-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-159-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2476-135-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2560-713-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2640-1372-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2648-3105-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2708-8434-0x000002917D580000-0x000002917D5F2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2708-11576-0x000002917DC50000-0x000002917DCC2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      456KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2708-11574-0x000002917D4C0000-0x000002917D50D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2708-11608-0x000002917D4C0000-0x000002917D50D000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      308KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2812-2869-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/2892-931-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3104-3031-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3256-1272-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3460-1746-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3620-569-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3720-2696-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3732-3288-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3736-8151-0x0000000000F90000-0x0000000000FBE000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      184KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3796-1770-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3908-180-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3908-181-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3908-2883-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3992-323-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/3996-3456-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4016-1239-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4040-8413-0x0000000000B10000-0x0000000000B6E000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      376KB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4044-1490-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4132-253-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4168-2633-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4244-1066-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4244-2970-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4248-632-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4264-3147-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4312-2858-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4544-3398-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4648-1493-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4656-3584-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4656-11250-0x0000000000F40000-0x00000000018C0000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      9.5MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4684-1794-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4732-1305-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4844-1612-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4884-2564-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4904-300-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4932-8131-0x0000000002A60000-0x0000000002BFC000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4932-8626-0x0000000002A60000-0x0000000002BFC000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4956-2920-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4960-901-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/4996-2631-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5028-2181-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5052-3066-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5068-1626-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5076-1727-0x0000000000000000-mapping.dmp
                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5652-11495-0x0000000000BD0000-0x0000000001550000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      9.5MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5820-11170-0x00000000010F0000-0x0000000001CC2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      11.8MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5820-11113-0x00000000603A0000-0x0000000060950000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      5.7MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5820-11101-0x00000000010F0000-0x0000000001CC2000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      11.8MB

                                                                                                                                                                                                                                                                                                                      Download
                                                                                                                                                                                                                                                                                                                    • memory/5820-11174-0x00000000603A0000-0x0000000060950000-memory.dmp
                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                      5.7MB

                                                                                                                                                                                                                                                                                                                      Download