Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
30/06/2025, 18:37
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe
Resource
win10v2004-20250610-en
General
-
Target
2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe
-
Size
9.3MB
-
MD5
64bf5559232c3ab3b2e08cdbbb086580
-
SHA1
625aa70d119aa33c22c7a4b0dc96dea376de81b0
-
SHA256
1f0e5d982b4d5f0fb055e2c9aa427ad6930f3ddb7726053ca1c8cd0687617c1d
-
SHA512
57f00ec928456addc01881087953cac5d8b9d791fcbd78c4fa62c67f69bab019c43c3f8b2dc89b5fffaf1b6711eced079f640f929b04dcc2076d6387406dab7b
-
SSDEEP
98304:W/zpeETc3VRjYkvueWGJv4xNTEY9xFUkcVwNSHfbv/kaIhThw6Q1f+hl/hjY4+iQ:Wbc33j4NTx9Pe20/zkaiu1f+79YRN
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
flow pid Process 42 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe -
Checks computer location settings 2 TTPs 7 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation setup.exe Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation service_update.exe Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation explorer.exe Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation browser.exe Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation browser.exe Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation browser.exe Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe -
Executes dropped EXE 34 IoCs
pid Process 2572 ybBBCE.tmp 5412 setup.exe 5292 setup.exe 1900 setup.exe 1548 service_update.exe 1848 service_update.exe 4584 service_update.exe 5792 service_update.exe 4344 service_update.exe 4600 service_update.exe 6424 explorer.exe 6460 explorer.exe 7068 clidmgr.exe 7160 clidmgr.exe 5928 browser.exe 6044 browser.exe 6548 browser.exe 6596 browser.exe 6788 browser.exe 6820 browser.exe 6880 browser.exe 6912 browser.exe 6824 browser.exe 7028 browser.exe 2824 browser.exe 2788 browser.exe 4684 browser.exe 6616 browser.exe 2164 setup.exe 5988 setup.exe 2176 browser.exe 6888 browser.exe 8748 browser.exe 8760 browser.exe -
Loads dropped DLL 54 IoCs
pid Process 5928 browser.exe 6044 browser.exe 5928 browser.exe 5928 browser.exe 6548 browser.exe 6596 browser.exe 6548 browser.exe 6596 browser.exe 6548 browser.exe 6596 browser.exe 6788 browser.exe 6548 browser.exe 6548 browser.exe 6548 browser.exe 6880 browser.exe 6880 browser.exe 6880 browser.exe 6912 browser.exe 6788 browser.exe 6912 browser.exe 6788 browser.exe 6912 browser.exe 6820 browser.exe 6824 browser.exe 6820 browser.exe 6820 browser.exe 6824 browser.exe 6824 browser.exe 6548 browser.exe 7028 browser.exe 7028 browser.exe 7028 browser.exe 2824 browser.exe 2788 browser.exe 4684 browser.exe 2788 browser.exe 2788 browser.exe 2824 browser.exe 2824 browser.exe 6616 browser.exe 6616 browser.exe 6616 browser.exe 2176 browser.exe 2176 browser.exe 2176 browser.exe 6888 browser.exe 8748 browser.exe 6888 browser.exe 8748 browser.exe 6888 browser.exe 8748 browser.exe 8760 browser.exe 8760 browser.exe 8760 browser.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" browser.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 86 yandex.com 60 yandex.com 61 yandex.com 76 yandex.com 77 yandex.com -
Drops file in System32 directory 15 IoCs
description ioc Process File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7 service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7 service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E service_update.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 service_update.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_HK\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hy\messages.json msedge.exe File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log service_update.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ml\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\be\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\is\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\et\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ca\messages.json msedge.exe File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log service_update.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\am\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\fr_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lv\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ta\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ro\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ja\messages.json msedge.exe File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log service_update.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\LICENSE msedge.exe File created C:\Program Files\msedge_url_fetcher_2444_92903512\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\vi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\uk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\si\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\offscreendocument_main.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_TW\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\tr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\af\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\az\messages.json msedge.exe File created C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe service_update.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_619473589\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ms\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\cy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\sw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\cs\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lo\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ar\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\es\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en_US\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\eu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lt\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\mn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\manifest.json msedge.exe File opened for modification C:\Program Files (x86)\yandex_browser_installer.log setup.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\gl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\iw\messages.json msedge.exe File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log service_update.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\128.png msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_CN\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\fa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\pl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\km\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\page_embed_script.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\sl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ur\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\id\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\mr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\bg\messages.json msedge.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\Tasks\System update for Yandex Browser.job service_update.exe File created C:\Windows\Tasks\Update for Yandex Browser.job service_update.exe File created C:\Windows\Tasks\Repairing Yandex Browser update service.job service_update.exe File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job browser.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 36 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language clidmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language service_update.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language clidmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ybBBCE.tmp Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language service_update.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language service_update.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language service_update.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language service_update.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language browser.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language service_update.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS browser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName browser.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer browser.exe -
