Analysis Overview
SHA256
1f0e5d982b4d5f0fb055e2c9aa427ad6930f3ddb7726053ca1c8cd0687617c1d
Threat Level: Likely malicious
The file 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Modifies system certificate store
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2025-06-30 18:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-06-30 18:37
Reported
2025-06-30 18:39
Platform
win10v2004-20250610-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation | C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
| N/A | yandex.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7 | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7 | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_HK\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hy\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\yandex_browser_service_update.log | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ml\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\be\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\is\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\et\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ca\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\yandex_browser_service_update.log | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\am\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\fr_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lv\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ta\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ro\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ja\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\yandex_browser_service_update.log | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\msedge_url_fetcher_2444_92903512\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\vi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\uk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\si\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\offscreendocument_main.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_TW\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\tr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\af\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\az\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_619473589\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ms\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\cy\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\sw\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\cs\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lo\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ar\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\es\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en_US\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\eu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lt\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\mn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\yandex_browser_installer.log | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\gl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\iw\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Program Files (x86)\yandex_browser_service_update.log | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\128.png | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_CN\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\fa\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\pl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\km\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\page_embed_script.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\sl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ur\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\id\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\mr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\bg\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\System update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File created | C:\Windows\Tasks\Update for Yandex Browser.job | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File created | C:\Windows\Tasks\Repairing Yandex Browser update service.job | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| File opened for modification | C:\Windows\Tasks\Update for Yandex Browser.job | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\AppDataLow | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133957822678279985" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser TIFF Document" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTXT.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBM.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.png | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.html | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser HTML Document" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg\OpenWithProgids\YandexJPEG.SSNWQYXUD2B7YHNW3XD5VITEAI | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.pdf\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser EPUB Document" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.js\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-113" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexXML.SSNWQYXUD2B7YHNW3XD5VITEAI | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg\OpenWithProgids | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexXML.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.css | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.infected\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Malware Infected File" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.txt | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.pdf\OpenWithProgids\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationName = "Yandex" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCRX.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexGIF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSWF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\yabrowser\shell\ = "open" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\Application | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCSS.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCRX.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJPEG.SSNWQYXUD2B7YHNW3XD5VITEAI | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.webm | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCSS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSWF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-118" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\Application | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexGIF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\shell | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.css | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.xht\OpenWithProgids | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe"
C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe" --parent-installer-process-id=1672 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp\" --variations-resource-file=\"C:\Users\Admin\AppData\Local\Temp\variations_resource\" --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp\" --verbose-logging"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ff9a599f208,0x7ff9a599f214,0x7ff9a599f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1696,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2432,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2184,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp
"C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=511006318
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5292 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x9190a4,0x9190b0,0x9190bc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4708,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe
"C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe" --setup
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --install
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --run-as-service
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4584 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0xb90b3c,0xb90b48,0xb90b54
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --update-scheduler
C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe
