Malware Analysis Report

2025-08-10 19:58

Sample ID 250630-w9gpasak2z
Target 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer
SHA256 1f0e5d982b4d5f0fb055e2c9aa427ad6930f3ddb7726053ca1c8cd0687617c1d
Tags
discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1f0e5d982b4d5f0fb055e2c9aa427ad6930f3ddb7726053ca1c8cd0687617c1d

Threat Level: Likely malicious

The file 2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence spyware stealer

Downloads MZ/PE file

Reads user/profile data of web browsers

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Modifies system certificate store

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-06-30 18:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-06-30 18:37

Reported

2025-06-30 18:39

Platform

win10v2004-20250610-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
N/A N/A C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
N/A N/A C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YandexBrowserAutoLaunch_45886AE68CD319C7351FF54A1DBD4B87 = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --shutdown-if-not-closed-by-system-restart" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A
N/A yandex.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Yandex\ui C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7 C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7 C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92 C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_HK\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ml\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\be\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\is\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\et\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ca\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\am\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\fr_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ta\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ro\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ja\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\msedge_url_fetcher_2444_92903512\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\vi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\uk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\si\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\offscreendocument_main.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_TW\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\tr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\af\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\az\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_619473589\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ms\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\cy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\sw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\cs\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lo\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ar\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\es\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en_US\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\eu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\lt\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\mn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_65630376\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\yandex_browser_installer.log C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\gl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\iw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Program Files (x86)\yandex_browser_service_update.log C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\128.png C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\zh_CN\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\fa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\hr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\pl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\km\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\page_embed_script.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\sl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\ur\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\id\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\mr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping2444_1491409472\_locales\bg\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\System update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File created C:\Windows\Tasks\Update for Yandex Browser.job C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File created C:\Windows\Tasks\Repairing Yandex Browser update service.job C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
File opened for modification C:\Windows\Tasks\Update for Yandex Browser.job C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\AppDataLow\Yandex\UICreated_SYSTEM = "1" C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\AppDataLow C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133957822678279985" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser TIFF Document" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTXT.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-120" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBM.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.png C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.html C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser HTML Document" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg\OpenWithProgids\YandexJPEG.SSNWQYXUD2B7YHNW3XD5VITEAI C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.pdf\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationDescription = "Yandex\u00a0Browser is a fast and convenient software for working online and viewing web pages." C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Yandex Browser EPUB Document" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.js\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-113" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexXML.SSNWQYXUD2B7YHNW3XD5VITEAI C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexXML.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.css C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.infected\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\ = "Malware Infected File" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.jpg C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.txt C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.pdf\OpenWithProgids\YandexPDF.SSNWQYXUD2B7YHNW3XD5VITEAI C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationName = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCRX.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexGIF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSWF.SSNWQYXUD2B7YHNW3XD5VITEAI\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\yabrowser\shell\ = "open" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexINFE.SSNWQYXUD2B7YHNW3XD5VITEAI\Application C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCSS.SSNWQYXUD2B7YHNW3XD5VITEAI\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSVG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCRX.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexJPEG.SSNWQYXUD2B7YHNW3XD5VITEAI C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,0" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.webm C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexCSS.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexFB2.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-122" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexSWF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe,-118" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexTIFF.SSNWQYXUD2B7YHNW3XD5VITEAI\Application C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\ApplicationCompany = "Yandex" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexGIF.SSNWQYXUD2B7YHNW3XD5VITEAI\DefaultIcon C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexHTML.SSNWQYXUD2B7YHNW3XD5VITEAI\Application\AppUserModelId = "Yandex.SSNWQYXUD2B7YHNW3XD5VITEAI" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexEPUB.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexWEBP.SSNWQYXUD2B7YHNW3XD5VITEAI\shell C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.css C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\.xht\OpenWithProgids C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3001560346-2020497773-4190896137-1000_Classes\YandexPNG.SSNWQYXUD2B7YHNW3XD5VITEAI\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Yandex\\YandexBrowser\\Application\\browser.exe\" --single-argument %1" C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A