Modifies data under HKEY_USERS 47 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs service_update.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates service_update.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs service_update.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133957822678279985" msedge.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root service_update.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs service_update.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser TIFF Document" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTXT.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBM.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.png setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.html setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser HTML Document" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg\OpenWithProgids\YandexJPEG.SSNWQYXUD2B7YHNW3XD5VITEAI setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.pdf\OpenWithProgids setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser EPUB Document" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.js\OpenWithProgids setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-113" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexXML.SSNWQYXUD2B7YHNW3XD5VITEAI setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg\OpenWithProgids setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexXML.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.css setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.infected\OpenWithProgids setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Malware Infected File" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.txt setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.pdf\OpenWithProgids\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationName = "Yandex" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCRX.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexGIF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSWF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\yabrowser\shell\ = "open" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\Application setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCSS.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCRX.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJPEG.SSNWQYXUD2B7YHNW3XD5VITEAI setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.webm setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCSS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSWF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-118" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\Application setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexGIF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\shell setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.css setup.exe Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.xht\OpenWithProgids setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" setup.exe -
Modifies system certificate store 2 TTPs 14 IoCs
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd setup.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 5292 setup.exe 5292 setup.exe 5292 setup.exe 5292 setup.exe 2824 browser.exe 2824 browser.exe 2824 browser.exe 2824 browser.exe 7364 msedge.exe 7364 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 2444 msedge.exe 2444 msedge.exe 5928 browser.exe 5928 browser.exe 2444 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe Token: SeShutdownPrivilege 5928 browser.exe Token: SeCreatePagefilePrivilege 5928 browser.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
pid Process 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe 2444 msedge.exe 6424 explorer.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe 5928 browser.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1672 wrote to memory of 3092 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe 97 PID 1672 wrote to memory of 3092 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe 97 PID 1672 wrote to memory of 3092 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe 97 PID 1672 wrote to memory of 2444 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe 99 PID 1672 wrote to memory of 2444 1672 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe 99 PID 2444 wrote to memory of 5744 2444 msedge.exe 100 PID 2444 wrote to memory of 5744 2444 msedge.exe 100 PID 2444 wrote to memory of 3680 2444 msedge.exe 101 PID 2444 wrote to memory of 3680 2444 msedge.exe 101 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 2888 2444 msedge.exe 103 PID 2444 wrote to memory of 2888 2444 msedge.exe 103 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 1304 2444 msedge.exe 102 PID 2444 wrote to memory of 2888 2444 msedge.exe 103 PID 2444 wrote to memory of 2888 2444 msedge.exe 103
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe"1⤵
- Downloads MZ/PE file
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe" --parent-installer-process-id=1672 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp\" --variations-resource-file=\"C:\Users\Admin\AppData\Local\Temp\variations_resource\" --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp\" --verbose-logging"2⤵
- System Location Discovery: System Language Discovery
PID:3092 -
C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp"C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2572 -
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging4⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:5412 -
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=5110063185⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:5292 -
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5292 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x9190a4,0x9190b0,0x9190bc6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1900
-
-
C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe"C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe" --setup6⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1548 -
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --install7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1848
-
-
-
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"6⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:6424 -
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exeC:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6424 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x2d4,0x2d8,0x2dc,0x2b0,0x2e0,0xa090a4,0xa090b0,0xa090bc7⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6460
-
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7068
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5292_1884432687\Browser-bin\clids_yandex.xml"6⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7160
-
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en2⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ff9a599f208,0x7ff9a599f214,0x7ff9a599f2203⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1696,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:33⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2432,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:23⤵PID:1304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2184,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:83⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:13⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:13⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:83⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4708,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:83⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:83⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:83⤵PID:624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:83⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:83⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:83⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:83⤵PID:6680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:83⤵PID:6688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:83⤵PID:6696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:83⤵PID:8364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:83⤵PID:8948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:83⤵PID:6756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6452,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:83⤵PID:7048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3776,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:7364