"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --update-background-scheduler
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe
"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6424 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x2d4,0x2d8,0x2dc,0x2b0,0x2e0,0xa090a4,0xa090b0,0xa090bc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5292_1884432687\Browser-bin\clids_yandex.xml"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=524930 --ok-button-pressed-time=502411865 --install-start-time-no-uac=504927510
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=5928 --annotation=metrics_client_id=1323c0ae4e78499c955c7153e33cb33d --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x71e4fd98,0x71e4fda4,0x71e4fdb0
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2348,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:2
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2180,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:6
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Network Service" --field-trial-handle=2684,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2780 --brver=25.2.5.953 /prefetch:3
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Storage Service" --field-trial-handle=2968,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3436 --brver=25.2.5.953 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Audio Service" --field-trial-handle=3232,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3656 --brver=25.2.5.953 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Video Capture" --field-trial-handle=3288,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3880 --brver=25.2.5.953 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --shutdown-if-not-closed-by-system-restart
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Data Decoder Service" --field-trial-handle=4028,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4064 --brver=25.2.5.953 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --may-use-trampoline-gpu --field-trial-handle=4440,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:1
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --shutdown-if-not-closed-by-system-restart
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Profile Importer" --field-trial-handle=5136,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=5148 --brver=25.2.5.953 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1751308686 --annotation=last_update_date=1751308686 --annotation=launches_after_update=1 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2824 --annotation=metrics_client_id=1323c0ae4e78499c955c7153e33cb33d --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x71e4fd98,0x71e4fda4,0x71e4fdb0
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=4828,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4420 --brver=25.2.5.953 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe" --set-as-default-browser
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2164 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0xce90a4,0xce90b0,0xce90bc
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1370627623\w.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1920355567\d.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1920355567\w.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1731745139\d.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1731745139\w.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_211098789\d.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_211098789\w.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1703700227\d.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1703700227\w.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_2048261245\d.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_2048261245\w.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1022206747\d.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1022206747\w.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1736104095\d.bin"
C:\Windows\SysWOW64\regini.exe
regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1736104095\w.bin"
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=2696,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4888,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4076 --brver=25.2.5.953 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4816,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4140 --brver=25.2.5.953 /prefetch:8
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4672,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4100 --brver=25.2.5.953 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6452,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3776,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.browser.yandex.ru | udp |
| US | 8.8.8.8:53 | download.cdn.yandex.net | udp |
| US | 8.8.8.8:53 | api.browser.yandex.net | udp |
| RU | 37.9.64.225:443 | download.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | cloudcdn-rad-04.cdn.yandex.net | udp |
| FI | 5.45.192.11:443 | cloudcdn-rad-04.cdn.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | cloudcdn-ams21.cdn.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| NL | 5.45.247.24:443 | cloudcdn-ams21.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | cloudcdn-fra-02.cdn.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| DE | 5.45.200.109:443 | cloudcdn-fra-02.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | yandex.com | udp |
| US | 8.8.8.8:53 | yandex.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 2.18.27.68:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | yandex.com | udp |
| US | 8.8.8.8:53 | yandex.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| RU | 77.88.44.55:443 | yandex.com | tcp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| RU | 77.88.44.55:443 | yandex.com | tcp |
| RU | 77.88.44.55:443 | yandex.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cloudcdn-kiv-03.cdn.yandex.net | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | yandex.ru | udp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| FI | 5.45.192.135:443 | cloudcdn-kiv-03.cdn.yandex.net | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.200.1:443 | clients2.googleusercontent.com | udp |
| GB | 142.250.200.1:443 | clients2.googleusercontent.com | tcp |
| GB | 142.250.200.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | cloudcdn-fra-01.cdn.yandex.net | udp |
| DE | 5.45.200.107:443 | cloudcdn-fra-01.cdn.yandex.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cloudcdn-ams01.cdn.yandex.net | udp |
| NL | 5.45.247.54:443 | cloudcdn-ams01.cdn.yandex.net | tcp |
| RU | 5.255.255.77:443 | yandex.ru | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | cloudcdn-kiv-01.cdn.yandex.net | udp |
| FI | 5.45.192.132:443 | cloudcdn-kiv-01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | cloudcdn-rad-01.cdn.yandex.net | udp |
| FI | 5.45.192.5:443 | cloudcdn-rad-01.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | cloudcdn-ams14.cdn.yandex.net | udp |
| NL | 5.45.247.10:443 | cloudcdn-ams14.cdn.yandex.net | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.net | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.com | udp |
| RU | 213.180.193.234:443 | api.browser.yandex.com | tcp |
| US | 8.8.8.8:53 | api.browser.yandex.com | udp |
| US | 8.8.8.8:53 | api.browser.yandex.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| RU | 213.180.193.234:443 | api.browser.yandex.com | tcp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | sba.yandex.net | udp |
| US | 8.8.8.8:53 | browser.yandex.com | udp |
| US | 8.8.8.8:53 | browser.yandex.com | udp |
| RU | 213.180.193.232:443 | sba.yandex.net | tcp |
| RU | 93.158.134.121:443 | browser.yandex.com | tcp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| US | 8.8.8.8:53 | browser-resources.s3.yandex.net | udp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | browser-resources.s3.yandex.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | storage.ape.yandex.net | udp |
| RU | 87.250.251.66:443 | storage.ape.yandex.net | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| RU | 77.88.55.242:443 | tcp | |
| RU | 77.88.21.37:443 | tcp | |
| RU | 213.180.205.147:443 | tcp | |
| RU | 213.180.205.147:443 | tcp | |