Modifies system certificate store

defense_evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1 C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 0400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae0f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff153000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d0020005200360000006200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf697f0000000100000016000000301406082b0601050507030306082b06010505070309140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a01d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef7a000000010000000c000000300a06082b060105050703097e00000001000000080000000080c82b6886d7010300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd1190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8094640EB5A7A1CA119C1FDDD59F810263A7FBD1\Blob = 5c000000010000000400000000100000190000000100000010000000cb9dd0fceaaa492f75ce292c21bbfbdd0300000001000000140000008094640eb5a7a1ca119c1fddd59f810263a7fbd17e00000001000000080000000080c82b6886d7017a000000010000000c000000300a06082b060105050703091d0000000100000010000000521f5c98970d19a8e515ef6eeb6d48ef140000000100000014000000ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a07f0000000100000016000000301406082b0601050507030306082b060105050703096200000001000000200000002cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf690b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520036000000090000000100000056000000305406082b0601050507030206082b06010505070303060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007e000000307c301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301f06092b06010401a032010230123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000030000000ea09c51d4c3a334ce4acd2bc08c6a9be352e334f45c4fccfcab63edb9f82dc87d4bd2ed2fadae11163fb954809984ff10400000001000000100000004fdd07e4d42264391e0c3742ead1c6ae200000000100000087050000308205833082036ba003020102020e45e6bb038333c3856548e6ff4551300d06092a864886f70d01010c0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3134313231303030303030305a170d3334313231303030303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523631133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820222300d06092a864886f70d01010105000382020f003082020a02820201009507e873ca66f9ec14ca7b3cf70d08f1b4450b2c82b448c6eb5b3cae83b841923314a46f7fe92accc6b0886bc5b689d1c6b2ff14ce511421ec4add1b5ac6d687ee4d3a1506ed64660b9280ca44de73944ef3a7897f4f786308c812506d42662f4db979284d521a8a1a80b719810e7ec48abc644c211c4368d73d3c8ac5b266d5909ab73106c5bee26d3206a61ef9b9ebaaa3b8bfbe826350d0f01889dfe40f79f5eaa21f2ad2702e7be7bc93bb6d53e2487c8c100738ff66b277617ee0ea8c3caab4a4f6f3954a12076dfd8cb289cfd0a06177c85874b0d4233af75d3acaa2db9d09de5d442d90f181cd5792fa7ebc50046334df6b9318be6b36b239e4ac2436b7f0efb61c135793b6deb2f8e285b773a2b835aa45f2e09d36a16f548af172566e2e88c55142441594eea3c538969b4e4e5a0b47f30636497730bc7137e5a6ec210875fce661163f77d5d99197840a6cd4024d74c014edfd39fb83f25e14a104b00be9feee8fe16e0bb208b36166096ab1063a659659c0f035fdc9da288d1a118770810aa89a751d9e3a8605009edb80d625f9dc059e27594c76395beaf9a5a1d8830fd1ffdf3011f985cf3348f5ca6d64142c7a584fd34b0849c595641a630e793df5b38cca58ad9c4245796e0e87195c54b165b6bf8c9bdc13e90d6fb82edc676ec98b11b584148a0019708379919791d41a27bf371e3207d814633c284caf0203010001a3633061300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0301f0603551d23041830168014ae6c05a39313e2a2e7e2d71cd6c7f07fc86753a0300d06092a864886f70d01010c050003820201008325ede8d1fd9552cd9ec004a09169e65cd084dedcada24fe84778d66598a95ba83c877c028ad16eb71673e65fc05498d574bec1cde21191ad23183ddde1724496b4955ec07b8e99781643135657b3a2b33bb577dc4072aca3eb9b353eb10821a1e7c443377932beb5e79c2c4cbc4329998e30d3ac21e0e31dfad80733765400222ab94d202e7068dae553fc835cd39df2ff440c4466f2d2e3bd46001a6d02ba255d8da13151dd54461c4ddb9996ef1a1c045ca615ef78e079fe5ddb3eaa4c55fd9a15a96fe1a6fbdf7030e9c3ee4246edc2930589fa7d637b3fd071817c00e898ae0e7834c325fbaf0a9f206bdd3b138f128ce2411a487a73a07769c7b65c7f82c81efe581b282ba86cad5e6dc005d27bb7eb80fe2537fe029b68ac425dc3eef5ccdcf05075d236699ce67b04df6e0669b6de0a09485987eb7b14607a64aa6943ef91c74cec18dd6cef532d8c99e15ef2723ecf54c8bd67eca40f4c45ffd3b93023074c8f10bf8696d9995ab499571ca4ccbb158953ba2c050fe4c49e19b11834d54c9dbaedf71faf24950478a803bbee81e5da5f7c8b4aa1907425a7b33e4bc82c56bdc7c8ef38e25c92f079f79c84ba742d6101207e7ed1f24f07595f8b2d4352eb460c94e1f566477977d5545b1fad2437cb455a4ea04448c8d8b099c5158409f6d64949c065b8e61a716ea0a8f182e8453e6cd602d70a6783055ac9a410 C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1672 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe
PID 1672 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe
PID 1672 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe
PID 1672 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1672 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 5744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 5744 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 3680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 3680 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 1304 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2444 wrote to memory of 2888 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe