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:3084
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:4728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:1736
-
-
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --run-as-service1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4584 -
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4584 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0xb90b3c,0xb90b48,0xb90b542⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5792
-
-
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --update-scheduler2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4344 -
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --update-background-scheduler3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:4600
-
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=524930 --ok-button-pressed-time=502411865 --install-start-time-no-uac=5049275101⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5928 -
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exeC:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=5928 --annotation=metrics_client_id=1323c0ae4e78499c955c7153e33cb33d --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x71e4fd98,0x71e4fda4,0x71e4fdb02⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6044
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2348,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6548
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2180,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:62⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6596
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Network Service" --field-trial-handle=2684,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2780 --brver=25.2.5.953 /prefetch:32⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6788
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Storage Service" --field-trial-handle=2968,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3436 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6820
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Audio Service" --field-trial-handle=3232,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3656 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6824
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Video Capture" --field-trial-handle=3288,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3880 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6880
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Data Decoder Service" --field-trial-handle=4028,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4064 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6912
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --may-use-trampoline-gpu --field-trial-handle=4440,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:7028
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Profile Importer" --field-trial-handle=5136,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=5148 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2788
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=4828,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4420 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6616
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe" --set-as-default-browser2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2164 -
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exeC:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2164 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0xce90a4,0xce90b0,0xce90bc3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5988
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1370627623\w.bin"3⤵PID:6224
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1920355567\d.bin"3⤵PID:1232
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1920355567\w.bin"3⤵PID:2844
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1731745139\d.bin"3⤵PID:7176
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1731745139\w.bin"3⤵PID:7268
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_211098789\d.bin"3⤵PID:7324
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_211098789\w.bin"3⤵PID:7372
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1703700227\d.bin"3⤵PID:7448
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1703700227\w.bin"3⤵PID:7504
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_2048261245\d.bin"3⤵PID:7564
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_2048261245\w.bin"3⤵PID:7624
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1022206747\d.bin"3⤵PID:7676
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1022206747\w.bin"3⤵PID:7724
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1736104095\d.bin"3⤵PID:7780
-
-
C:\Windows\SysWOW64\regini.exeregini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1736104095\w.bin"3⤵PID:7828
-
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=2696,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2176
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4888,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4076 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:6888
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4816,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4140 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:8748
-
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4672,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4100 --brver=25.2.5.953 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:8760
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --shutdown-if-not-closed-by-system-restart1⤵PID:6888
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exeC:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --shutdown-if-not-closed-by-system-restart2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2824 -
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exeC:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1751308686 --annotation=last_update_date=1751308686 --annotation=launches_after_update=1 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2824 --annotation=metrics_client_id=1323c0ae4e78499c955c7153e33cb33d --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x71e4fd98,0x71e4fda4,0x71e4fdb03⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4684
-
-
Network
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25KB
MD531d5cc9e9cddc1af11faa74c9593afd0
SHA1d76b75eac0301cdabbef55827b40fb77bbb8feac
SHA25603cae35929240c13c973daf40ae990c9f535b5ab53cc000ee680e223f9323a2c
SHA512c0ea460e88ac974393b3d1ca378d7bb3ba038c0341917f0a0358589ed900f464f424bbcfb68efccbc733a023e6ccb707e246cb068bd6381a7ac7714e7835effd
-
Filesize
5KB
MD5b4138ab0bf2bf3be822bfa6624accd8a
SHA1f8741a1e1ae4e421e8120beda1eded33d6b1c60f
SHA25661908742e2fe1c5dbdf06512be595333d1d8df032ed355a9e1e0b47af0e9b0fc
SHA512f0377865a0e6539dedf2943b9d728923aad7e0710fab1cbaf4391daeb862a1bfec9debf9013d3f4a9c0457fc3b1f456b57aabd3c11526314102eb1cad9bf5152
-
Filesize
1KB
MD5e4873686b6c7e3b3e67e269c39560a9b
SHA1534f9119e5f1e1d2c4ed0f105ee0fbee45a23ff9
SHA256318fe1c4e1e59ea488a5a63aa81ba15dadcb948f0d55d3ef6726ae900c87de8e
SHA5129fa583d5fec542404661bc843d508f01bc499ca7406345d7e8ec98da4ec6b04c01865620dc3252eb1b3a71db6b96815da0cae319623ce49c7e4615954b007340
-
Filesize
1KB
MD5d763eeebdd4bf4e9200f1e8b6f7950e5
SHA1a3be1c32c3827c1d757166deecaadbdba99e5c7b
SHA256729b0ad65e8e141bf423d8c957e62932ff1f71e955d7dfd2a3222da2f949b29b
SHA512c29afd818d597692b04799f9a5d2ab8513d7522df3e1e7d1a1289b00467c23b12d684bff5441a250833284edecb27c558bdfc05feea55df488ca82415d0f9a49
-
Filesize
4KB
MD5b688f7fc273a07b67800ec7e52d482d4
SHA1bce668bf4e9ce5076497cd8c091a2940daa2a87a
SHA25610865177ff26aad96dbb7a599890405884a459b5e761adb8390a375e29333ece
SHA5126de30ab8f4faa1dd4000e60aaf66176edc4138ef46819b20135225562d3898ecf9bc2d0faa5e8e33e2237acaadaf81bc5402a8d89574bf4d2c0349e1169a2eb7
-
Filesize
5KB
MD58aa79c2080680bdb652b76aa2ed52d50
SHA1f6cd0223baa3a4445420014f45ddf5e38a16fdb0
SHA25605ca3da21deaff921ef41f3a1a0bf11b86d104028ba3ce05995fc75e2ae6bd1d