| RU | 77.88.55.88:443 | yandex.ru | tcp |
| RU | 87.250.247.181:443 | tcp | |
| RU | 77.88.21.36:443 | tcp | |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| RU | 93.158.134.121:443 | browser.yandex.com | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| RU | 37.9.64.225:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| GB | 2.18.27.82:443 | www.bing.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 399a0cc0d4dad42458d37f4047a486d8 |
| SHA1 | 898e1a16ac0d64ad91c441afc95ac1ddc46d44f9 |
| SHA256 | 2195f1c4406f4f3dc42243aaf670dc6aab34009f7013eb973bea2baae58e635f |
| SHA512 | 64b60a18d71fcd1b64f83097fe994a053013de691f3334d4af95fd84006926f418e84df1877ed19733bec5bb3cfb77ee0fcc8b6d943cbaf8579db74abb067486 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | a9732f48c4c54807493883c9bc3bafa3 |
| SHA1 | 3e1e6d5fa8e27c18332f800ae4091a332bd7a850 |
| SHA256 | e85d84265fde313a5a333a5c78cd57fbaafe238da453beb9366290db0f96a418 |
| SHA512 | 90e23c863f962099c16f427a30df57562f5b754be91adc867b3789b36ee54e4c72ffe737ac5b4928c1f01b2944642a73243210a03915a4982219e630a6604559 |
C:\Users\Admin\AppData\Roaming\Yandex\ui
| MD5 | ee7adeb6130218042cf81fc772b180a4 |
| SHA1 | afc73e3e84ce451a4a8c3d5ac27221c077a9286d |
| SHA256 | ee6049f4221bfdbd94a2de0973ca39d89ae960773736b73af96895c4be5ffd9e |
| SHA512 | 6d6e02f2579420d7d08b39dd1115b6f3466d26fc44ede83c03feb81cacd4a5cc7fc218600ed4983998ef898826af986d213f9f19705f720a98ea3788d18b0f3c |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 14adb3141c89a041116b1f09d68df311 |
| SHA1 | 218c4bda966984b3ce763f405020c6f806762578 |
| SHA256 | 486bc935aec9eecea518fbc1a46d9dd7ae755d17419828a606231a80ff40d008 |
| SHA512 | 55dc7fd634a03e70315cae82be02f0d7c8bdbbd61ba3f28b590f8ddba5b436f3825c81ed0ca34f1bab85fbcf3db2920749bc98f0144002bac04ce980e7b6d989 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 9c12dcd5304a1cbb46fb7b6a9a7bfa2b |
| SHA1 | 311c2469db4a650862764da39969ad9250bd04b0 |
| SHA256 | 8519b48abac3155c8763503d63b68efb9aa94f8d75684bd4681f0112ee0d9ce4 |
| SHA512 | ac95f074911728f0718fc64d20f7f9c8e41514ebd146927d03c0cad53fec70118336b091d499a13f52db561d846c4d8dc94b9a11f16d946653d32c4a45d982e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b3830d65ea69c2a1896336b47264aebe |
| SHA1 | 313792dfd3acf297f1c0408712bdf7ee8111e8c3 |
| SHA256 | 3897b9f6fae0bbfcacc84a4bbf99cccbc77782efdea3a70c22e35c2b2d009b6c |
| SHA512 | 46bf549f39dd3b42ebb22eb0a155fcd740c7ca0c49f7262011e4f0b8880ed6da033747cbef40cdfed7d35ac452d9e8bc8cdbaead357a6b87ce754088735ef964 |
\??\pipe\crashpad_2444_ABATGVUGFGEFFQNH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2294f3d9a64baef128a25b87589d389f |
| SHA1 | 424e387efc6a6a15e78b75f6993c1c2b3075b1df |
| SHA256 | 36f7957c705b6991cf14d92a054f5f029666152a4064d59cb0ff3d928b29281a |
| SHA512 | bb23f81a610122ced958c119f398ccb753bc760084b92484f78a9459cc4d055ac6268aecaa350bc311fddbc08be89103ff36ebfa92e240e383ee2f155e899858 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 8ab877bda87699eba56fb298702ea96a |
| SHA1 | 5ea95221e7332785fb4bd95e3ddc5fedeaeee8b7 |
| SHA256 | 3b780aac9d9fa757e5aa2c82c8e0ff505e496b849869ae6b4f877ece306f8919 |
| SHA512 | 193e4117ec9d19d1a3486197e5b3d2f0a08c765c176c766f8e501e7f69ef578d93005bb4bed0611121a05ce8396c56ade4201b12b0f8fe6cbdc83742e3656a24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
| MD5 | 87d03ae64b8bfdc8912e456e5d2af084 |
| SHA1 | 66486a75a794de3cd828f320c9c521b84fbe1df3 |
| SHA256 | 3fe9689d6a2d78bdb423cfe268854c6acd00edfee9b0b2fa3358eef0695d9552 |
| SHA512 | 2963c6d963ec725600ff5c7e4934ca1d64155b3a320f6b21e9477373569d563acab05b77729fcbb304c6a4d576bf495d3cc9079856f3403b81fdfa2fa875ffd3 |
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe
| MD5 | 6a490251b60066a9326877bff301d0e6 |
| SHA1 | 2b0d8b16593643a73dbc519b32fad7e0003c7ed3 |
| SHA256 | 48cba769982d6441099a20da6f4c66394f9c09dbbd49ecab310b75b4944e6c05 |
| SHA512 | 65925762130efc9ea0016b329497332a56d2c636df6bb3353473aec6ec227fe3b799422f3148ca28a7efebd871deb3afb61713b20c1ec87fc20b9ee41b5987ba |
C:\Users\Admin\AppData\Local\Temp\master_preferences
| MD5 | 2d4c2d86e4a7d3984ff9eefaa02d0576 |
| SHA1 | d92e6fb855ea64a83d91804139610f7d00cc5921 |
| SHA256 | 2b06ca5554cbe5fb5804b9ddd5deb7e3bd0fa494e943fee13ca7da551b1f77ac |
| SHA512 | ccd203bc6e343d131bae03e8d856c90a4d99f4b4073484a60ef2de7de4bf5ce395df3674853a91509bface588c0e394eabc7e7b304990d2691ae7413619054fb |
C:\Program Files (x86)\yandex_browser_installer.log
| MD5 | b4138ab0bf2bf3be822bfa6624accd8a |
| SHA1 | f8741a1e1ae4e421e8120beda1eded33d6b1c60f |
| SHA256 | 61908742e2fe1c5dbdf06512be595333d1d8df032ed355a9e1e0b47af0e9b0fc |
| SHA512 | f0377865a0e6539dedf2943b9d728923aad7e0710fab1cbaf4391daeb862a1bfec9debf9013d3f4a9c0457fc3b1f456b57aabd3c11526314102eb1cad9bf5152 |
C:\Users\Admin\AppData\Local\Temp\distrib_info
| MD5 | 1bc39f0fb56a6fe09d13d11dfecbe263 |
| SHA1 | d5121750566e1941ced27d58c009f3ee953161c8 |
| SHA256 | afb57909c11993cd2f297dc9f7898a573b5e92d2dc333a18b4611bc6e6d6ba7e |
| SHA512 | 1d30a63df9fcb6e3f55dbc8403077fb639cb19c9ede383afde6a9b8977dd81927c70d519ef1dbd4095d636a9a171790f878c00f84b93e6985e560dc5f64db8e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_2160353AED26D1201CFEDFD521209521
| MD5 | e185f054ea313d4383e6fbbca506964d |
| SHA1 | bff51b14a76fe56ed31eb2d0f0867d2108d4cbf3 |
| SHA256 | dbc877e50348681c90ab6283640aa56da97e7a767a8674a1a47dc42d9cbfdc16 |
| SHA512 | d346417a319c65ab5d8c17f8aa7ead94a76b594e72362d566d4a8901a127da7a0bf2ddfee0e0602245fa32e1e224277be1f6264b952c7dcf6bd2ed6a835d72a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_2160353AED26D1201CFEDFD521209521
| MD5 | cddda702e71714964b2a47d8d5110231 |
| SHA1 | a66801c75dacc601f4af23eeff54a7d15c1a3cf8 |
| SHA256 | de89d5ce717583a1acd87754fca787163272b8ec1ff401f221dc2fed7bb49fbf |
| SHA512 | c8ab313826c4e4e8df6e46077cd9ff694a390c5ec7d1242003f836712498caf3fc767b842dc27c9d15d68ca729289cc3db244b90aee3465bf983e457ad0a2a20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
| MD5 | 6fe28659ba9a49940f4cd0374ea0ac60 |
| SHA1 | 6f074f8f91774468518d3030225823498c65a60c |
| SHA256 | d082c00af8949078f9a14f19305c7e49a3e07c8e3f78f62a424a6c23aa3a44b0 |
| SHA512 | 3189a298cbc204033aeef5635102ef08ea3e01a10fa03123dbd3d9c3e05804f89d5f4e3b6dcedcbad283e45aec48c21cd4d833ab2a723e98f19f1f150c1c01c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
| MD5 | 023e1c45635d8f621457815d9e259550 |
| SHA1 | 8f8ff19bbe52f32c125e5ea4f034584ccb3120d8 |
| SHA256 | 27ec0b9014ada3b3b8b91168a0d65d4903b0fcc4a3f25022e1d0f1c70f595e9c |
| SHA512 | 47ebdfd9ccb8e7a898aa8db8993570e917221ec01d2d49c4b2f1b6c36ea8cae572ef4464f60936f559acb525a33ccc2840929eb92a3842bb401662b9a2f19f88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
| MD5 | 498ad9853d167f2f1bde3f58ee8c63fe |
| SHA1 | c7b079f72b4c80ae13263bab48fb114925d20982 |
| SHA256 | 30790c363a1ba95a6397bbb1887a15464d17e82dcf50e6b08c45283b1e350c9b |
| SHA512 | 55cba5fd06dfc36bb3b776c5354e32d06aa502375c7bbe152ba774206bb69f6e134cde441133bf9dc9935bf1ad1a1c93359cd6bffef7bcbc4cd462cac0a4165d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
| MD5 | 668197979aeadf55b56378c56fc27456 |
| SHA1 | 463801e6a36a30dffa2199b6dc7f107fe6cc75fe |
| SHA256 | f74002fa936b1fe49ab5f1b4200b36ee51123f3d9846ea0422eb536d7f4c1d32 |
| SHA512 | b89f8b4a9029b460d6fef7691a8360c7bd3b0259586add0a297e2506fe50586d4e6df8ce3f8cc1d63f962aaf20f90715541fd70c32cbf4fe6900ae4d69d45e3f |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 320397ce031859f60b3bb3acbb260adb |
| SHA1 | 80373db98edae21b33d404bd9f0d3b3e42d2063b |
| SHA256 | 7a76a60fbcc83b9b7e51640d757fb6818e49096282fd557822e903b6678af88a |
| SHA512 | 354767abaebe43e7ddf9102c05d101cddfc910febe3c7b2fd51a018b3f8a2133a8b2deb27b4b6c6a017f5cb3322b48b04292627591c87e41bc8f0440cf62d3e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 43119ded80db6e3fdedd14ffc6ed0c41 |
| SHA1 | aec0910ed080bf78fc81e2c58f1a63a4ef0d8588 |
| SHA256 | c2986eda54086d4b100dc7c458b6b9c015ad04424212c4e3b3ab49ec42802c24 |
| SHA512 | 5e2ab0978fd4d75582321627f9a9a2bf2c6a3ecad3b7592c2b7526cc6d2b761223bd82190a61672527bf293cb1f318392ac997b99b13a571a97b4417f6188441 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b75b600914af462f8f7c1a16bc1bcb9 |
| SHA1 | dc97f405ac952a4cef871d2d2ed3d210ac5ec777 |
| SHA256 | 334a73f97f00e408828b829195d1926d877ab248d033ceaec3617e586e542b7b |