"C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe"

C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe

"C:\Users\Admin\AppData\Local\Temp\2025-06-30_64bf5559232c3ab3b2e08cdbbb086580_amadey_black-basta_darkgate_elex_luca-stealer.exe" --parent-installer-process-id=1672 --run-as-admin --setup-cmd-line="fake_browser_arc --abt-config-resource-file=\"C:\Users\Admin\AppData\Local\Temp\abt_config_resource\" --abt-update-path=\"C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp\" --brand-name=int --browser-present=none --disableyapin --distr-info-file=\"C:\Users\Admin\AppData\Local\Temp\distrib_info\" --installer-brand-id=int --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path=\"C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp\" --variations-resource-file=\"C:\Users\Admin\AppData\Local\Temp\variations_resource\" --variations-update-path=\"C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp\" --verbose-logging"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.com/legal/browser_agreement/?lang=en

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ff9a599f208,0x7ff9a599f214,0x7ff9a599f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1696,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2432,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2184,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp

"C:\Users\Admin\AppData\Local\Temp\ybBBCE.tmp" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BROWSER.PACKED.7Z" --abt-config-resource-file="C:\Users\Admin\AppData\Local\Temp\abt_config_resource" --abt-update-path="C:\Users\Admin\AppData\Local\Temp\e708ad55-30d5-4d58-a7b8-91b831567330.tmp" --brand-name=int --brand-package="C:\Users\Admin\AppData\Local\Temp\BrandFile" --browser-present=none --clids-file="C:\Users\Admin\AppData\Local\Temp\clids.xml" --disableyapin --distr-info-file="C:\Users\Admin\AppData\Local\Temp\distrib_info" --histogram-download-time=19 --install-start-time-no-uac=504927510 --installer-brand-id=int --installerdata="C:\Users\Admin\AppData\Local\Temp\master_preferences" --make-browser-default-after-import --ok-button-pressed-time=502411865 --progress-window=524930 --send-statistics --server-config-bundle-path="C:\Users\Admin\AppData\Local\Temp\9b2c4bb6-7efa-4a95-9e1c-21919a39ab70.tmp" --source=lite --variations-resource-file="C:\Users\Admin\AppData\Local\Temp\variations_resource" --variations-update-path="C:\Users\Admin\AppData\Local\Temp\0cf0593e-f09b-4a76-8db8-2d4ef06e1a88.tmp" --verbose-logging --verbose-logging --run-as-admin --target-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application" --child-setup-process --restart-as-admin-time=511006318