SHA512ac2697cc6adb1d216fa0d79051994710bce07bf4cf77329f882a8664464bd4953fe34cc48e0df7acd92ff6fc680d39ed104b72684417ec7fee6be8074f54a9cf
-
Filesize
6KB
MD59d1dfb8722c79c943a430da0aa1ff910
SHA1865a7603b60b89eef204d4e31ddacbb135acaa27
SHA25614515e3951eaf7dcc9485a91931514f40a58094bd443d4a76f2c01a4c31244b4
SHA5123697f93a66ffda2431e22dfa8a6330d493ec36ffefb25fdcdc59aa0f4dcc808536b3a584d6463735692e68c49da2c432457668eaad644705df8a270e45dc293a
-
Filesize
12B
MD5085a334bdb7c8e27b7d925a596bfc19a
SHA11e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34
-
Filesize
176B
MD5e7314184e67b4501f5048c2e5f181d96
SHA1f741a8a1b8c18c8d4974f937ef589b134dde5419
SHA2567bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a
SHA512773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086
-
Filesize
238B
MD515b69964f6f79654cbf54953aad0513f
SHA1013fb9737790b034195cdeddaa620049484c53a7
SHA2561bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd
SHA5127eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D
Filesize2KB
MD5dc4ef674729c69dc6f8ce01e7713951e
SHA15218e2fa77c1432e5369892c6a1aeb713f14899a
SHA25687042a859dc3b2b263fa84ee65231e68eddd470b69ba3822ee16e5c28af2c6e3
SHA51209ed28945f51d4b3a3f178f5c56ecf298a0a9f573ab6f731eae675235e0c2ea9cce5136045e03ea96fa4cc3f6d0865bfd55065df9251758aa922d1f92e751510
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
Filesize1KB
MD5498ad9853d167f2f1bde3f58ee8c63fe
SHA1c7b079f72b4c80ae13263bab48fb114925d20982
SHA25630790c363a1ba95a6397bbb1887a15464d17e82dcf50e6b08c45283b1e350c9b
SHA51255cba5fd06dfc36bb3b776c5354e32d06aa502375c7bbe152ba774206bb69f6e134cde441133bf9dc9935bf1ad1a1c93359cd6bffef7bcbc4cd462cac0a4165d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_2160353AED26D1201CFEDFD521209521
Filesize1KB
MD5e185f054ea313d4383e6fbbca506964d
SHA1bff51b14a76fe56ed31eb2d0f0867d2108d4cbf3
SHA256dbc877e50348681c90ab6283640aa56da97e7a767a8674a1a47dc42d9cbfdc16
SHA512d346417a319c65ab5d8c17f8aa7ead94a76b594e72362d566d4a8901a127da7a0bf2ddfee0e0602245fa32e1e224277be1f6264b952c7dcf6bd2ed6a835d72a2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
Filesize1KB
MD54f4204ca6f9dbdefed65431e0d098e97
SHA1f7f84842ee09e79b6d0cfc0ff0b2eac1dc34c59f
SHA25692b0ad5f9eca16316e7ae307882816e4c6d40ed55af9fab98dc710951bee9cce
SHA51217037175acd0797b88bc1e874dd79d9c36d0c740dc8b232a0fb5f0dc139e71fbfce10a14ddc6ce463fc6da0c9e76399c04e6929dcd36bfc7962d7223a13458f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
Filesize1KB
MD513f1eafc777b2b679e11196beb890dd2
SHA1ec3997038b51c65dd86151941310d5a81d79f439
SHA2560ac214f927d602ff2a4aa3fb178ab0489261d207dfbc803f7317265aa326f9e7
SHA512eb8154daa6c8f39b0d2f58c4747e92510ee2a7c7b99137213417f9940e498003d0f7a5f41aa88fa498f704d17e79f46812099f669cb196a7c090a5a4c30c2526
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
Filesize1KB
MD56fe28659ba9a49940f4cd0374ea0ac60
SHA16f074f8f91774468518d3030225823498c65a60c
SHA256d082c00af8949078f9a14f19305c7e49a3e07c8e3f78f62a424a6c23aa3a44b0
SHA5123189a298cbc204033aeef5635102ef08ea3e01a10fa03123dbd3d9c3e05804f89d5f4e3b6dcedcbad283e45aec48c21cd4d833ab2a723e98f19f1f150c1c01c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D
Filesize488B
MD50eaa430b224ab01a0c709f1579e7e93b
SHA15b9de61696d36a38974848124c125def7d3cd52a
SHA25646113ddb105d6c3d7510b584230fde04f9144004334fd8a1cfcae7d473c54974
SHA512e3f48f612a6e00a38808d07c9652e31d6ac8228a219a511212284837ea6191139c5afbd84942dae65475a243b1b0d86eb4687959e2df30c634e9c752e10f24c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
Filesize508B
MD5668197979aeadf55b56378c56fc27456
SHA1463801e6a36a30dffa2199b6dc7f107fe6cc75fe
SHA256f74002fa936b1fe49ab5f1b4200b36ee51123f3d9846ea0422eb536d7f4c1d32
SHA512b89f8b4a9029b460d6fef7691a8360c7bd3b0259586add0a297e2506fe50586d4e6df8ce3f8cc1d63f962aaf20f90715541fd70c32cbf4fe6900ae4d69d45e3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_2160353AED26D1201CFEDFD521209521
Filesize532B
MD5cddda702e71714964b2a47d8d5110231
SHA1a66801c75dacc601f4af23eeff54a7d15c1a3cf8
SHA256de89d5ce717583a1acd87754fca787163272b8ec1ff401f221dc2fed7bb49fbf
SHA512c8ab313826c4e4e8df6e46077cd9ff694a390c5ec7d1242003f836712498caf3fc767b842dc27c9d15d68ca729289cc3db244b90aee3465bf983e457ad0a2a20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
Filesize536B
MD5cb848cfc89680eeb6efb986aa3ce014a
SHA160635f911c35bf9ae902239b3a4ecde7cdca9bd0
SHA25663ca4b058ecc3a98aea5073fb9e9c4aed4d1d4e30a5ea621ca50bde7f4ced222
SHA512193bc3b35816bc4e3c3a327360b02abfcbc52fb9bee75d4f56a6af5f9a4c78e985099d17ddd12ee98e4c3fc0e954fa488b1ab94ab4900da786d9799ab1ca8245
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
Filesize536B
MD591c7d016991bd227b1c7291772f53a3a
SHA12a54a29b314fc7f381f937115e4b9c0f421b14df
SHA256fc47a9acc0da7efb07544fb8609cfa360cd840e6c83f412614015fd5520bfc94
SHA51233f0defb4bd7b23c8d1f60cfc84a79e12942e9a6204537e7de976a42d806562d6a1665ecc47a178fee507253985cf33514003d749880c978e0c1deb5995bb015
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D
Filesize496B
MD5a356a4bc93f9a93fb44f7d93e0386092
SHA1dcd3b98b81dc0dfea8b70063a2c7d3f16f4b5341
SHA256d3b9db67871994c190f995d563e12af29d4196a99a67a4cd44f93984445209de
SHA5129608c5d0e4e81f73106e6436efb65cb83a1781d9ddc6aaa7701af0017877dc99d9f33e46fc489ef8de06dfa49dcdac04bab0297f769198a8101d4f3a3258d79f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
Filesize506B
MD5023e1c45635d8f621457815d9e259550
SHA18f8ff19bbe52f32c125e5ea4f034584ccb3120d8
SHA25627ec0b9014ada3b3b8b91168a0d65d4903b0fcc4a3f25022e1d0f1c70f595e9c
SHA51247ebdfd9ccb8e7a898aa8db8993570e917221ec01d2d49c4b2f1b6c36ea8cae572ef4464f60936f559acb525a33ccc2840929eb92a3842bb401662b9a2f19f88
-
Filesize
280B
MD52294f3d9a64baef128a25b87589d389f
SHA1424e387efc6a6a15e78b75f6993c1c2b3075b1df
SHA25636f7957c705b6991cf14d92a054f5f029666152a4064d59cb0ff3d928b29281a
SHA512bb23f81a610122ced958c119f398ccb753bc760084b92484f78a9459cc4d055ac6268aecaa350bc311fddbc08be89103ff36ebfa92e240e383ee2f155e899858
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5e16fcbba1b7ac3a2f01ac602184f27e4
SHA1b82491bd3b1224d46a3c0ba47e90ff9d585758d1
SHA256bb4374fd58237d026569aff309c5601aba1422fafff5c85ab1e8b2a72841daba
SHA5126b4fd11f9792ca303f31f3bca653b4d647e8e23bab8149e48cd8f538d0bb5b0449c88d430dd98a47546976cc07d2ee962f5fa832b9c7e44462d65a856c3b60ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe589621.TMP
Filesize3KB
MD5cc27b3e03388a4b7c2f58d7e21e4b6a5
SHA1b54ea4747256ea9cd4f4da5007dd5f508ddfb28b
SHA256d8e906a2e37b5284f4f0b656e6e835ec9fb9b4764df401a3b4c6201ab5acd915
SHA512c554eb8996090b25faf2f47a07b293d32cd9fc4691d48eac7241b9753e3f45356eca5d54a1845eca8f89f6d9643abc72372e7a2451e0c54e6276ed8fb07dc78e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
2KB
MD5c977881bd63b4862490cbe54b296432c
SHA1f8bf5c11bfbd6fb07af0db16379383c699949c6a
SHA256aabd56b92398fa53a5cae0320417d84b9498d7558a354ce12a236f2b69f58275
SHA512781885e26bfbaad5fac0afddf71e20b907b33dfd2d24d7dd466aca15a54f648b7d13fa81ec8da51924e5cc97bebfd3efa7b5453192823ef1979ff75579bc865d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD57431a6be24166d1b99ea303affea0440
SHA1357cbe81fd9eec932e832f36c5eb245ffceed48b
SHA25612423e0621d4bdee52b7571a2d535039cfce95ce8078347d56bb9f9f36ee9557
SHA5128fd47a33cb467cde793bae3283bc7fb350a0c538cbf26a9b15bfd13b9f55016cf850f3c6538f39f388972725cdc9a52641e065b9c1715b5c9636c06e9e9f86d4
-
Filesize
16KB
MD57b75b600914af462f8f7c1a16bc1bcb9
SHA1dc97f405ac952a4cef871d2d2ed3d210ac5ec777
SHA256334a73f97f00e408828b829195d1926d877ab248d033ceaec3617e586e542b7b
SHA5120e00fbdde12b7afaedb72017f00b40c6da123479d25c84588095fe43aa864cf18a558bca0c020373e0778e256db300bdf80665070944d66c1994a417c6a58247
-
Filesize
36KB
MD58374ef4595e5e7cb94c85973ad92f5a8
SHA127d5d1c19cb7ee7c11c7153fdebe5930c5386e29
SHA2569a07c24b8b3b0b586b013a3c0734696456bcbad0926644d1969e152fb4ba2012
SHA512800b799dedd7a5f5d63a419b4b3e1e09abaf9df90793a8fd6ef2fe1a0a0e148f5ad3ff527bb4d9640532758d7d1dc5ca6c14d1376b1011881c0278f847c0087f
-
Filesize
22KB
MD5c5b642d5f0f040e9650e680024144452
SHA1cf62c45af549334785f0426a7d42033e006fbf38
SHA25692b1fe0fb514d6f434af4e2af8eb25913ac0c0107be03ffb2fcab8f7f04fcfdb
SHA51288a4f82d4d80ade0710610959fd0c86c5d5094c42677a5513ca5266ba855c2b53705ae041905226c136d3a380254e6d56b5e792d2f178bf101533a71af150207
-
Filesize
464B
MD58feabdb87b20f0415064bcbe06df6f24
SHA11d15518341aca4dc1b80d0b44f63fc2f685bcbc3
SHA2563505b71f1e1142b69db65223956b36dc0deb5e42490402e98b6bf49d77444042