| SHA512 | 0e00fbdde12b7afaedb72017f00b40c6da123479d25c84588095fe43aa864cf18a558bca0c020373e0778e256db300bdf80665070944d66c1994a417c6a58247 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 8374ef4595e5e7cb94c85973ad92f5a8 |
| SHA1 | 27d5d1c19cb7ee7c11c7153fdebe5930c5386e29 |
| SHA256 | 9a07c24b8b3b0b586b013a3c0734696456bcbad0926644d1969e152fb4ba2012 |
| SHA512 | 800b799dedd7a5f5d63a419b4b3e1e09abaf9df90793a8fd6ef2fe1a0a0e148f5ad3ff527bb4d9640532758d7d1dc5ca6c14d1376b1011881c0278f847c0087f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | c5b642d5f0f040e9650e680024144452 |
| SHA1 | cf62c45af549334785f0426a7d42033e006fbf38 |
| SHA256 | 92b1fe0fb514d6f434af4e2af8eb25913ac0c0107be03ffb2fcab8f7f04fcfdb |
| SHA512 | 88a4f82d4d80ade0710610959fd0c86c5d5094c42677a5513ca5266ba855c2b53705ae041905226c136d3a380254e6d56b5e792d2f178bf101533a71af150207 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BRAND_COMMON
| MD5 | 89eaa2131f58f4e3ef79e7f161bf9fa6 |
| SHA1 | 0538efcabb569f0f96d27b857ea6d72a97aaf625 |
| SHA256 | deee73c72269fac306789c9a5f9768743ba6e4cb3107513faa3f68ae564b96ec |
| SHA512 | 159b10393436a0c596aa506fed8753bcc6fa40b8b9060a439d32cfd5f5fcf2086d2f78ebff1875df6e390c089f83fd98af46e14792d6a7c834f13f4afc0d0050 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
| MD5 | b384b2c8acf11d0ca778ea05a710bc01 |
| SHA1 | 4d3e01b65ed401b19e9d05e2218eeb01a0a65972 |
| SHA256 | 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b |
| SHA512 | 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be |
C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\brand_int
| MD5 | 5759d6b0f32889fd68cd5405e13ea540 |
| SHA1 | ac8f7e15cf6969a14bfee188051d7c616f33f743 |
| SHA256 | 7df21eb7620d75f5aff07f7d1201e31ece3adc7f5685b54a6d0fd20a2c43c119 |
| SHA512 | b80047937970c67990cd78d1ae37b4a376cd92b376098eb166a113697d2e6913fb56ba60f5f9f5c4f51aae956158b1050dd6b8249fb6d95c65f789fff7ac8e62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
| MD5 | 4f4204ca6f9dbdefed65431e0d098e97 |
| SHA1 | f7f84842ee09e79b6d0cfc0ff0b2eac1dc34c59f |
| SHA256 | 92b0ad5f9eca16316e7ae307882816e4c6d40ed55af9fab98dc710951bee9cce |
| SHA512 | 17037175acd0797b88bc1e874dd79d9c36d0c740dc8b232a0fb5f0dc139e71fbfce10a14ddc6ce463fc6da0c9e76399c04e6929dcd36bfc7962d7223a13458f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7
| MD5 | cb848cfc89680eeb6efb986aa3ce014a |
| SHA1 | 60635f911c35bf9ae902239b3a4ecde7cdca9bd0 |
| SHA256 | 63ca4b058ecc3a98aea5073fb9e9c4aed4d1d4e30a5ea621ca50bde7f4ced222 |
| SHA512 | 193bc3b35816bc4e3c3a327360b02abfcbc52fb9bee75d4f56a6af5f9a4c78e985099d17ddd12ee98e4c3fc0e954fa488b1ab94ab4900da786d9799ab1ca8245 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | 13f1eafc777b2b679e11196beb890dd2 |
| SHA1 | ec3997038b51c65dd86151941310d5a81d79f439 |
| SHA256 | 0ac214f927d602ff2a4aa3fb178ab0489261d207dfbc803f7317265aa326f9e7 |
| SHA512 | eb8154daa6c8f39b0d2f58c4747e92510ee2a7c7b99137213417f9940e498003d0f7a5f41aa88fa498f704d17e79f46812099f669cb196a7c090a5a4c30c2526 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E
| MD5 | 91c7d016991bd227b1c7291772f53a3a |
| SHA1 | 2a54a29b314fc7f381f937115e4b9c0f421b14df |
| SHA256 | fc47a9acc0da7efb07544fb8609cfa360cd840e6c83f412614015fd5520bfc94 |
| SHA512 | 33f0defb4bd7b23c8d1f60cfc84a79e12942e9a6204537e7de976a42d806562d6a1665ecc47a178fee507253985cf33514003d749880c978e0c1deb5995bb015 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7431a6be24166d1b99ea303affea0440 |
| SHA1 | 357cbe81fd9eec932e832f36c5eb245ffceed48b |
| SHA256 | 12423e0621d4bdee52b7571a2d535039cfce95ce8078347d56bb9f9f36ee9557 |
| SHA512 | 8fd47a33cb467cde793bae3283bc7fb350a0c538cbf26a9b15bfd13b9f55016cf850f3c6538f39f388972725cdc9a52641e065b9c1715b5c9636c06e9e9f86d4 |
C:\Windows\Temp\sdwra_5292_470211609\service_update.exe
| MD5 | bf41f8b435b3f60dc71829aa4cbd73f4 |
| SHA1 | 33079b8e8525872b0640b727541112b6bb83cc11 |
| SHA256 | f2c822e9e553d0432be8acb4cc561743b49fe11c6bb07a6d730a88bbddd40adb |
| SHA512 | ace1bd09acd2967c3b331cc173903d81ec7fbda4318a833627b0ef307e1f9cc4af1491a95f64e24394d1230e21364cd3a505cc39196be105de38e1752734d208 |
C:\Program Files (x86)\yandex_browser_service_update.log
| MD5 | e4873686b6c7e3b3e67e269c39560a9b |
| SHA1 | 534f9119e5f1e1d2c4ed0f105ee0fbee45a23ff9 |
| SHA256 | 318fe1c4e1e59ea488a5a63aa81ba15dadcb948f0d55d3ef6726ae900c87de8e |
| SHA512 | 9fa583d5fec542404661bc843d508f01bc499ca7406345d7e8ec98da4ec6b04c01865620dc3252eb1b3a71db6b96815da0cae319623ce49c7e4615954b007340 |
C:\Program Files (x86)\yandex_browser_service_update.log
| MD5 | d763eeebdd4bf4e9200f1e8b6f7950e5 |
| SHA1 | a3be1c32c3827c1d757166deecaadbdba99e5c7b |
| SHA256 | 729b0ad65e8e141bf423d8c957e62932ff1f71e955d7dfd2a3222da2f949b29b |
| SHA512 | c29afd818d597692b04799f9a5d2ab8513d7522df3e1e7d1a1289b00467c23b12d684bff5441a250833284edecb27c558bdfc05feea55df488ca82415d0f9a49 |
C:\Program Files (x86)\yandex_browser_service_update.log
| MD5 | b688f7fc273a07b67800ec7e52d482d4 |
| SHA1 | bce668bf4e9ce5076497cd8c091a2940daa2a87a |
| SHA256 | 10865177ff26aad96dbb7a599890405884a459b5e761adb8390a375e29333ece |
| SHA512 | 6de30ab8f4faa1dd4000e60aaf66176edc4138ef46819b20135225562d3898ecf9bc2d0faa5e8e33e2237acaadaf81bc5402a8d89574bf4d2c0349e1169a2eb7 |
C:\Program Files (x86)\yandex_browser_service_update.log
| MD5 | 8aa79c2080680bdb652b76aa2ed52d50 |
| SHA1 | f6cd0223baa3a4445420014f45ddf5e38a16fdb0 |
| SHA256 | 05ca3da21deaff921ef41f3a1a0bf11b86d104028ba3ce05995fc75e2ae6bd1d |
| SHA512 | ac2697cc6adb1d216fa0d79051994710bce07bf4cf77329f882a8664464bd4953fe34cc48e0df7acd92ff6fc680d39ed104b72684417ec7fee6be8074f54a9cf |
C:\Program Files (x86)\yandex_browser_service_update.log
| MD5 | 9d1dfb8722c79c943a430da0aa1ff910 |
| SHA1 | 865a7603b60b89eef204d4e31ddacbb135acaa27 |
| SHA256 | 14515e3951eaf7dcc9485a91931514f40a58094bd443d4a76f2c01a4c31244b4 |
| SHA512 | 3697f93a66ffda2431e22dfa8a6330d493ec36ffefb25fdcdc59aa0f4dcc808536b3a584d6463735692e68c49da2c432457668eaad644705df8a270e45dc293a |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_ru_2x.png
| MD5 | a6911c85bb22e4e33a66532b0ed1a26c |
| SHA1 | cbd2b98c55315ac6e44fb0352580174ed418db0a |
| SHA256 | 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23 |
| SHA512 | 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\import-bg.png
| MD5 | be2acbae1c7b09125a85c5517a7dd70c |
| SHA1 | 091dbd354f830ddf74258b337dc4f7177a860d1b |
| SHA256 | d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010 |
| SHA512 | dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_UA_
| MD5 | 1af7c65a09f5b23c8919656a631580db |
| SHA1 | c9dca1523cc25f50bdd8d5ce2d354abb40cf6e5c |
| SHA256 | 71f09d4dc7592990580ad74d2f5262c29f98f72e11319daccdbcd1f095cec3f0 |
| SHA512 | f39f7490857186663577af939c802757ba35a8b15fd0d7acc9786779f5cd2e179dc41d5b89695abaeaf1b6acc9d20b5754e6201f2ffe55c393e8fedb3ac24eb6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_light\neuro_light_preview.jpg
| MD5 | d72d6a270b910e1e983aa29609a18a21 |
| SHA1 | f1f8c4a01d0125fea1030e0cf3366e99a3868184 |
| SHA256 | 031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3 |
| SHA512 | 96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan.jpg
| MD5 | c51eed480a92977f001a459aa554595a |
| SHA1 | 0862f95662cff73b8b57738dfaca7c61de579125 |
| SHA256 | 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec |
| SHA512 | 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\configs\all_zip
| MD5 | f7ca8fead90bcbc1c3a1a84522ee16b3 |
| SHA1 | 18c01a06df1972ceef8d496580f4bfaa66775f50 |
| SHA256 | 5bc1b0a641b68a04607963210cdeb39bb4e08de392175b23e20abbc6b19ffbf4 |
| SHA512 | ee5871159f5976cb42ca3062f383aea6296e58cbce449a2e12dd8514e9b0b576e8ad7ed9f7407c910c57d167f17ee9ceaeb675668233ed99e40f3ef7937b8a64 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json
| MD5 | 909b09582eadd71cdfd92d615ea70a87 |
| SHA1 | 715f244e8c4b306f26649167a2186a598f65f3df |
| SHA256 | 7bbd3e9581b9990cd48933c7b6ed0a22216db7f3544daf510b4acfadcab0426a |
| SHA512 | 95a6d43d88b88bacc7ad49ea40b1797f28c2fe835f8c5287b13426581088154d952803c8461d6c311520fa3b92ceae4ee9f9328a9e70ceb9b48be639f948cc4c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json
| MD5 | fda6c7f7660e9be254ef3745b8dcc4c0 |
| SHA1 | 953062beb6ba234633f1de0a6964e7dec3ba2cf0 |
| SHA256 | 29660aabd512c66468f36862bf0087855e4c18bee937e9d1a403d548f0ce1b8c |