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=5292 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x9190a4,0x9190b0,0x9190bc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4708,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5548,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8

C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe

"C:\Windows\TEMP\sdwra_5292_470211609\service_update.exe" --setup

C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --install

C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --run-as-service

C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=4584 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0xb90b3c,0xb90b48,0xb90b54

C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --update-scheduler

C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe

"C:\Program Files (x86)\Yandex\YandexBrowser\25.2.5.953\service_update.exe" --update-background-scheduler

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe

"C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe" --pttw1="C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.lnk"

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\Temp\scoped_dir5292_472186139\explorer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=6424 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x2d4,0x2d8,0x2dc,0x2b0,0x2e0,0xa090a4,0xa090b0,0xa090bc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Temp\clids.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\clidmgr.exe" --appid=yabrowser --vendor-xml-path="C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\source5292_1884432687\Browser-bin\clids_yandex.xml"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --progress-window=524930 --ok-button-pressed-time=502411865 --install-start-time-no-uac=504927510

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id= --annotation=main_process_pid=5928 --annotation=metrics_client_id=1323c0ae4e78499c955c7153e33cb33d --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x71e4fd98,0x71e4fda4,0x71e4fdb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --gpu-process-kind=sandboxed --field-trial-handle=2348,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=gpu-process --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=disabled --gpu-process-kind=trampoline --field-trial-handle=2180,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2616 /prefetch:6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Network Service" --field-trial-handle=2684,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2780 --brver=25.2.5.953 /prefetch:3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Storage Service" --field-trial-handle=2968,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3436 --brver=25.2.5.953 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Audio Service" --field-trial-handle=3232,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3656 --brver=25.2.5.953 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Video Capture" --field-trial-handle=3288,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=3880 --brver=25.2.5.953 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --shutdown-if-not-closed-by-system-restart

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Data Decoder Service" --field-trial-handle=4028,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4064 --brver=25.2.5.953 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --may-use-trampoline-gpu --field-trial-handle=4440,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4456 /prefetch:1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --shutdown-if-not-closed-by-system-restart

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Profile Importer" --field-trial-handle=5136,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=5148 --brver=25.2.5.953 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data" --url=https://crash-reports.browser.yandex.net/submit --annotation=install_date=1751308686 --annotation=last_update_date=1751308686 --annotation=launches_after_update=1 --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2824 --annotation=metrics_client_id=1323c0ae4e78499c955c7153e33cb33d --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x71e4fd98,0x71e4fda4,0x71e4fdb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=uwp_cookie_provider.mojom.UwpCookieProvider --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name=uwp_cookie_provider.mojom.UwpCookieProvider --field-trial-handle=4828,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4420 --brver=25.2.5.953 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe" --set-as-default-browser

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad" --url=https://crash-reports.browser.yandex.net/submit --annotation=machine_id=488dca4c15f9a1d330ad312b391a804e --annotation=main_process_pid=2164 --annotation=plat=Win32 --annotation=prod=Yandex --annotation=session_logout=False --annotation=ver=25.2.5.953 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0xce90a4,0xce90b0,0xce90bc

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1370627623\w.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1920355567\d.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1920355567\w.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1731745139\d.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1731745139\w.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_211098789\d.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_211098789\w.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1703700227\d.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1703700227\w.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_2048261245\d.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_2048261245\w.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1022206747\d.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1022206747\w.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1736104095\d.bin"

C:\Windows\SysWOW64\regini.exe

regini.exe "C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\Installer\Temp\scoped_dir2164_1736104095\w.bin"

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=renderer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --help-url=https://api.browser.yandex.com/redirect/help/ --user-agent-info --web-ntp-url-for-renderer=https://brontp-pre.yandex.ru/ --translate-security-origin=https://browser.translate.yandex.net/ --enable-instaserp --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=2696,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4888,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4076 --brver=25.2.5.953 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4816,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4140 --brver=25.2.5.953 /prefetch:8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