SHA512aeabcee879eef6cac3f08536bcbbad27ba3ccf55b1f1e58a9cb1722ec6a85664288befa570cc82913f2e2ff80d9f3623160b35ca67f861e75c9e4c1706f72994
-
Filesize
45KB
MD581796305edb2024be5424aee01e4b514
SHA129896a9e5af8622433a76a52e368bd15216dffd5
SHA256fa9bffb84f9737d518773cd7b8843eea42d9f7de8dfed7a728fb22f2c4f9e36c
SHA512a76a87531da387a48ee52c4eac30530d582724934b8f87e36a1816dedbe2f8032f907afd82a416ab35342289088eb104306801e242f44103c9ed754d9aa4088c
-
Filesize
38KB
MD5b3830d65ea69c2a1896336b47264aebe
SHA1313792dfd3acf297f1c0408712bdf7ee8111e8c3
SHA2563897b9f6fae0bbfcacc84a4bbf99cccbc77782efdea3a70c22e35c2b2d009b6c
SHA51246bf549f39dd3b42ebb22eb0a155fcd740c7ca0c49f7262011e4f0b8880ed6da033747cbef40cdfed7d35ac452d9e8bc8cdbaead357a6b87ce754088735ef964
-
Filesize
38KB
MD543119ded80db6e3fdedd14ffc6ed0c41
SHA1aec0910ed080bf78fc81e2c58f1a63a4ef0d8588
SHA256c2986eda54086d4b100dc7c458b6b9c015ad04424212c4e3b3ab49ec42802c24
SHA5125e2ab0978fd4d75582321627f9a9a2bf2c6a3ecad3b7592c2b7526cc6d2b761223bd82190a61672527bf293cb1f318392ac997b99b13a571a97b4417f6188441
-
Filesize
45KB
MD5dcd8a3eccfa3b080b522035427d5da9c
SHA10cc65a880867f2108d0e08dd90822f146b3ddbdc
SHA2567c0e238dab5c4b9f0cb49d41c7d9452c009542ee3f47c7664a5b03c291401c03
SHA5120c3615a9e128b221b3c69e30945545a27a18cdf2dc18b7f399e5a0dad4593b1642a4f45e17cfa894cd0df2792968a31960f3f393426ae930067c8340cbb6eebf
-
Filesize
45KB
MD557c6583ea43509334e59759814ff08cf
SHA176e2fd65c0115debfba76134e29fd70e2fdb1bcc
SHA256e219ca3067cda3b222151a886be13a9c724e2cd67c3d97b569ac09560d4614f0
SHA512478c425ae393e80a1290d4a3697289f6e7dcc758bd9c1cdb12903f9dcad01e582d12b37e3114f07b8f8fee8d76f99f4a914a04fc7f44f68d5af0229211fd80a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5320397ce031859f60b3bb3acbb260adb
SHA180373db98edae21b33d404bd9f0d3b3e42d2063b
SHA2567a76a60fbcc83b9b7e51640d757fb6818e49096282fd557822e903b6678af88a
SHA512354767abaebe43e7ddf9102c05d101cddfc910febe3c7b2fd51a018b3f8a2133a8b2deb27b4b6c6a017f5cb3322b48b04292627591c87e41bc8f0440cf62d3e3
-
Filesize
26.5MB
MD589eaa2131f58f4e3ef79e7f161bf9fa6
SHA10538efcabb569f0f96d27b857ea6d72a97aaf625
SHA256deee73c72269fac306789c9a5f9768743ba6e4cb3107513faa3f68ae564b96ec
SHA512159b10393436a0c596aa506fed8753bcc6fa40b8b9060a439d32cfd5f5fcf2086d2f78ebff1875df6e390c089f83fd98af46e14792d6a7c834f13f4afc0d0050
-
Filesize
6.3MB
MD55759d6b0f32889fd68cd5405e13ea540
SHA1ac8f7e15cf6969a14bfee188051d7c616f33f743
SHA2567df21eb7620d75f5aff07f7d1201e31ece3adc7f5685b54a6d0fd20a2c43c119
SHA512b80047937970c67990cd78d1ae37b4a376cd92b376098eb166a113697d2e6913fb56ba60f5f9f5c4f51aae956158b1050dd6b8249fb6d95c65f789fff7ac8e62
-
Filesize
4.6MB
MD56a490251b60066a9326877bff301d0e6
SHA12b0d8b16593643a73dbc519b32fad7e0003c7ed3
SHA25648cba769982d6441099a20da6f4c66394f9c09dbbd49ecab310b75b4944e6c05
SHA51265925762130efc9ea0016b329497332a56d2c636df6bb3353473aec6ec227fe3b799422f3148ca28a7efebd871deb3afb61713b20c1ec87fc20b9ee41b5987ba
-
Filesize
352B
MD51bc39f0fb56a6fe09d13d11dfecbe263
SHA1d5121750566e1941ced27d58c009f3ee953161c8
SHA256afb57909c11993cd2f297dc9f7898a573b5e92d2dc333a18b4611bc6e6d6ba7e
SHA5121d30a63df9fcb6e3f55dbc8403077fb639cb19c9ede383afde6a9b8977dd81927c70d519ef1dbd4095d636a9a171790f878c00f84b93e6985e560dc5f64db8e8
-
Filesize
2KB
MD5399a0cc0d4dad42458d37f4047a486d8
SHA1898e1a16ac0d64ad91c441afc95ac1ddc46d44f9
SHA2562195f1c4406f4f3dc42243aaf670dc6aab34009f7013eb973bea2baae58e635f
SHA51264b60a18d71fcd1b64f83097fe994a053013de691f3334d4af95fd84006926f418e84df1877ed19733bec5bb3cfb77ee0fcc8b6d943cbaf8579db74abb067486
-
Filesize
18KB
MD514adb3141c89a041116b1f09d68df311
SHA1218c4bda966984b3ce763f405020c6f806762578
SHA256486bc935aec9eecea518fbc1a46d9dd7ae755d17419828a606231a80ff40d008
SHA51255dc7fd634a03e70315cae82be02f0d7c8bdbbd61ba3f28b590f8ddba5b436f3825c81ed0ca34f1bab85fbcf3db2920749bc98f0144002bac04ce980e7b6d989
-
Filesize
20KB
MD59c12dcd5304a1cbb46fb7b6a9a7bfa2b
SHA1311c2469db4a650862764da39969ad9250bd04b0
SHA2568519b48abac3155c8763503d63b68efb9aa94f8d75684bd4681f0112ee0d9ce4
SHA512ac95f074911728f0718fc64d20f7f9c8e41514ebd146927d03c0cad53fec70118336b091d499a13f52db561d846c4d8dc94b9a11f16d946653d32c4a45d982e6
-
Filesize
6KB
MD5a9732f48c4c54807493883c9bc3bafa3
SHA13e1e6d5fa8e27c18332f800ae4091a332bd7a850
SHA256e85d84265fde313a5a333a5c78cd57fbaafe238da453beb9366290db0f96a418
SHA51290e23c863f962099c16f427a30df57562f5b754be91adc867b3789b36ee54e4c72ffe737ac5b4928c1f01b2944642a73243210a03915a4982219e630a6604559
-
Filesize
31KB
MD58ab877bda87699eba56fb298702ea96a
SHA15ea95221e7332785fb4bd95e3ddc5fedeaeee8b7
SHA2563b780aac9d9fa757e5aa2c82c8e0ff505e496b849869ae6b4f877ece306f8919
SHA512193e4117ec9d19d1a3486197e5b3d2f0a08c765c176c766f8e501e7f69ef578d93005bb4bed0611121a05ce8396c56ade4201b12b0f8fe6cbdc83742e3656a24
-
Filesize
31KB
MD587d03ae64b8bfdc8912e456e5d2af084
SHA166486a75a794de3cd828f320c9c521b84fbe1df3
SHA2563fe9689d6a2d78bdb423cfe268854c6acd00edfee9b0b2fa3358eef0695d9552
SHA5122963c6d963ec725600ff5c7e4934ca1d64155b3a320f6b21e9477373569d563acab05b77729fcbb304c6a4d576bf495d3cc9079856f3403b81fdfa2fa875ffd3
-
Filesize
689B
MD52d4c2d86e4a7d3984ff9eefaa02d0576
SHA1d92e6fb855ea64a83d91804139610f7d00cc5921
SHA2562b06ca5554cbe5fb5804b9ddd5deb7e3bd0fa494e943fee13ca7da551b1f77ac
SHA512ccd203bc6e343d131bae03e8d856c90a4d99f4b4073484a60ef2de7de4bf5ce395df3674853a91509bface588c0e394eabc7e7b304990d2691ae7413619054fb
-
Filesize
6KB
MD5098faca683b8b0981cd1985bcae0e83b
SHA1dd1a0956bfaac9e4a2ca01bcee213224ad9eadc8
SHA25632589433fa2d8492f8d8d40bbfda0d00ae3aa857e2131fe297e8812d00d86277
SHA512ccb279b6caeb5213f2358abaee480e9e6f8eac6d4e5ff389eb14ac0daf7f40d5f8d8fa407a0775032bd699f88116201048587eeda8ab72b7ce64bf369ea195e5
-
Filesize
4.5MB
MD591c000f1c9155d8f543ac1f012f5d39d
SHA1eb271265141e452ebc2287c653dc60d36dbac7e3
SHA256f48f8f19a1e996d763289b5968c53fd07a031e430fd7f8e8ef2f31ac91af5a55
SHA512009b2bc9008d05773bb1a5898dd4846f8c65e4c7953b56918c2e5416d065499d869bf858bff97128551e63a34964f155ce4841ea88d03ac88bb02f01c2960e7e
-
Filesize
1KB
MD50bf9b3763a949593f332ea04c09f9e04
SHA13eaf3565f810877c76dfe3233234c3d7a2920489
SHA256f3a90f0576e4779de2caf5bdf7a2cafea71a97ae7b9354af936beeecc87eb616
SHA512a74a266920a6e8bfa478f315e25560fae9e9d6d399d38d6f49f37bf5594adf68d573d97822cf6d2d302746b3654e7cafd74d4c7841302940a95f82f5202d3b52
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_en.png
Filesize1KB
MD51376f5abbe56c563deead63daf51e4e9
SHA10c838e0bd129d83e56e072243c796470a6a1088d
SHA256c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_en_2x.png
Filesize3KB
MD5900fdf32c590f77d11ad28bf322e3e60
SHA1310932b2b11f94e0249772d14d74871a1924b19f
SHA256fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA51264ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_ru.png
Filesize1KB
MD5ff321ebfe13e569bc61aee173257b3d7
SHA193c5951e26d4c0060f618cf57f19d6af67901151
SHA2561039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_ru_2x.png
Filesize3KB
MD5a6911c85bb22e4e33a66532b0ed1a26c
SHA1cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA2565bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\configs\all_zip
Filesize691KB
MD5f7ca8fead90bcbc1c3a1a84522ee16b3
SHA118c01a06df1972ceef8d496580f4bfaa66775f50
SHA2565bc1b0a641b68a04607963210cdeb39bb4e08de392175b23e20abbc6b19ffbf4
SHA512ee5871159f5976cb42ca3062f383aea6296e58cbce449a2e12dd8514e9b0b576e8ad7ed9f7407c910c57d167f17ee9ceaeb675668233ed99e40f3ef7937b8a64
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json
Filesize382B
MD5909b09582eadd71cdfd92d615ea70a87
SHA1715f244e8c4b306f26649167a2186a598f65f3df
SHA2567bbd3e9581b9990cd48933c7b6ed0a22216db7f3544daf510b4acfadcab0426a
SHA51295a6d43d88b88bacc7ad49ea40b1797f28c2fe835f8c5287b13426581088154d952803c8461d6c311520fa3b92ceae4ee9f9328a9e70ceb9b48be639f948cc4c
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json
Filesize318B
MD5fda6c7f7660e9be254ef3745b8dcc4c0
SHA1953062beb6ba234633f1de0a6964e7dec3ba2cf0
SHA25629660aabd512c66468f36862bf0087855e4c18bee937e9d1a403d548f0ce1b8c
SHA5120b18601b8771071d601c00a8ecb687d807ca4c785c387701f6dff99566fab72227b9af84a17bf9c40a583c2501d3c20cb93681f4a1f6cb0227e4dd5b5a005077
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json
Filesize247B
MD54c817e4c2d0ed4b5603e7192da413a6a
SHA1e70fe2b6c5548273bc00b8863e0752c7bf93ad11
SHA256cbbda477eaadbaf9fc385bff50dfaf9af360dd82fd8b345209456d8da580273b