| SHA512 | 0b18601b8771071d601c00a8ecb687d807ca4c785c387701f6dff99566fab72227b9af84a17bf9c40a583c2501d3c20cb93681f4a1f6cb0227e4dd5b5a005077 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json
| MD5 | 4c817e4c2d0ed4b5603e7192da413a6a |
| SHA1 | e70fe2b6c5548273bc00b8863e0752c7bf93ad11 |
| SHA256 | cbbda477eaadbaf9fc385bff50dfaf9af360dd82fd8b345209456d8da580273b |
| SHA512 | 39a4796f25ee166dd8a079b3556b1e50d9e85a1bad8a9229a428a9d160411c7362fdf05db872ff167ce23f7769de582f63155863bd3e06313d49e71841f369ae |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\stop-words-en-US.list
| MD5 | 202e1cc3e24e0a76bb1fd8779ddae5cb |
| SHA1 | 7566a9437663e808740ef75c9a79f414daa6b44d |
| SHA256 | 95984aa8caca82fc5c2ac6721e17206e45f12404567bf05bf397131ab83cef58 |
| SHA512 | dba1d7714da25c670cef62d22638ba759add34e26e69666973e26b7e7542b7c04d3694bb0f22ec2b7f89a33e48b3546507a108a385ba5945e0d293f501511717 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\dictionary-en-US.mrf.sig
| MD5 | 197eaa00216af72690c09b8b82211809 |
| SHA1 | 1e49ba86b771b391b63335fede7614f5ac427f84 |
| SHA256 | d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c |
| SHA512 | f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\dictionary-en-US.mrf
| MD5 | c8a293e130ee93c08592f0f5ba9616a8 |
| SHA1 | 49e7d245af097bd28af5ffa503858830cd45011e |
| SHA256 | fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3 |
| SHA512 | 9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\safebrowsing\download.png
| MD5 | 528381b1f5230703b612b68402c1b587 |
| SHA1 | c29228966880e1a06df466d437ec90d1cac5bf2e |
| SHA256 | 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04 |
| SHA512 | 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\abstract\light_preview.jpg
| MD5 | 9f6a43a5a7a5c4c7c7f9768249cbcb63 |
| SHA1 | 36043c3244d9f76f27d2ff2d4c91c20b35e4452a |
| SHA256 | add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b |
| SHA512 | 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\abstract\light.jpg
| MD5 | 3bf3da7f6d26223edf5567ee9343cd57 |
| SHA1 | 50b8deaf89c88e23ef59edbb972c233df53498a2 |
| SHA256 | 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896 |
| SHA512 | fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\wallpaper.json
| MD5 | 662f166f95f39486f7400fdc16625caa |
| SHA1 | 6b6081a0d3aa322163034c1d99f1db0566bfc838 |
| SHA256 | 4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5 |
| SHA512 | 360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\preview.png
| MD5 | 0474a1a6ea2aac549523f5b309f62bff |
| SHA1 | cc4acf26a804706abe5500dc8565d8dfda237c91 |
| SHA256 | 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f |
| SHA512 | d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\custogray_full.png
| MD5 | 55841c472563c3030e78fcf241df7138 |
| SHA1 | 69f9a73b0a6aaafa41cecff40b775a50e36adc90 |
| SHA256 | a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45 |
| SHA512 | f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\fir_tree\wallpaper.json
| MD5 | 8a2f19a330d46083231ef031eb5a3749 |
| SHA1 | 81114f2e7bf2e9b13e177f5159129c3303571938 |
| SHA256 | 2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1 |
| SHA512 | 635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\fir_tree\fir_tree_preview.png
| MD5 | d6305ea5eb41ef548aa560e7c2c5c854 |
| SHA1 | 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d |
| SHA256 | 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080 |
| SHA512 | 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\flowers\wallpaper.json
| MD5 | 4938bc67f6e2d6e8faeb7ba9ca8dbc69 |
| SHA1 | 7600cfbe9d5e6be6a12642670107857abe36e383 |
| SHA256 | 3bdb98cfc0379426a56ac7813f4bdd4787bea9ee8a65b7914e62226e584ac977 |
| SHA512 | 27b680deb837cf7831c2d865f210fa1321fe5a2ee885be1dc058916ae0fa0e6fcf9c9f9de4ee86806dd3ab271c47f79ab621741664b8bdce7be117ff52ef6c85 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\flowers\flowers_preview.png
| MD5 | ba6e7c6e6cf1d89231ec7ace18e32661 |
| SHA1 | b8cba24211f2e3f280e841398ef4dcc48230af66 |
| SHA256 | 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003 |
| SHA512 | 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan_preview.jpg
| MD5 | 1edab3f1f952372eb1e3b8b1ea5fd0cf |
| SHA1 | aeb7edc3503585512c9843481362dca079ac7e4a |
| SHA256 | 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212 |
| SHA512 | ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan.webm
| MD5 | b78f2fd03c421aa82b630e86e4619321 |
| SHA1 | 0d07bfbaa80b9555e6eaa9f301395c5db99dde25 |
| SHA256 | 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56 |
| SHA512 | 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\meadow\wallpaper.json
| MD5 | f3673bcc0e12e88f500ed9a94b61c88c |
| SHA1 | e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0 |
| SHA256 | c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a |
| SHA512 | 83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\meadow\preview.png
| MD5 | d10bda5b0d078308c50190f4f7a7f457 |
| SHA1 | 3f51aae42778b8280cd9d5aa12275b9386003665 |
| SHA256 | 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238 |
| SHA512 | 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\misty_forest\wallpaper.json
| MD5 | 2b65eb8cc132df37c4e673ff119fb520 |
| SHA1 | a59f9abf3db2880593962a3064e61660944fa2de |
| SHA256 | ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d |
| SHA512 | c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\misty_forest\preview.png
| MD5 | 77aa87c90d28fbbd0a5cd358bd673204 |
| SHA1 | 5813d5759e4010cc21464fcba232d1ba0285da12 |
| SHA256 | ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711 |
| SHA512 | 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_dark\neuro_dark_static.jpg
| MD5 | e6f09f71de38ed2262fd859445c97c21 |
| SHA1 | 486d44dae3e9623273c6aca5777891c2b977406f |
| SHA256 | a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86 |
| SHA512 | f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg
| MD5 | 29c69a5650cab81375e6a64e3197a1ea |
| SHA1 | 5a9d17bd18180ef9145e2f7d4b9a2188262417d1 |
| SHA256 | 462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66 |
| SHA512 | 6d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_light\neuro_light_static.jpg
| MD5 | 9c71dbde6af8a753ba1d0d238b2b9185 |
| SHA1 | 4d3491fa6b0e26b1924b3c49090f03bdb225d915 |
| SHA256 | 111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e |
| SHA512 | 9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\peak\wallpaper.json
| MD5 | f0ac84f70f003c4e4aff7cccb902e7c6 |
| SHA1 | 2d3267ff12a1a823664203ed766d0a833f25ad93 |
| SHA256 | e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658 |
| SHA512 | 75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\peak\preview.png
| MD5 | 1d62921f4efbcaecd5de492534863828 |
| SHA1 | 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45 |
| SHA256 | f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab |
| SHA512 | eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\raindrops\wallpaper.json
| MD5 | 5f18d6878646091047fec1e62c4708b7 |
| SHA1 | 3f906f68b22a291a3b9f7528517d664a65c85cda |
| SHA256 | bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd |
| SHA512 | 893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\raindrops\raindrops_preview.png
| MD5 | 28b10d683479dcbf08f30b63e2269510 |
| SHA1 | 61f35e43425b7411d3fbb93938407365efbd1790 |
| SHA256 | 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b |
| SHA512 | 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea\wallpaper.json
| MD5 | 92e86315b9949404698d81b2c21c0c96 |
| SHA1 | 4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93 |
| SHA256 | c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65 |
| SHA512 | 2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea\sea_preview.png
| MD5 | 3c0d06da1b5db81ea2f1871e33730204 |
| SHA1 | 33a17623183376735d04337857fae74bcb772167 |
| SHA256 | 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086 |
| SHA512 | ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\stars\wallpaper.json
| MD5 | 9660de31cea1128f4e85a0131b7a2729 |
| SHA1 | a09727acb85585a1573db16fa8e056e97264362f |
| SHA256 | d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294 |
| SHA512 | 4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\stars\preview.png
| MD5 | ed9839039b42c2bf8ac33c09f941d698 |
| SHA1 | 822e8df6bfee8df670b9094f47603cf878b4b3ed |
| SHA256 | 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689 |