"C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --user-id=A763CB3C-E7A7-4D1E-9884-06F1FEE4D292 --brand-id=int --string-annotations --process-name="Windows Utilities" --field-trial-handle=4672,i,1406900510490092984,13855365061829278963,262144 --variations-seed-version --mojo-platform-channel-handle=4100 --brver=25.2.5.953 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6452,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3776,i,15889953561305322911,9096318160688758169,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.browser.yandex.ru udp
US 8.8.8.8:53 download.cdn.yandex.net udp
US 8.8.8.8:53 api.browser.yandex.net udp
RU 37.9.64.225:443 download.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 cloudcdn-rad-04.cdn.yandex.net udp
FI 5.45.192.11:443 cloudcdn-rad-04.cdn.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 cloudcdn-ams21.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
NL 5.45.247.24:443 cloudcdn-ams21.cdn.yandex.net tcp
US 8.8.8.8:53 cloudcdn-fra-02.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
DE 5.45.200.109:443 cloudcdn-fra-02.cdn.yandex.net tcp
US 8.8.8.8:53 yandex.com udp
US 8.8.8.8:53 yandex.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.68:443 copilot.microsoft.com tcp
US 8.8.8.8:53 yandex.com udp
US 8.8.8.8:53 yandex.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
RU 77.88.44.55:443 yandex.com tcp
US 150.171.28.11:80 edge.microsoft.com tcp
RU 77.88.44.55:443 yandex.com tcp
RU 77.88.44.55:443 yandex.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 yastatic.net udp
RU 37.9.64.225:443 yastatic.net tcp
RU 37.9.64.225:443 yastatic.net tcp
RU 37.9.64.225:443 yastatic.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
RU 37.9.64.225:443 yastatic.net tcp
RU 37.9.64.225:443 yastatic.net tcp
RU 37.9.64.225:443 yastatic.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
RU 87.250.250.119:443 mc.yandex.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 cloudcdn-kiv-03.cdn.yandex.net udp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 37.9.64.225:443 yastatic.net tcp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 8.8.8.8:53 yandex.ru udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
US 8.8.8.8:53 yandex.ru udp
RU 5.255.255.77:443 yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
RU 5.255.255.77:443 yandex.ru tcp
FI 5.45.192.135:443 cloudcdn-kiv-03.cdn.yandex.net tcp
RU 5.255.255.77:443 yandex.ru tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.1:443 clients2.googleusercontent.com udp
GB 142.250.200.1:443 clients2.googleusercontent.com tcp
GB 142.250.200.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 cloudcdn-fra-01.cdn.yandex.net udp
DE 5.45.200.107:443 cloudcdn-fra-01.cdn.yandex.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cloudcdn-ams01.cdn.yandex.net udp
NL 5.45.247.54:443 cloudcdn-ams01.cdn.yandex.net tcp
RU 5.255.255.77:443 yandex.ru tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 cloudcdn-kiv-01.cdn.yandex.net udp
FI 5.45.192.132:443 cloudcdn-kiv-01.cdn.yandex.net tcp
US 8.8.8.8:53 cloudcdn-rad-01.cdn.yandex.net udp
FI 5.45.192.5:443 cloudcdn-rad-01.cdn.yandex.net tcp
US 8.8.8.8:53 cloudcdn-ams14.cdn.yandex.net udp
NL 5.45.247.10:443 cloudcdn-ams14.cdn.yandex.net tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
RU 213.180.193.234:443 api.browser.yandex.net tcp
US 8.8.8.8:53 api.browser.yandex.com udp
RU 213.180.193.234:443 api.browser.yandex.com tcp
US 8.8.8.8:53 api.browser.yandex.com udp
US 8.8.8.8:53 api.browser.yandex.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 142.250.200.3:443 update.googleapis.com tcp
RU 213.180.193.234:443 api.browser.yandex.com tcp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 sba.yandex.net udp
US 8.8.8.8:53 browser.yandex.com udp
US 8.8.8.8:53 browser.yandex.com udp
RU 213.180.193.232:443 sba.yandex.net tcp
RU 93.158.134.121:443 browser.yandex.com tcp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
US 8.8.8.8:53 browser-resources.s3.yandex.net udp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
RU 93.158.134.158:443 browser-resources.s3.yandex.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 storage.ape.yandex.net udp
RU 87.250.251.66:443 storage.ape.yandex.net tcp
US 8.8.8.8:443 dns.google udp
RU 77.88.55.242:443 tcp
RU 77.88.21.37:443 tcp
RU 213.180.205.147:443 tcp
RU 213.180.205.147:443 tcp
RU 77.88.55.88:443 yandex.ru tcp
RU 87.250.247.181:443 tcp
RU 77.88.21.36:443 tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
RU 93.158.134.121:443 browser.yandex.com tcp
RU 37.9.64.225:443 yastatic.net tcp
RU 37.9.64.225:443 yastatic.net tcp
RU 37.9.64.225:443 yastatic.net tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
GB 2.18.27.82:443 www.bing.com udp