SHA51239a4796f25ee166dd8a079b3556b1e50d9e85a1bad8a9229a428a9d160411c7362fdf05db872ff167ce23f7769de582f63155863bd3e06313d49e71841f369ae
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\import-bg.png
Filesize13KB
MD5be2acbae1c7b09125a85c5517a7dd70c
SHA1091dbd354f830ddf74258b337dc4f7177a860d1b
SHA256d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010
SHA512dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\dictionary-en-US.mrf
Filesize372KB
MD5c8a293e130ee93c08592f0f5ba9616a8
SHA149e7d245af097bd28af5ffa503858830cd45011e
SHA256fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3
SHA5129f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\dictionary-en-US.mrf.sig
Filesize256B
MD5197eaa00216af72690c09b8b82211809
SHA11e49ba86b771b391b63335fede7614f5ac427f84
SHA256d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c
SHA512f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\stop-words-en-US.list
Filesize9B
MD5202e1cc3e24e0a76bb1fd8779ddae5cb
SHA17566a9437663e808740ef75c9a79f414daa6b44d
SHA25695984aa8caca82fc5c2ac6721e17206e45f12404567bf05bf397131ab83cef58
SHA512dba1d7714da25c670cef62d22638ba759add34e26e69666973e26b7e7542b7c04d3694bb0f22ec2b7f89a33e48b3546507a108a385ba5945e0d293f501511717
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\safebrowsing\download.png
Filesize437B
MD5528381b1f5230703b612b68402c1b587
SHA1c29228966880e1a06df466d437ec90d1cac5bf2e
SHA2563129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA5129eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\sxs.ico
Filesize43KB
MD5592b848cb2b777f2acd889d5e1aae9a1
SHA12753e9021579d24b4228f0697ae4cc326aeb1812
SHA256ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f
-
Filesize
220KB
MD5b8aca2f09f3c9ecbd1c848007c3fd8b6
SHA1e81fc8e2512026f9df9a661529a1e7a9ce0b2ba3
SHA256a3b688dbadf99ba57652809adf074bb6e441895d0035983fae33912128fdb7cc
SHA512df4eae94ee9eee02ce2fb7ced9968d9f644369638ec1ff392a15a28c89e4ec112aef966260be4072681f87145eee1460db1ced15b61798e3955c10eed3454a38
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_BR_
Filesize451KB
MD56a8fa7f8a6893d052627cd428d1e3237
SHA181422d8c739a136967a6bf77167bda1afee1280c
SHA25671e8cdfe763f3479b399ffdb8dacd136e118c52b9d980e75e97a41e592cd258c
SHA51286bf094a4b2d7d13ac1d9d872458ca88cadca6744a638173e0425f4eba5ff624343de2c9b9ef38502174847e0b4f00ce768c7fafdf8e7f8a9ad1d1c2fb308d42
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_CA_
Filesize415KB
MD5f8495a109372348b2f3aa8fd41fac4f7
SHA177c42c500e5a0889ad83d7693c6988b091a45012
SHA2563b5a77e2a5d9bd96d68ae95981d82aab133fca44110622fcf5ee7e12dd667ebd
SHA51219126463e599d7a41a7b1815ca8176a7aac922ef39807c262ae15671bb49c0244e884094b361a20554c08e0aae028155d6608f080fd0d72ee12d36185ea203a2
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_CN_
Filesize746KB
MD5f2826b7f3232265257d6efad0c443d21
SHA19da0d12745e199ac3f30f92c672b4dc97f35c75c
SHA256cfb1791b0a72d00fde5675da5c041fc2de53123b5f5b2b2129237404eb8ba482
SHA5124a8ac9dda75df8016e9b367b5d76afbab7f4f7f6fdcfe7f36d6273b7709fb992c377d21954a3665c234f84f640342b90161965e5dd09942ff8fbeaa8cccf7b8d
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_DE_
Filesize561KB
MD54757da1b4ddb8085be308d987b150a35
SHA1ce3492d4efa7f87e29c6b53aa7e3ac6d9ee95152
SHA2569133f9eca9355387159ecfecc7158796305713c4046445d601eb5ded5fc0d3c3
SHA512025d1e09494ac470f0cdefea6136d928d47f5f795f105603b43f37e43884e2c73da15757dc24f6793760bcc11501a2a4b3832a31f213c6751da20fc866ce9d72
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_ES_
Filesize527KB
MD51c5d71e5a413ad550a08fe785f11d94c
SHA16c90db1ac6f5aa58202ee350f4e53ae3971be2bb
SHA256e60f38def5e81c8784a6e09c61bb9577e3bba62a959d01a1a858f1ac30b61643
SHA5125a74f8161ee5cbca1d935186b28d3650a6632be8d9b558996043decf0ebe05ab81af5ad8d94aa4632e370e596e9db9912c8e08bfaf0e1ef127c0cfd4d059b3af
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_GB_
Filesize403KB
MD5efda29551136fcc4de2ab4092ff02e21
SHA1a911fb873c1221efd99e9ca330435788aea01a75
SHA256c491c7db179d23b53ec7f378f280d971d7b96d738187c1377fed5bc8c89a652c
SHA512e650b8b567dc658720cf74d8eb5cb6d51b4685f208232b9510a6b8739f8caa7f1d5e5e7b20a98b0b856ee56dce86cdae3eb7cf1b83974cb473011253a0af5c25
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_ID_
Filesize161KB
MD52271cc49e222c5fd558572fe9d7808b0
SHA16dbcf76e96e67434b8b9f294a61d1185afd9cbba
SHA2568a4d261a6344c0eca555038eab21dd54d68c3cfbbe6eb11e7792c33f12537d03
SHA512f3c5b9480dda3b8d7d7c36e5b2d4084c776ddd92d3a1e8086b9bb447486060ba07fb3d7ad9c8a15421d19b82b4e61f60057e94da726e5c8a7362438fa8b1961d
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_IT_
Filesize566KB
MD5da963f528183e2c335b3523c5b5e667f
SHA11b63bc824508cc978916ad6ace199d8058ef53dc
SHA256bdc01e40b4ac8d262d616d31bef7d8bd2784c918ec9ea76e2be929bfb554585e
SHA5128e1dca38a869a00bf7eb86b4173850631b1085068da2b49a184ef68029e03b8fe1906d8d0df2f6a5457905570b6dad57191a8175d6581a50092d531bda672e73
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_JP_
Filesize426KB
MD5eb6d55790b6164b73e275c2401ad0550
SHA15c47d0c866925eb05a4b59986921ed60f8a612c4
SHA25661f5b2ef85394c0034cfb05b650d7f4d9d79ffa87f2f6448566929f27a11411f
SHA5120d4915979764f168b320e5152adfc18b186c5c966a3d42ba02c81bd5041386e08a89c818aa79d1c76304a3c9a3971982d5c97fc0493f19c1f283a64317acf9f3
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_KZ_
Filesize380KB
MD57a9698fd54deaf12679dfa246adf5b60
SHA1e824691b404a9aafe617c9c88e2063aaa08794bb
SHA2568ff43d0de20a9e37107bd6428d6ac41843fe4f8261b00b8cea5792b72e365122
SHA512805d72d8ade2e2018e7dba83bfdc292b3cdc4dff9746e717d74f5955466e55f67f8d03076bf1a6c5f8be37e77f8aaf855044b8b28a0e7f39580dad009fea4e8c
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_PT_
Filesize523KB
MD50dde45f225a4290e59bfb55c80d4a51c
SHA13ebbbbb509d51a7c8e5cf409068644ad5ddbc09e
SHA2568acb93ee7331e6b12feb81102b435c4bc044c614ef0fb8e69d2a0116bfe33d40
SHA512d250d3891165505eb1fb7c5d2ccad397428785e8a6bb689dc56b55f2313f4b11bf402132d6f34ab6e9192453c43b74915bd7ddfafaf1716a954ccabd8b4d28c7
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_RU_
Filesize286KB
MD5fbd7c40aa538b758a4588a07e88ac57c
SHA1af30b54822bbd0674cb1ea9a51be19b7a78d43b4
SHA2564ff2f383821f2e77878e4e624aadda8d4fc942e54803c69747da41c9988919c8
SHA512bb183fe4b7f197bcf1ef72b5095cf41065f288c1426b006a6b99873969592825b623eeec51642a98fa783f6d7817766747a3f1209c8344559d21614f12c58448
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_TR_
Filesize530KB
MD59aac83dab47ce1228e8819cdcf1cceb4
SHA1c3d60af194dc7be089ea62750ecedbb6e5fa16fe
SHA256199b7586e0d25718342e3657eedbe81d20968759af4a8a63b04eb9ac6ee56d5f
SHA5123cf47d3c13c752222a34a94896c005db96927c2d5d4c132655bd7a84bfb9607a0feeccefbfae8e98467cd8642c31d843bba4c6293007ef071d91e7dcfc8bf1b3
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_UA_
Filesize557KB
MD51af7c65a09f5b23c8919656a631580db
SHA1c9dca1523cc25f50bdd8d5ce2d354abb40cf6e5c
SHA25671f09d4dc7592990580ad74d2f5262c29f98f72e11319daccdbcd1f095cec3f0
SHA512f39f7490857186663577af939c802757ba35a8b15fd0d7acc9786779f5cd2e179dc41d5b89695abaeaf1b6acc9d20b5754e6201f2ffe55c393e8fedb3ac24eb6
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\1-1x.png
Filesize18KB
MD580121a47bf1bb2f76c9011e28c4f8952
SHA1a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\abstract\light.jpg
Filesize536KB
MD53bf3da7f6d26223edf5567ee9343cd57
SHA150b8deaf89c88e23ef59edbb972c233df53498a2
SHA2562e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\abstract\light_preview.jpg
Filesize5KB
MD59f6a43a5a7a5c4c7c7f9768249cbcb63
SHA136043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA51256d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\custogray_full.png
Filesize313B
MD555841c472563c3030e78fcf241df7138
SHA169f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\preview.png
Filesize136B
MD50474a1a6ea2aac549523f5b309f62bff
SHA1cc4acf26a804706abe5500dc8565d8dfda237c91
SHA25655a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\wallpaper.json
Filesize233B
MD5662f166f95f39486f7400fdc16625caa
SHA16b6081a0d3aa322163034c1d99f1db0566bfc838
SHA2564cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5
SHA512360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\fir_tree\fir_tree_preview.png
Filesize8KB
MD5d6305ea5eb41ef548aa560e7c2c5c854
SHA14d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA2564c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA5129330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\fir_tree\wallpaper.json