| SHA512 | 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\web\web_preview.png
| MD5 | 3f7b54e2363f49defe33016bbd863cc7 |
| SHA1 | 5d62fbfa06a49647a758511dfcca68d74606232c |
| SHA256 | 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8 |
| SHA512 | b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\web\wallpaper.json
| MD5 | e4bd3916c45272db9b4a67a61c10b7c0 |
| SHA1 | 8bafa0f39ace9da47c59b705de0edb5bca56730c |
| SHA256 | 7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01 |
| SHA512 | 4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea_static.jpg
| MD5 | 5e1d673daa7286af82eb4946047fe465 |
| SHA1 | 02370e69f2a43562f367aa543e23c2750df3f001 |
| SHA256 | 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a |
| SHA512 | 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea_preview.jpg
| MD5 | 53ba159f3391558f90f88816c34eacc3 |
| SHA1 | 0669f66168a43f35c2c6a686ce1415508318574d |
| SHA256 | f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e |
| SHA512 | 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\mountains_preview.jpg
| MD5 | a3272b575aa5f7c1af8eea19074665d1 |
| SHA1 | d4e3def9a37e9408c3a348867169fe573050f943 |
| SHA256 | 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8 |
| SHA512 | c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_TR_
| MD5 | 9aac83dab47ce1228e8819cdcf1cceb4 |
| SHA1 | c3d60af194dc7be089ea62750ecedbb6e5fa16fe |
| SHA256 | 199b7586e0d25718342e3657eedbe81d20968759af4a8a63b04eb9ac6ee56d5f |
| SHA512 | 3cf47d3c13c752222a34a94896c005db96927c2d5d4c132655bd7a84bfb9607a0feeccefbfae8e98467cd8642c31d843bba4c6293007ef071d91e7dcfc8bf1b3 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_RU_
| MD5 | fbd7c40aa538b758a4588a07e88ac57c |
| SHA1 | af30b54822bbd0674cb1ea9a51be19b7a78d43b4 |
| SHA256 | 4ff2f383821f2e77878e4e624aadda8d4fc942e54803c69747da41c9988919c8 |
| SHA512 | bb183fe4b7f197bcf1ef72b5095cf41065f288c1426b006a6b99873969592825b623eeec51642a98fa783f6d7817766747a3f1209c8344559d21614f12c58448 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_PT_
| MD5 | 0dde45f225a4290e59bfb55c80d4a51c |
| SHA1 | 3ebbbbb509d51a7c8e5cf409068644ad5ddbc09e |
| SHA256 | 8acb93ee7331e6b12feb81102b435c4bc044c614ef0fb8e69d2a0116bfe33d40 |
| SHA512 | d250d3891165505eb1fb7c5d2ccad397428785e8a6bb689dc56b55f2313f4b11bf402132d6f34ab6e9192453c43b74915bd7ddfafaf1716a954ccabd8b4d28c7 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_KZ_
| MD5 | 7a9698fd54deaf12679dfa246adf5b60 |
| SHA1 | e824691b404a9aafe617c9c88e2063aaa08794bb |
| SHA256 | 8ff43d0de20a9e37107bd6428d6ac41843fe4f8261b00b8cea5792b72e365122 |
| SHA512 | 805d72d8ade2e2018e7dba83bfdc292b3cdc4dff9746e717d74f5955466e55f67f8d03076bf1a6c5f8be37e77f8aaf855044b8b28a0e7f39580dad009fea4e8c |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_JP_
| MD5 | eb6d55790b6164b73e275c2401ad0550 |
| SHA1 | 5c47d0c866925eb05a4b59986921ed60f8a612c4 |
| SHA256 | 61f5b2ef85394c0034cfb05b650d7f4d9d79ffa87f2f6448566929f27a11411f |
| SHA512 | 0d4915979764f168b320e5152adfc18b186c5c966a3d42ba02c81bd5041386e08a89c818aa79d1c76304a3c9a3971982d5c97fc0493f19c1f283a64317acf9f3 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_IT_
| MD5 | da963f528183e2c335b3523c5b5e667f |
| SHA1 | 1b63bc824508cc978916ad6ace199d8058ef53dc |
| SHA256 | bdc01e40b4ac8d262d616d31bef7d8bd2784c918ec9ea76e2be929bfb554585e |
| SHA512 | 8e1dca38a869a00bf7eb86b4173850631b1085068da2b49a184ef68029e03b8fe1906d8d0df2f6a5457905570b6dad57191a8175d6581a50092d531bda672e73 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_ID_
| MD5 | 2271cc49e222c5fd558572fe9d7808b0 |
| SHA1 | 6dbcf76e96e67434b8b9f294a61d1185afd9cbba |
| SHA256 | 8a4d261a6344c0eca555038eab21dd54d68c3cfbbe6eb11e7792c33f12537d03 |
| SHA512 | f3c5b9480dda3b8d7d7c36e5b2d4084c776ddd92d3a1e8086b9bb447486060ba07fb3d7ad9c8a15421d19b82b4e61f60057e94da726e5c8a7362438fa8b1961d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_GB_
| MD5 | efda29551136fcc4de2ab4092ff02e21 |
| SHA1 | a911fb873c1221efd99e9ca330435788aea01a75 |
| SHA256 | c491c7db179d23b53ec7f378f280d971d7b96d738187c1377fed5bc8c89a652c |
| SHA512 | e650b8b567dc658720cf74d8eb5cb6d51b4685f208232b9510a6b8739f8caa7f1d5e5e7b20a98b0b856ee56dce86cdae3eb7cf1b83974cb473011253a0af5c25 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_ES_
| MD5 | 1c5d71e5a413ad550a08fe785f11d94c |
| SHA1 | 6c90db1ac6f5aa58202ee350f4e53ae3971be2bb |
| SHA256 | e60f38def5e81c8784a6e09c61bb9577e3bba62a959d01a1a858f1ac30b61643 |
| SHA512 | 5a74f8161ee5cbca1d935186b28d3650a6632be8d9b558996043decf0ebe05ab81af5ad8d94aa4632e370e596e9db9912c8e08bfaf0e1ef127c0cfd4d059b3af |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_DE_
| MD5 | 4757da1b4ddb8085be308d987b150a35 |
| SHA1 | ce3492d4efa7f87e29c6b53aa7e3ac6d9ee95152 |
| SHA256 | 9133f9eca9355387159ecfecc7158796305713c4046445d601eb5ded5fc0d3c3 |
| SHA512 | 025d1e09494ac470f0cdefea6136d928d47f5f795f105603b43f37e43884e2c73da15757dc24f6793760bcc11501a2a4b3832a31f213c6751da20fc866ce9d72 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_CN_
| MD5 | f2826b7f3232265257d6efad0c443d21 |
| SHA1 | 9da0d12745e199ac3f30f92c672b4dc97f35c75c |
| SHA256 | cfb1791b0a72d00fde5675da5c041fc2de53123b5f5b2b2129237404eb8ba482 |
| SHA512 | 4a8ac9dda75df8016e9b367b5d76afbab7f4f7f6fdcfe7f36d6273b7709fb992c377d21954a3665c234f84f640342b90161965e5dd09942ff8fbeaa8cccf7b8d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_CA_
| MD5 | f8495a109372348b2f3aa8fd41fac4f7 |
| SHA1 | 77c42c500e5a0889ad83d7693c6988b091a45012 |
| SHA256 | 3b5a77e2a5d9bd96d68ae95981d82aab133fca44110622fcf5ee7e12dd667ebd |
| SHA512 | 19126463e599d7a41a7b1815ca8176a7aac922ef39807c262ae15671bb49c0244e884094b361a20554c08e0aae028155d6608f080fd0d72ee12d36185ea203a2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_BR_
| MD5 | 6a8fa7f8a6893d052627cd428d1e3237 |
| SHA1 | 81422d8c739a136967a6bf77167bda1afee1280c |
| SHA256 | 71e8cdfe763f3479b399ffdb8dacd136e118c52b9d980e75e97a41e592cd258c |
| SHA512 | 86bf094a4b2d7d13ac1d9d872458ca88cadca6744a638173e0425f4eba5ff624343de2c9b9ef38502174847e0b4f00ce768c7fafdf8e7f8a9ad1d1c2fb308d42 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo
| MD5 | b8aca2f09f3c9ecbd1c848007c3fd8b6 |
| SHA1 | e81fc8e2512026f9df9a661529a1e7a9ce0b2ba3 |
| SHA256 | a3b688dbadf99ba57652809adf074bb6e441895d0035983fae33912128fdb7cc |
| SHA512 | df4eae94ee9eee02ce2fb7ced9968d9f644369638ec1ff392a15a28c89e4ec112aef966260be4072681f87145eee1460db1ced15b61798e3955c10eed3454a38 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea.webm
| MD5 | 00756df0dfaa14e2f246493bd87cb251 |
| SHA1 | 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9 |
| SHA256 | fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13 |
| SHA512 | 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\1-1x.png
| MD5 | 80121a47bf1bb2f76c9011e28c4f8952 |
| SHA1 | a5a814bafe586bc32b7d5d4634cd2e581351f15c |
| SHA256 | a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e |
| SHA512 | a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_en.png
| MD5 | 1376f5abbe56c563deead63daf51e4e9 |
| SHA1 | 0c838e0bd129d83e56e072243c796470a6a1088d |
| SHA256 | c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62 |
| SHA512 | a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\sxs.ico
| MD5 | 592b848cb2b777f2acd889d5e1aae9a1 |
| SHA1 | 2753e9021579d24b4228f0697ae4cc326aeb1812 |
| SHA256 | ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd |
| SHA512 | c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_ru.png
| MD5 | ff321ebfe13e569bc61aee173257b3d7 |
| SHA1 | 93c5951e26d4c0060f618cf57f19d6af67901151 |
| SHA256 | 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64 |
| SHA512 | e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_en_2x.png
| MD5 | 900fdf32c590f77d11ad28bf322e3e60 |
| SHA1 | 310932b2b11f94e0249772d14d74871a1924b19f |
| SHA256 | fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9 |
| SHA512 | 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\brand_config
| MD5 | 098faca683b8b0981cd1985bcae0e83b |
| SHA1 | dd1a0956bfaac9e4a2ca01bcee213224ad9eadc8 |
| SHA256 | 32589433fa2d8492f8d8d40bbfda0d00ae3aa857e2131fe297e8812d00d86277 |
| SHA512 | ccb279b6caeb5213f2358abaee480e9e6f8eac6d4e5ff389eb14ac0daf7f40d5f8d8fa407a0775032bd699f88116201048587eeda8ab72b7ce64bf369ea195e5 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