Files

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 399a0cc0d4dad42458d37f4047a486d8
SHA1 898e1a16ac0d64ad91c441afc95ac1ddc46d44f9
SHA256 2195f1c4406f4f3dc42243aaf670dc6aab34009f7013eb973bea2baae58e635f
SHA512 64b60a18d71fcd1b64f83097fe994a053013de691f3334d4af95fd84006926f418e84df1877ed19733bec5bb3cfb77ee0fcc8b6d943cbaf8579db74abb067486

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 a9732f48c4c54807493883c9bc3bafa3
SHA1 3e1e6d5fa8e27c18332f800ae4091a332bd7a850
SHA256 e85d84265fde313a5a333a5c78cd57fbaafe238da453beb9366290db0f96a418
SHA512 90e23c863f962099c16f427a30df57562f5b754be91adc867b3789b36ee54e4c72ffe737ac5b4928c1f01b2944642a73243210a03915a4982219e630a6604559

C:\Users\Admin\AppData\Roaming\Yandex\ui

MD5 ee7adeb6130218042cf81fc772b180a4
SHA1 afc73e3e84ce451a4a8c3d5ac27221c077a9286d
SHA256 ee6049f4221bfdbd94a2de0973ca39d89ae960773736b73af96895c4be5ffd9e
SHA512 6d6e02f2579420d7d08b39dd1115b6f3466d26fc44ede83c03feb81cacd4a5cc7fc218600ed4983998ef898826af986d213f9f19705f720a98ea3788d18b0f3c

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 14adb3141c89a041116b1f09d68df311
SHA1 218c4bda966984b3ce763f405020c6f806762578
SHA256 486bc935aec9eecea518fbc1a46d9dd7ae755d17419828a606231a80ff40d008
SHA512 55dc7fd634a03e70315cae82be02f0d7c8bdbbd61ba3f28b590f8ddba5b436f3825c81ed0ca34f1bab85fbcf3db2920749bc98f0144002bac04ce980e7b6d989

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 9c12dcd5304a1cbb46fb7b6a9a7bfa2b
SHA1 311c2469db4a650862764da39969ad9250bd04b0
SHA256 8519b48abac3155c8763503d63b68efb9aa94f8d75684bd4681f0112ee0d9ce4
SHA512 ac95f074911728f0718fc64d20f7f9c8e41514ebd146927d03c0cad53fec70118336b091d499a13f52db561d846c4d8dc94b9a11f16d946653d32c4a45d982e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b3830d65ea69c2a1896336b47264aebe
SHA1 313792dfd3acf297f1c0408712bdf7ee8111e8c3
SHA256 3897b9f6fae0bbfcacc84a4bbf99cccbc77782efdea3a70c22e35c2b2d009b6c
SHA512 46bf549f39dd3b42ebb22eb0a155fcd740c7ca0c49f7262011e4f0b8880ed6da033747cbef40cdfed7d35ac452d9e8bc8cdbaead357a6b87ce754088735ef964