Filesize384B
MD58a2f19a330d46083231ef031eb5a3749
SHA181114f2e7bf2e9b13e177f5159129c3303571938
SHA2562cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1
SHA512635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\flowers\flowers_preview.png
Filesize9KB
MD5ba6e7c6e6cf1d89231ec7ace18e32661
SHA1b8cba24211f2e3f280e841398ef4dcc48230af66
SHA25670a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA5121a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\flowers\wallpaper.json
Filesize359B
MD54938bc67f6e2d6e8faeb7ba9ca8dbc69
SHA17600cfbe9d5e6be6a12642670107857abe36e383
SHA2563bdb98cfc0379426a56ac7813f4bdd4787bea9ee8a65b7914e62226e584ac977
SHA51227b680deb837cf7831c2d865f210fa1321fe5a2ee885be1dc058916ae0fa0e6fcf9c9f9de4ee86806dd3ab271c47f79ab621741664b8bdce7be117ff52ef6c85
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan.jpg
Filesize211KB
MD5c51eed480a92977f001a459aa554595a
SHA10862f95662cff73b8b57738dfaca7c61de579125
SHA256713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA5126f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan.webm
Filesize9.6MB
MD5b78f2fd03c421aa82b630e86e4619321
SHA10d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA25605e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan_preview.jpg
Filesize26KB
MD51edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1aeb7edc3503585512c9843481362dca079ac7e4a
SHA256649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\meadow\preview.png
Filesize5KB
MD5d10bda5b0d078308c50190f4f7a7f457
SHA13f51aae42778b8280cd9d5aa12275b9386003665
SHA2560499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\meadow\wallpaper.json
Filesize439B
MD5f3673bcc0e12e88f500ed9a94b61c88c
SHA1e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0
SHA256c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a
SHA51283fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\misty_forest\preview.png
Filesize5KB
MD577aa87c90d28fbbd0a5cd358bd673204
SHA15813d5759e4010cc21464fcba232d1ba0285da12
SHA256ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\misty_forest\wallpaper.json
Filesize423B
MD52b65eb8cc132df37c4e673ff119fb520
SHA1a59f9abf3db2880593962a3064e61660944fa2de
SHA256ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d
SHA512c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\mountains_preview.jpg
Filesize35KB
MD5a3272b575aa5f7c1af8eea19074665d1
SHA1d4e3def9a37e9408c3a348867169fe573050f943
SHA25655074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg
Filesize24KB
MD529c69a5650cab81375e6a64e3197a1ea
SHA15a9d17bd18180ef9145e2f7d4b9a2188262417d1
SHA256462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66
SHA5126d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_dark\neuro_dark_static.jpg
Filesize2.4MB
MD5e6f09f71de38ed2262fd859445c97c21
SHA1486d44dae3e9623273c6aca5777891c2b977406f
SHA256a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86
SHA512f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_light\neuro_light_preview.jpg
Filesize13KB
MD5d72d6a270b910e1e983aa29609a18a21
SHA1f1f8c4a01d0125fea1030e0cf3366e99a3868184
SHA256031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3
SHA51296151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_light\neuro_light_static.jpg
Filesize726KB
MD59c71dbde6af8a753ba1d0d238b2b9185
SHA14d3491fa6b0e26b1924b3c49090f03bdb225d915
SHA256111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e
SHA5129529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\peak\preview.png
Filesize5KB
MD51d62921f4efbcaecd5de492534863828
SHA106e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\peak\wallpaper.json
Filesize440B
MD5f0ac84f70f003c4e4aff7cccb902e7c6
SHA12d3267ff12a1a823664203ed766d0a833f25ad93
SHA256e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658
SHA51275e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\raindrops\raindrops_preview.png
Filesize7KB
MD528b10d683479dcbf08f30b63e2269510
SHA161f35e43425b7411d3fbb93938407365efbd1790
SHA2561e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA51205e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\raindrops\wallpaper.json
Filesize385B
MD55f18d6878646091047fec1e62c4708b7
SHA13f906f68b22a291a3b9f7528517d664a65c85cda
SHA256bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd
SHA512893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea.webm
Filesize12.5MB
MD500756df0dfaa14e2f246493bd87cb251
SHA139ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea\sea_preview.png
Filesize3KB
MD53c0d06da1b5db81ea2f1871e33730204
SHA133a17623183376735d04337857fae74bcb772167
SHA25602d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea\wallpaper.json
Filesize379B
MD592e86315b9949404698d81b2c21c0c96
SHA14e3fb8ecf2a5c15141bb324ada92c5c004fb5c93
SHA256c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65
SHA5122834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea_preview.jpg
Filesize59KB
MD553ba159f3391558f90f88816c34eacc3
SHA10669f66168a43f35c2c6a686ce1415508318574d
SHA256f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA51294c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea_static.jpg
Filesize300KB
MD55e1d673daa7286af82eb4946047fe465
SHA102370e69f2a43562f367aa543e23c2750df3f001
SHA2561605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA51203f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\stars\preview.png
Filesize6KB
MD5ed9839039b42c2bf8ac33c09f941d698
SHA1822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA2564fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA51285119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\stars\wallpaper.json
Filesize537B
MD59660de31cea1128f4e85a0131b7a2729
SHA1a09727acb85585a1573db16fa8e056e97264362f
SHA256d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294
SHA5124cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\web\wallpaper.json
Filesize379B
MD5e4bd3916c45272db9b4a67a61c10b7c0
SHA18bafa0f39ace9da47c59b705de0edb5bca56730c
SHA2567fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01
SHA5124045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\web\web_preview.png
Filesize8KB
MD53f7b54e2363f49defe33016bbd863cc7
SHA15d62fbfa06a49647a758511dfcca68d74606232c
SHA2560bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\4bf94651-ccf7-44bd-9c2a-b72b7f86f598.tmp
Filesize223KB
MD5549d276aa171e5775b923e5e14d4a29c
SHA1e2dc59f9558afcf647e4e8caf2e5cb7bf87736bc
SHA256fd20567aef67980ba32e9cb4979f6a620047d67b6a5d377a27a38967877c15f0
SHA512e32074ac38b9f262aff7b415f6705cf7c6847f090b9ea3be6c1284fc79eb58f90add2b39b128ccba36af5636e9d545a6006c5e317db6aa9ad8a82928f31f0d45
-
Filesize
48B
MD5804d54676daa87f979d6a92a7a488ddc
SHA1c82dd8106508000c222a699974609a62ac6293a4
SHA25620fbdf9f2bab4fd5154cf07c3b6e6839f0cb74abc326b7cca10f7c25b3db6570
SHA512f6dd881af9da552c563b5645dc7b887686713537bce0d3c08a6eda45f44336bc6dd340ce869397ed3b94e262d4a44b36ded3e5a8bef7043e07bb6543dc5b2d73
-
Filesize
48B
MD50f4c0ffb7e3dba99130511338df01fa9
SHA10d2bd9647bd8577511d25d2905b296fd26349a4b
SHA256c56ae312f0c238f437cc018459e1cd1ef9e7efb1cc39ceec9760ae75ac844c6c
SHA512c715d880392adbffb42728f5f2ed5fc6f215a391d3bb05899f0ddc9a01e23f965cfe309bf21c02716e34cdd23e30530744b63e3124baadacd08af7fe0718a581
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0b653c76-ec56-493f-881f-96cfec9a8a36.tmp
Filesize160KB
MD554497ce2271deb0e673ec048b44da343
SHA15f886314234b7aa6a4da5efc937a9d63ed007727
SHA2563dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b
SHA512d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State
Filesize887B
MD5cfd79b50847ad2654cbf22535a945ecc
SHA1ff856673ec89db2ed32c9f02a59da79d1a07f035
SHA25659e19bdd38396f6b53a1dc45d40200e82f870616e488523bf4c5692c2313dde1
SHA512ee43ff6d28082f795f26453328c4d94bdadc2908b88b4956ceb7dcd98bbd2511ea59fbc5bcd9b5847e36a0976bd389dcf08547423b1dd8f9ae94f23c7201f288
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59b4fe.TMP
Filesize59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
Filesize
1KB
MD5f541cad788ab9249a5630381aa2b6da0
SHA1e09d3a23b11ea0ba8ea4d39e4ccca3ec3305c116
SHA256d2ae77bbd82f275074c99d940559836e4693796c0e385acdca8c633f048d3916
SHA512541be9bec78ca6d2c02db94388bda0997c7d3349a7fccf10fe44ad6281b6a6b66809a283a68047304ff88a7c842867752f8c42378f9784950ba7f4da1b58cf7f
-
Filesize
1KB
MD55f16c93e5894b20d4c771fd9ff389cba
SHA181ae05201829654c584fed8a7ebd80579f696be6