| MD5 | 91c000f1c9155d8f543ac1f012f5d39d |
| SHA1 | eb271265141e452ebc2287c653dc60d36dbac7e3 |
| SHA256 | f48f8f19a1e996d763289b5968c53fd07a031e430fd7f8e8ef2f31ac91af5a55 |
| SHA512 | 009b2bc9008d05773bb1a5898dd4846f8c65e4c7953b56918c2e5416d065499d869bf858bff97128551e63a34964f155ce4841ea88d03ac88bb02f01c2960e7e |
C:\Program Files (x86)\yandex_browser_installer.log
| MD5 | 31d5cc9e9cddc1af11faa74c9593afd0 |
| SHA1 | d76b75eac0301cdabbef55827b40fb77bbb8feac |
| SHA256 | 03cae35929240c13c973daf40ae990c9f535b5ab53cc000ee680e223f9323a2c |
| SHA512 | c0ea460e88ac974393b3d1ca378d7bb3ba038c0341917f0a0358589ed900f464f424bbcfb68efccbc733a023e6ccb707e246cb068bd6381a7ac7714e7835effd |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
| MD5 | 804d54676daa87f979d6a92a7a488ddc |
| SHA1 | c82dd8106508000c222a699974609a62ac6293a4 |
| SHA256 | 20fbdf9f2bab4fd5154cf07c3b6e6839f0cb74abc326b7cca10f7c25b3db6570 |
| SHA512 | f6dd881af9da552c563b5645dc7b887686713537bce0d3c08a6eda45f44336bc6dd340ce869397ed3b94e262d4a44b36ded3e5a8bef7043e07bb6543dc5b2d73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D
| MD5 | a356a4bc93f9a93fb44f7d93e0386092 |
| SHA1 | dcd3b98b81dc0dfea8b70063a2c7d3f16f4b5341 |
| SHA256 | d3b9db67871994c190f995d563e12af29d4196a99a67a4cd44f93984445209de |
| SHA512 | 9608c5d0e4e81f73106e6436efb65cb83a1781d9ddc6aaa7701af0017877dc99d9f33e46fc489ef8de06dfa49dcdac04bab0297f769198a8101d4f3a3258d79f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D
| MD5 | dc4ef674729c69dc6f8ce01e7713951e |
| SHA1 | 5218e2fa77c1432e5369892c6a1aeb713f14899a |
| SHA256 | 87042a859dc3b2b263fa84ee65231e68eddd470b69ba3822ee16e5c28af2c6e3 |
| SHA512 | 09ed28945f51d4b3a3f178f5c56ecf298a0a9f573ab6f731eae675235e0c2ea9cce5136045e03ea96fa4cc3f6d0865bfd55065df9251758aa922d1f92e751510 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D
| MD5 | 0eaa430b224ab01a0c709f1579e7e93b |
| SHA1 | 5b9de61696d36a38974848124c125def7d3cd52a |
| SHA256 | 46113ddb105d6c3d7510b584230fde04f9144004334fd8a1cfcae7d473c54974 |
| SHA512 | e3f48f612a6e00a38808d07c9652e31d6ac8228a219a511212284837ea6191139c5afbd84942dae65475a243b1b0d86eb4687959e2df30c634e9c752e10f24c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dcd8a3eccfa3b080b522035427d5da9c |
| SHA1 | 0cc65a880867f2108d0e08dd90822f146b3ddbdc |
| SHA256 | 7c0e238dab5c4b9f0cb49d41c7d9452c009542ee3f47c7664a5b03c291401c03 |
| SHA512 | 0c3615a9e128b221b3c69e30945545a27a18cdf2dc18b7f399e5a0dad4593b1642a4f45e17cfa894cd0df2792968a31960f3f393426ae930067c8340cbb6eebf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e16fcbba1b7ac3a2f01ac602184f27e4 |
| SHA1 | b82491bd3b1224d46a3c0ba47e90ff9d585758d1 |
| SHA256 | bb4374fd58237d026569aff309c5601aba1422fafff5c85ab1e8b2a72841daba |
| SHA512 | 6b4fd11f9792ca303f31f3bca653b4d647e8e23bab8149e48cd8f538d0bb5b0449c88d430dd98a47546976cc07d2ee962f5fa832b9c7e44462d65a856c3b60ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe589621.TMP
| MD5 | cc27b3e03388a4b7c2f58d7e21e4b6a5 |
| SHA1 | b54ea4747256ea9cd4f4da5007dd5f508ddfb28b |
| SHA256 | d8e906a2e37b5284f4f0b656e6e835ec9fb9b4764df401a3b4c6201ab5acd915 |
| SHA512 | c554eb8996090b25faf2f47a07b293d32cd9fc4691d48eac7241b9753e3f45356eca5d54a1845eca8f89f6d9643abc72372e7a2451e0c54e6276ed8fb07dc78e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json
| MD5 | 0bf9b3763a949593f332ea04c09f9e04 |
| SHA1 | 3eaf3565f810877c76dfe3233234c3d7a2920489 |
| SHA256 | f3a90f0576e4779de2caf5bdf7a2cafea71a97ae7b9354af936beeecc87eb616 |
| SHA512 | a74a266920a6e8bfa478f315e25560fae9e9d6d399d38d6f49f37bf5594adf68d573d97822cf6d2d302746b3654e7cafd74d4c7841302940a95f82f5202d3b52 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\4bf94651-ccf7-44bd-9c2a-b72b7f86f598.tmp
| MD5 | 549d276aa171e5775b923e5e14d4a29c |
| SHA1 | e2dc59f9558afcf647e4e8caf2e5cb7bf87736bc |
| SHA256 | fd20567aef67980ba32e9cb4979f6a620047d67b6a5d377a27a38967877c15f0 |
| SHA512 | e32074ac38b9f262aff7b415f6705cf7c6847f090b9ea3be6c1284fc79eb58f90add2b39b128ccba36af5636e9d545a6006c5e317db6aa9ad8a82928f31f0d45 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | ec2bc3b809757454b9d4d7425b134490 |
| SHA1 | c843dca5db11eefba43810c02776c4b04fb75e8a |
| SHA256 | 9851a97d71ea6fa84345bb67efbc74639407961803000fed97c4357ccc67944d |
| SHA512 | 7118aef10c47818cc9c2d1ece1a48b6458b05bbbab27e28df767646540817f5b132d42f82b4806b02acfe4922230f3e90383e519790ce0ea545afbf580516d8b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\f9518420-d457-4cdf-9d8d-fb47785747fc.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe589cf7.TMP
| MD5 | 5ce9671d2e41f828c55605888b218655 |
| SHA1 | 445c39e45fd1abe035030debfae3c88b7061d9e7 |
| SHA256 | 4055c354e1c04ad0456cd65b8884681774217d9be0af80892752897a1c4e3c77 |
| SHA512 | b8bb6437236af99aabb9fc2b9244c94f7d9f4d0a5829918287bb696bb6d4ae6b708c975474ade0da2fa4604c92e31df6ce3eae213280b26c42336e936579b8c8 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | a04c509e350482421cce4c1cbf68e577 |
| SHA1 | bcfe0df3d8270c06c87526e27755614fd318d137 |
| SHA256 | 649244db118fa9a3b437db186f26fa534315ac98597d7ccfa84e287e2b09679f |
| SHA512 | 7ed9593b6dc6a01a450318788134da1d100d9784dc94f07c3a3f80deba5fda793f1c0d9d78faf225f3fdb24ef6cce8994c3967ef64affd687287a333bc967b6d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0b653c76-ec56-493f-881f-96cfec9a8a36.tmp
| MD5 | 54497ce2271deb0e673ec048b44da343 |
| SHA1 | 5f886314234b7aa6a4da5efc937a9d63ed007727 |
| SHA256 | 3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b |
| SHA512 | d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences
| MD5 | 3d55081d5700612ae1fb4f2bc9aee8e2 |
| SHA1 | e192c118695aa4c9e435578a3a5a008474d9cb23 |
| SHA256 | b4b35f04ee88c95d1e1fece144b70ed87103375ed8f6398c12317642a804d8ec |
| SHA512 | a747495044178e54ca2659605534630f800536f98cc6afdcb7122f56ebe72644cecf575b4490579853850119e55e4067372f99be9572209d52961de752020ed6 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe589eeb.TMP
| MD5 | 423991eae8521aec09a7a961c878e843 |
| SHA1 | fae9b74f95206423aed0ed210947f28e4cc53692 |
| SHA256 | 877c101919eeab749de66d18051b2029e5f3aab8575bb71eed4bf474d9c65349 |
| SHA512 | 296ab711dbf06b89cb6f33a4cd526be09c78dfa8315d164f875b88e1f793441d7347d1834c3e050a9dfea80ea99e1dd01a5167e9bd171f580846d907ebc83429 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\a1ee86e2-92d7-4da7-8e9c-a0daf8543812\index-dir\the-real-index
| MD5 | 030bbf0ecc0626ec15944b67bfe16ff4 |
| SHA1 | 3d6496679306957244d7041e2e1829cc9da94136 |
| SHA256 | 7d32598a1137134cdbb8d3f4a644c0470613c4ed15615073df92bc01e41c6e12 |
| SHA512 | e67531c451ee4f735cebf7d445718ce235ccf09c4def93653368879e5bc46ea84965faf6c88dc54ba2e0dba75139c553dac091830f62ce4d300b467274703939 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json
| MD5 | 1a06e08dfed875c7c748f64c025271e4 |
| SHA1 | 59a6141df43098a3c310c1270a7ff7f0cef5835d |
| SHA256 | 43e05d187b826422c36e4c9acb77808bca80e7cde5b84a686b93eb2437984c97 |
| SHA512 | 8c719eefed7204e7938525652ff9fdf70278bdcfe004cb8d2860a20545410f1833cc1af03b84a4073b520557a367bbeae996514d1a855da0ebfe95c6a600ad71 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe58a1c9.TMP
| MD5 | 1d59a0a6c415adab506916c65a193662 |
| SHA1 | af5ad5bcca658cee30578922da38de57ebea9747 |
| SHA256 | 1281e37e94ff1db893a3c5ae1aaf5f3d04448abaa0cc394c7485dbee4cdca616 |
| SHA512 | 0ff4c4fdc59bc138b502e27146b9ac40803a6726d34a65d35e577c123d2f72c7b6fa324dce0346e32d6514a9388927cda49d852d44642afb54c4bfce970f2dfd |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\64.png
| MD5 | 8440c3597e83ff1c7a7cf59556cf5a2c |
| SHA1 | cb5f1dce00457d8475dae15df3dd71f66c43060e |
| SHA256 | bf089d45819bf9d044583525c34ec0a1199fbd8ae1858f8d3eea07ee332b2a59 |
| SHA512 | 5b00af8c7ac557c8bc2ec9f9afee1e91cf06c33ee3deabfec7dd4b382a12ff0a942f90c501c44e66b38f38e448b465fa55a8c74e8afbb357e3c2e1381aef4628 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\256.png
| MD5 | 1535a76a498b65bee06ded1c5f50e4a1 |
| SHA1 | 018661eeef38f3d500aedbfe207d832b0f90a42f |
| SHA256 | 3bca4e4770c35facfc30643c961cdd582df578fbe5c8dc4fac0b58bb11dd4e5d |
| SHA512 | 87005610e053dde9f81f2f86e41170b6470678a8dd6963b0bb979e1ae0c493c204f93fdc002a4cf76d17bf627750968802dd0773afe5d5cc6a8fbd4a8425f3bf |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\128.png
| MD5 | e4e50cc5b187d2c380bd98cda0ce9140 |
| SHA1 | 4b9e71a015e7201eedec8b1cd51219b18e232eab |