\??\pipe\crashpad_2444_ABATGVUGFGEFFQNH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2294f3d9a64baef128a25b87589d389f
SHA1 424e387efc6a6a15e78b75f6993c1c2b3075b1df
SHA256 36f7957c705b6991cf14d92a054f5f029666152a4064d59cb0ff3d928b29281a
SHA512 bb23f81a610122ced958c119f398ccb753bc760084b92484f78a9459cc4d055ac6268aecaa350bc311fddbc08be89103ff36ebfa92e240e383ee2f155e899858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 8ab877bda87699eba56fb298702ea96a
SHA1 5ea95221e7332785fb4bd95e3ddc5fedeaeee8b7
SHA256 3b780aac9d9fa757e5aa2c82c8e0ff505e496b849869ae6b4f877ece306f8919
SHA512 193e4117ec9d19d1a3486197e5b3d2f0a08c765c176c766f8e501e7f69ef578d93005bb4bed0611121a05ce8396c56ade4201b12b0f8fe6cbdc83742e3656a24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Temp\lite_installer.log

MD5 87d03ae64b8bfdc8912e456e5d2af084
SHA1 66486a75a794de3cd828f320c9c521b84fbe1df3
SHA256 3fe9689d6a2d78bdb423cfe268854c6acd00edfee9b0b2fa3358eef0695d9552
SHA512 2963c6d963ec725600ff5c7e4934ca1d64155b3a320f6b21e9477373569d563acab05b77729fcbb304c6a4d576bf495d3cc9079856f3403b81fdfa2fa875ffd3

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\setup.exe

MD5 6a490251b60066a9326877bff301d0e6
SHA1 2b0d8b16593643a73dbc519b32fad7e0003c7ed3
SHA256 48cba769982d6441099a20da6f4c66394f9c09dbbd49ecab310b75b4944e6c05
SHA512 65925762130efc9ea0016b329497332a56d2c636df6bb3353473aec6ec227fe3b799422f3148ca28a7efebd871deb3afb61713b20c1ec87fc20b9ee41b5987ba

C:\Users\Admin\AppData\Local\Temp\master_preferences

MD5 2d4c2d86e4a7d3984ff9eefaa02d0576
SHA1 d92e6fb855ea64a83d91804139610f7d00cc5921
SHA256 2b06ca5554cbe5fb5804b9ddd5deb7e3bd0fa494e943fee13ca7da551b1f77ac
SHA512 ccd203bc6e343d131bae03e8d856c90a4d99f4b4073484a60ef2de7de4bf5ce395df3674853a91509bface588c0e394eabc7e7b304990d2691ae7413619054fb

C:\Program Files (x86)\yandex_browser_installer.log

MD5 b4138ab0bf2bf3be822bfa6624accd8a
SHA1 f8741a1e1ae4e421e8120beda1eded33d6b1c60f
SHA256 61908742e2fe1c5dbdf06512be595333d1d8df032ed355a9e1e0b47af0e9b0fc
SHA512 f0377865a0e6539dedf2943b9d728923aad7e0710fab1cbaf4391daeb862a1bfec9debf9013d3f4a9c0457fc3b1f456b57aabd3c11526314102eb1cad9bf5152

C:\Users\Admin\AppData\Local\Temp\distrib_info

MD5 1bc39f0fb56a6fe09d13d11dfecbe263
SHA1 d5121750566e1941ced27d58c009f3ee953161c8
SHA256 afb57909c11993cd2f297dc9f7898a573b5e92d2dc333a18b4611bc6e6d6ba7e
SHA512 1d30a63df9fcb6e3f55dbc8403077fb639cb19c9ede383afde6a9b8977dd81927c70d519ef1dbd4095d636a9a171790f878c00f84b93e6985e560dc5f64db8e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_2160353AED26D1201CFEDFD521209521