SHA256b2ef034aabcc5c7528f6ee6739f2bbb53bbeee63889cb060eb0707033f579e65
SHA51206c05b266f70bd9ab0acb1f2fe719f1d443da51c3789e97b3573a46eaddb1ca80f1b8c918fd045f2a1972decfebe712600ac5a72e3c4703af80c48e02537447e
-
Filesize
1KB
MD58063621117cce7a62c661d2f1ddb91dd
SHA1188c40f4021e5b63b20c4308b0597a4020234b98
SHA2565dc39dd3aa40603aaa4c9d5f1b8a6c3a1ea3a383f44b515df23c1398492ade47
SHA51260b5225c042e2b5e9a7b8bb5236689e68be9882c075c06f26bce5ec9f6fd9eddd230d0690ad4edad4c5ae3e94ad799c7ba87f7f6848b3cc135117e8aecfcbef9
-
Filesize
1KB
MD550ae286f328f0d03cc5acf18cc052e32
SHA18a93f0825eed731d5c635b4daa089bb466c6bfd1
SHA256e196925edbe7cc99bcb88280891ce664a72d13a384a19c3c426785c2340d1143
SHA512ed4b63ebf65fca30c016318ed306fb001957d1933fdc214b974ad271a4b76cf0bcb881817221ea32ad9140ed2ab9ea6132ae07f0decdcfa1605bcde74543ccb4
-
Filesize
690B
MD5c2eb3847fe60bb74bdacf30db7a76944
SHA1c8ff71355e1328bc3d0a04c6861da916ab64b907
SHA256a917bde527466bbaca164e099ba5925b2f33816adc6488424564d47927486ff2
SHA51281b74d0fa66100c2d6c073a5ca6701bf32bf5a1ce66b6fdeaada1b128c71397973b24049008bf1e0bf45f1b76c6e3e9bd1dac0faad771b11c716c685dc2356f2
-
Filesize
1KB
MD5585b214813902f41279363a8db4a0331
SHA13028d61cb7209cf725942921e07a573c190b2dcb
SHA256227c2f09629a433a748468fd74234fcca0c748f35bfc2f9b2fe09ef150e7b266
SHA512b49bf9c0ff93edf0a0af9245b6194913c53c6a225b02e6465f380d53e4f6104ce5d51a79695149b7094e296b30d9c06d172b29c10e4adf4b03a32595871136ea
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe59042c.TMP
Filesize356B
MD5bcf1a42e5ae3d0059bd133be03665f16
SHA17d2cf1a019dd4249293c6ccdf46ab84c32a15692
SHA256a0d86820621df7c243abf394d9c8ee41df118d96b1c297c07b54d7805a15c573
SHA512cd119100cbfa1fc1e6db203dcd41d5225a89d24496e1999ef6a5d739cd3744372917d070b40ad37386ed9c6c584a693120ec7a439d8ef6cd9d6c8a9b833693b4
-
Filesize
7KB
MD5ec2bc3b809757454b9d4d7425b134490
SHA1c843dca5db11eefba43810c02776c4b04fb75e8a
SHA2569851a97d71ea6fa84345bb67efbc74639407961803000fed97c4357ccc67944d
SHA5127118aef10c47818cc9c2d1ece1a48b6458b05bbbab27e28df767646540817f5b132d42f82b4806b02acfe4922230f3e90383e519790ce0ea545afbf580516d8b
-
Filesize
13KB
MD5fb310c1b74bf4b650252f47b4cd13ba5
SHA1adc11e1ff65e141bcbcac5bd31013da6e8018978
SHA2560b3a26466f7fcb9925d95dfa27a20b018206f30bb3f6e53ce20c83acd76368f2
SHA512ac2cbb9de61f79b78361310190b816ffc17cfe7b761dd074d02865f1dffe24ea30ad3da46bf62c9de03f5a1636550f8d380d8dba8ce63bf08f8221922ef5b970
-
Filesize
12KB
MD5a04c509e350482421cce4c1cbf68e577
SHA1bcfe0df3d8270c06c87526e27755614fd318d137
SHA256649244db118fa9a3b437db186f26fa534315ac98597d7ccfa84e287e2b09679f
SHA5127ed9593b6dc6a01a450318788134da1d100d9784dc94f07c3a3f80deba5fda793f1c0d9d78faf225f3fdb24ef6cce8994c3967ef64affd687287a333bc967b6d
-
Filesize
12KB
MD5e69b930626dcf3d7a6562841d881b423
SHA1b3b2d6e9b21c676e9c6c2c356a82527ac59af2a2
SHA256a6e3ebe96af4762865b108c6b38e1d677685d45c76cc47a9707eb723f44de958
SHA512647b0c290791e63d03063715841dc056f9e53b741339915f0862e2ee3be7f2b54768e71e3bacc0f76186a74c081ad49bcc8031b399d6a66344543b2d6185d4df
-
Filesize
4KB
MD55ce9671d2e41f828c55605888b218655
SHA1445c39e45fd1abe035030debfae3c88b7061d9e7
SHA2564055c354e1c04ad0456cd65b8884681774217d9be0af80892752897a1c4e3c77
SHA512b8bb6437236af99aabb9fc2b9244c94f7d9f4d0a5829918287bb696bb6d4ae6b708c975474ade0da2fa4604c92e31df6ce3eae213280b26c42336e936579b8c8
-
Filesize
9KB
MD53d55081d5700612ae1fb4f2bc9aee8e2
SHA1e192c118695aa4c9e435578a3a5a008474d9cb23
SHA256b4b35f04ee88c95d1e1fece144b70ed87103375ed8f6398c12317642a804d8ec
SHA512a747495044178e54ca2659605534630f800536f98cc6afdcb7122f56ebe72644cecf575b4490579853850119e55e4067372f99be9572209d52961de752020ed6
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe589eeb.TMP
Filesize2KB
MD5423991eae8521aec09a7a961c878e843
SHA1fae9b74f95206423aed0ed210947f28e4cc53692
SHA256877c101919eeab749de66d18051b2029e5f3aab8575bb71eed4bf474d9c65349
SHA512296ab711dbf06b89cb6f33a4cd526be09c78dfa8315d164f875b88e1f793441d7347d1834c3e050a9dfea80ea99e1dd01a5167e9bd171f580846d907ebc83429
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\a1ee86e2-92d7-4da7-8e9c-a0daf8543812\index-dir\the-real-index
Filesize4KB
MD5030bbf0ecc0626ec15944b67bfe16ff4
SHA13d6496679306957244d7041e2e1829cc9da94136
SHA2567d32598a1137134cdbb8d3f4a644c0470613c4ed15615073df92bc01e41c6e12
SHA512e67531c451ee4f735cebf7d445718ce235ccf09c4def93653368879e5bc46ea84965faf6c88dc54ba2e0dba75139c553dac091830f62ce4d300b467274703939
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\128.png
Filesize12KB
MD5e4e50cc5b187d2c380bd98cda0ce9140
SHA14b9e71a015e7201eedec8b1cd51219b18e232eab
SHA256b7e5aff778e8930f415ae444c9caa6fc4eb6a26bfee7d80603c6c69a645a2702
SHA512fd454ffcbd68f1071dd5d54a221b3f41aee88be38b5acb63bc285d04232da9d13fdb9011a85f87c579043d7987f0863e6ec8b3ac1013454ee6bffa5acf4e67cf
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\16.png
Filesize752B
MD54ba9bff449aa818bd40d00277c088df7
SHA13fd8742ca57a086075239e1c2f76821177aac653
SHA2561532cd8dd902ae80ed72d42304d8a43194cca7d18b0c993fa4ac938a8631b702
SHA5128dee24d83ceabe5728dc4cd38f21de57ae7355db34818976d117adfe37e2687b8630d353dde0d5815354c63b75d960769ad151d0717213924b1a8a1abb406573
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\256.png
Filesize24KB
MD51535a76a498b65bee06ded1c5f50e4a1
SHA1018661eeef38f3d500aedbfe207d832b0f90a42f
SHA2563bca4e4770c35facfc30643c961cdd582df578fbe5c8dc4fac0b58bb11dd4e5d
SHA51287005610e053dde9f81f2f86e41170b6470678a8dd6963b0bb979e1ae0c493c204f93fdc002a4cf76d17bf627750968802dd0773afe5d5cc6a8fbd4a8425f3bf
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\32.png
Filesize1KB
MD5b2e115beeb708b1128414a99e1364795
SHA17133bd55ba21daa3a1309e89e4ae6add3c7e582e
SHA256db9a7fa18af97a9ed6d6936b6661da6d5438f3580191a879079e444a1675405d
SHA5123760e8ba321ea5265ec92340768b2f8f3247b97751f7998c48694e7890c3521bca126dedaa26272b0b570f2e4338e42b6f377f9afbe581ba7a7d51730379bffe
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\48.png
Filesize2KB
MD5d2febeac064e50019485b7eed903fc19
SHA183d85f246a6cb8d55d7d159a82163cbca82a5476
SHA256086dbea695a07a1c9a128e217c75f33feed49be7c48b86987928ed1286145994
SHA512592d28728d6278ea1a7425122c88a556e4584107bab883915cd5a7414abfeec2f3ca6efa89b78147399a12943261a80f1931d721363e52e82afe0675a03c63a1
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\64.png
Filesize4KB
MD58440c3597e83ff1c7a7cf59556cf5a2c
SHA1cb5f1dce00457d8475dae15df3dd71f66c43060e
SHA256bf089d45819bf9d044583525c34ec0a1199fbd8ae1858f8d3eea07ee332b2a59
SHA5125b00af8c7ac557c8bc2ec9f9afee1e91cf06c33ee3deabfec7dd4b382a12ff0a942f90c501c44e66b38f38e448b465fa55a8c74e8afbb357e3c2e1381aef4628
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\96.png
Filesize8KB
MD54f2707f07034b3bff67c301f7e849d2e
SHA13c3fc972f9eb7b670d94b018356a78067851c2d2
SHA256ef2af430071fedf5ca3a58ee3370ed517aeac8ed39860cb914c69730f9dec188
SHA5121ef91c533c93ed39246514be9bb4817bc553f755a08c0f36d6f0f40c31a73ccc1003fb422e4ada109d15048c80abb7da2a13bc5a5557ea189bd528c1e3a9cb2b
-
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\f9518420-d457-4cdf-9d8d-fb47785747fc.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
40KB
MD51a06e08dfed875c7c748f64c025271e4
SHA159a6141df43098a3c310c1270a7ff7f0cef5835d
SHA25643e05d187b826422c36e4c9acb77808bca80e7cde5b84a686b93eb2437984c97
SHA5128c719eefed7204e7938525652ff9fdf70278bdcfe004cb8d2860a20545410f1833cc1af03b84a4073b520557a367bbeae996514d1a855da0ebfe95c6a600ad71
-
Filesize
24KB
MD51d59a0a6c415adab506916c65a193662
SHA1af5ad5bcca658cee30578922da38de57ebea9747
SHA2561281e37e94ff1db893a3c5ae1aaf5f3d04448abaa0cc394c7485dbee4cdca616
SHA5120ff4c4fdc59bc138b502e27146b9ac40803a6726d34a65d35e577c123d2f72c7b6fa324dce0346e32d6514a9388927cda49d852d44642afb54c4bfce970f2dfd
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
38B
MD5ee7adeb6130218042cf81fc772b180a4
SHA1afc73e3e84ce451a4a8c3d5ac27221c077a9286d
SHA256ee6049f4221bfdbd94a2de0973ca39d89ae960773736b73af96895c4be5ffd9e
SHA5126d6e02f2579420d7d08b39dd1115b6f3466d26fc44ede83c03feb81cacd4a5cc7fc218600ed4983998ef898826af986d213f9f19705f720a98ea3788d18b0f3c
-
Filesize
3.2MB
MD5bf41f8b435b3f60dc71829aa4cbd73f4
SHA133079b8e8525872b0640b727541112b6bb83cc11
SHA256f2c822e9e553d0432be8acb4cc561743b49fe11c6bb07a6d730a88bbddd40adb
SHA512ace1bd09acd2967c3b331cc173903d81ec7fbda4318a833627b0ef307e1f9cc4af1491a95f64e24394d1230e21364cd3a505cc39196be105de38e1752734d208