| SHA256 | b7e5aff778e8930f415ae444c9caa6fc4eb6a26bfee7d80603c6c69a645a2702 |
| SHA512 | fd454ffcbd68f1071dd5d54a221b3f41aee88be38b5acb63bc285d04232da9d13fdb9011a85f87c579043d7987f0863e6ec8b3ac1013454ee6bffa5acf4e67cf |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\96.png
| MD5 | 4f2707f07034b3bff67c301f7e849d2e |
| SHA1 | 3c3fc972f9eb7b670d94b018356a78067851c2d2 |
| SHA256 | ef2af430071fedf5ca3a58ee3370ed517aeac8ed39860cb914c69730f9dec188 |
| SHA512 | 1ef91c533c93ed39246514be9bb4817bc553f755a08c0f36d6f0f40c31a73ccc1003fb422e4ada109d15048c80abb7da2a13bc5a5557ea189bd528c1e3a9cb2b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\48.png
| MD5 | d2febeac064e50019485b7eed903fc19 |
| SHA1 | 83d85f246a6cb8d55d7d159a82163cbca82a5476 |
| SHA256 | 086dbea695a07a1c9a128e217c75f33feed49be7c48b86987928ed1286145994 |
| SHA512 | 592d28728d6278ea1a7425122c88a556e4584107bab883915cd5a7414abfeec2f3ca6efa89b78147399a12943261a80f1931d721363e52e82afe0675a03c63a1 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\32.png
| MD5 | b2e115beeb708b1128414a99e1364795 |
| SHA1 | 7133bd55ba21daa3a1309e89e4ae6add3c7e582e |
| SHA256 | db9a7fa18af97a9ed6d6936b6661da6d5438f3580191a879079e444a1675405d |
| SHA512 | 3760e8ba321ea5265ec92340768b2f8f3247b97751f7998c48694e7890c3521bca126dedaa26272b0b570f2e4338e42b6f377f9afbe581ba7a7d51730379bffe |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\16.png
| MD5 | 4ba9bff449aa818bd40d00277c088df7 |
| SHA1 | 3fd8742ca57a086075239e1c2f76821177aac653 |
| SHA256 | 1532cd8dd902ae80ed72d42304d8a43194cca7d18b0c993fa4ac938a8631b702 |
| SHA512 | 8dee24d83ceabe5728dc4cd38f21de57ae7355db34818976d117adfe37e2687b8630d353dde0d5815354c63b75d960769ad151d0717213924b1a8a1abb406573 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat
| MD5 | 0f4c0ffb7e3dba99130511338df01fa9 |
| SHA1 | 0d2bd9647bd8577511d25d2905b296fd26349a4b |
| SHA256 | c56ae312f0c238f437cc018459e1cd1ef9e7efb1cc39ceec9760ae75ac844c6c |
| SHA512 | c715d880392adbffb42728f5f2ed5fc6f215a391d3bb05899f0ddc9a01e23f965cfe309bf21c02716e34cdd23e30530744b63e3124baadacd08af7fe0718a581 |
memory/5928-2922-0x0000000008EC0000-0x0000000008ECB000-memory.dmp
memory/5928-2923-0x00000000113D0000-0x0000000011402000-memory.dmp
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | e69b930626dcf3d7a6562841d881b423 |
| SHA1 | b3b2d6e9b21c676e9c6c2c356a82527ac59af2a2 |
| SHA256 | a6e3ebe96af4762865b108c6b38e1d677685d45c76cc47a9707eb723f44de958 |
| SHA512 | 647b0c290791e63d03063715841dc056f9e53b741339915f0862e2ee3be7f2b54768e71e3bacc0f76186a74c081ad49bcc8031b399d6a66344543b2d6185d4df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81796305edb2024be5424aee01e4b514 |
| SHA1 | 29896a9e5af8622433a76a52e368bd15216dffd5 |
| SHA256 | fa9bffb84f9737d518773cd7b8843eea42d9f7de8dfed7a728fb22f2c4f9e36c |
| SHA512 | a76a87531da387a48ee52c4eac30530d582724934b8f87e36a1816dedbe2f8032f907afd82a416ab35342289088eb104306801e242f44103c9ed754d9aa4088c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 8feabdb87b20f0415064bcbe06df6f24 |
| SHA1 | 1d15518341aca4dc1b80d0b44f63fc2f685bcbc3 |
| SHA256 | 3505b71f1e1142b69db65223956b36dc0deb5e42490402e98b6bf49d77444042 |
| SHA512 | aeabcee879eef6cac3f08536bcbbad27ba3ccf55b1f1e58a9cb1722ec6a85664288befa570cc82913f2e2ff80d9f3623160b35ca67f861e75c9e4c1706f72994 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | c2eb3847fe60bb74bdacf30db7a76944 |
| SHA1 | c8ff71355e1328bc3d0a04c6861da916ab64b907 |
| SHA256 | a917bde527466bbaca164e099ba5925b2f33816adc6488424564d47927486ff2 |
| SHA512 | 81b74d0fa66100c2d6c073a5ca6701bf32bf5a1ce66b6fdeaada1b128c71397973b24049008bf1e0bf45f1b76c6e3e9bd1dac0faad771b11c716c685dc2356f2 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe59042c.TMP
| MD5 | bcf1a42e5ae3d0059bd133be03665f16 |
| SHA1 | 7d2cf1a019dd4249293c6ccdf46ab84c32a15692 |
| SHA256 | a0d86820621df7c243abf394d9c8ee41df118d96b1c297c07b54d7805a15c573 |
| SHA512 | cd119100cbfa1fc1e6db203dcd41d5225a89d24496e1999ef6a5d739cd3744372917d070b40ad37386ed9c6c584a693120ec7a439d8ef6cd9d6c8a9b833693b4 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences
| MD5 | fb310c1b74bf4b650252f47b4cd13ba5 |
| SHA1 | adc11e1ff65e141bcbcac5bd31013da6e8018978 |
| SHA256 | 0b3a26466f7fcb9925d95dfa27a20b018206f30bb3f6e53ce20c83acd76368f2 |
| SHA512 | ac2cbb9de61f79b78361310190b816ffc17cfe7b761dd074d02865f1dffe24ea30ad3da46bf62c9de03f5a1636550f8d380d8dba8ce63bf08f8221922ef5b970 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 57c6583ea43509334e59759814ff08cf |
| SHA1 | 76e2fd65c0115debfba76134e29fd70e2fdb1bcc |
| SHA256 | e219ca3067cda3b222151a886be13a9c724e2cd67c3d97b569ac09560d4614f0 |
| SHA512 | 478c425ae393e80a1290d4a3697289f6e7dcc758bd9c1cdb12903f9dcad01e582d12b37e3114f07b8f8fee8d76f99f4a914a04fc7f44f68d5af0229211fd80a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | c977881bd63b4862490cbe54b296432c |
| SHA1 | f8bf5c11bfbd6fb07af0db16379383c699949c6a |
| SHA256 | aabd56b92398fa53a5cae0320417d84b9498d7558a354ce12a236f2b69f58275 |
| SHA512 | 781885e26bfbaad5fac0afddf71e20b907b33dfd2d24d7dd466aca15a54f648b7d13fa81ec8da51924e5cc97bebfd3efa7b5453192823ef1979ff75579bc865d |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 585b214813902f41279363a8db4a0331 |
| SHA1 | 3028d61cb7209cf725942921e07a573c190b2dcb |
| SHA256 | 227c2f09629a433a748468fd74234fcca0c748f35bfc2f9b2fe09ef150e7b266 |
| SHA512 | b49bf9c0ff93edf0a0af9245b6194913c53c6a225b02e6465f380d53e4f6104ce5d51a79695149b7094e296b30d9c06d172b29c10e4adf4b03a32595871136ea |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 8063621117cce7a62c661d2f1ddb91dd |
| SHA1 | 188c40f4021e5b63b20c4308b0597a4020234b98 |
| SHA256 | 5dc39dd3aa40603aaa4c9d5f1b8a6c3a1ea3a383f44b515df23c1398492ade47 |
| SHA512 | 60b5225c042e2b5e9a7b8bb5236689e68be9882c075c06f26bce5ec9f6fd9eddd230d0690ad4edad4c5ae3e94ad799c7ba87f7f6848b3cc135117e8aecfcbef9 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\deny_domains.list
| MD5 | 085a334bdb7c8e27b7d925a596bfc19a |
| SHA1 | 1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2 |
| SHA256 | f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85 |
| SHA512 | c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34 |
C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.json
| MD5 | e7314184e67b4501f5048c2e5f181d96 |
| SHA1 | f741a8a1b8c18c8d4974f937ef589b134dde5419 |
| SHA256 | 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a |
| SHA512 | 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 50ae286f328f0d03cc5acf18cc052e32 |
| SHA1 | 8a93f0825eed731d5c635b4daa089bb466c6bfd1 |
| SHA256 | e196925edbe7cc99bcb88280891ce664a72d13a384a19c3c426785c2340d1143 |
| SHA512 | ed4b63ebf65fca30c016318ed306fb001957d1933fdc214b974ad271a4b76cf0bcb881817221ea32ad9140ed2ab9ea6132ae07f0decdcfa1605bcde74543ccb4 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State
| MD5 | cfd79b50847ad2654cbf22535a945ecc |
| SHA1 | ff856673ec89db2ed32c9f02a59da79d1a07f035 |
| SHA256 | 59e19bdd38396f6b53a1dc45d40200e82f870616e488523bf4c5692c2313dde1 |
| SHA512 | ee43ff6d28082f795f26453328c4d94bdadc2908b88b4956ceb7dcd98bbd2511ea59fbc5bcd9b5847e36a0976bd389dcf08547423b1dd8f9ae94f23c7201f288 |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59b4fe.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | f541cad788ab9249a5630381aa2b6da0 |
| SHA1 | e09d3a23b11ea0ba8ea4d39e4ccca3ec3305c116 |
| SHA256 | d2ae77bbd82f275074c99d940559836e4693796c0e385acdca8c633f048d3916 |
| SHA512 | 541be9bec78ca6d2c02db94388bda0997c7d3349a7fccf10fe44ad6281b6a6b66809a283a68047304ff88a7c842867752f8c42378f9784950ba7f4da1b58cf7f |
C:\Program Files\chrome_Unpacker_BeginUnzipping2444_619473589\manifest.json
| MD5 | 15b69964f6f79654cbf54953aad0513f |
| SHA1 | 013fb9737790b034195cdeddaa620049484c53a7 |
| SHA256 | 1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd |
| SHA512 | 7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908 |
memory/5928-3240-0x00000000113D0000-0x0000000011402000-memory.dmp
C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity
| MD5 | 5f16c93e5894b20d4c771fd9ff389cba |
| SHA1 | 81ae05201829654c584fed8a7ebd80579f696be6 |
| SHA256 | b2ef034aabcc5c7528f6ee6739f2bbb53bbeee63889cb060eb0707033f579e65 |
| SHA512 | 06c05b266f70bd9ab0acb1f2fe719f1d443da51c3789e97b3573a46eaddb1ca80f1b8c918fd045f2a1972decfebe712600ac5a72e3c4703af80c48e02537447e |