MD5 e185f054ea313d4383e6fbbca506964d
SHA1 bff51b14a76fe56ed31eb2d0f0867d2108d4cbf3
SHA256 dbc877e50348681c90ab6283640aa56da97e7a767a8674a1a47dc42d9cbfdc16
SHA512 d346417a319c65ab5d8c17f8aa7ead94a76b594e72362d566d4a8901a127da7a0bf2ddfee0e0602245fa32e1e224277be1f6264b952c7dcf6bd2ed6a835d72a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_2160353AED26D1201CFEDFD521209521

MD5 cddda702e71714964b2a47d8d5110231
SHA1 a66801c75dacc601f4af23eeff54a7d15c1a3cf8
SHA256 de89d5ce717583a1acd87754fca787163272b8ec1ff401f221dc2fed7bb49fbf
SHA512 c8ab313826c4e4e8df6e46077cd9ff694a390c5ec7d1242003f836712498caf3fc767b842dc27c9d15d68ca729289cc3db244b90aee3465bf983e457ad0a2a20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 6fe28659ba9a49940f4cd0374ea0ac60
SHA1 6f074f8f91774468518d3030225823498c65a60c
SHA256 d082c00af8949078f9a14f19305c7e49a3e07c8e3f78f62a424a6c23aa3a44b0
SHA512 3189a298cbc204033aeef5635102ef08ea3e01a10fa03123dbd3d9c3e05804f89d5f4e3b6dcedcbad283e45aec48c21cd4d833ab2a723e98f19f1f150c1c01c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3

MD5 023e1c45635d8f621457815d9e259550
SHA1 8f8ff19bbe52f32c125e5ea4f034584ccb3120d8
SHA256 27ec0b9014ada3b3b8b91168a0d65d4903b0fcc4a3f25022e1d0f1c70f595e9c
SHA512 47ebdfd9ccb8e7a898aa8db8993570e917221ec01d2d49c4b2f1b6c36ea8cae572ef4464f60936f559acb525a33ccc2840929eb92a3842bb401662b9a2f19f88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 498ad9853d167f2f1bde3f58ee8c63fe
SHA1 c7b079f72b4c80ae13263bab48fb114925d20982
SHA256 30790c363a1ba95a6397bbb1887a15464d17e82dcf50e6b08c45283b1e350c9b
SHA512 55cba5fd06dfc36bb3b776c5354e32d06aa502375c7bbe152ba774206bb69f6e134cde441133bf9dc9935bf1ad1a1c93359cd6bffef7bcbc4cd462cac0a4165d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B

MD5 668197979aeadf55b56378c56fc27456
SHA1 463801e6a36a30dffa2199b6dc7f107fe6cc75fe
SHA256 f74002fa936b1fe49ab5f1b4200b36ee51123f3d9846ea0422eb536d7f4c1d32
SHA512 b89f8b4a9029b460d6fef7691a8360c7bd3b0259586add0a297e2506fe50586d4e6df8ce3f8cc1d63f962aaf20f90715541fd70c32cbf4fe6900ae4d69d45e3f

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 320397ce031859f60b3bb3acbb260adb
SHA1 80373db98edae21b33d404bd9f0d3b3e42d2063b
SHA256 7a76a60fbcc83b9b7e51640d757fb6818e49096282fd557822e903b6678af88a
SHA512 354767abaebe43e7ddf9102c05d101cddfc910febe3c7b2fd51a018b3f8a2133a8b2deb27b4b6c6a017f5cb3322b48b04292627591c87e41bc8f0440cf62d3e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 43119ded80db6e3fdedd14ffc6ed0c41
SHA1 aec0910ed080bf78fc81e2c58f1a63a4ef0d8588
SHA256 c2986eda54086d4b100dc7c458b6b9c015ad04424212c4e3b3ab49ec42802c24
SHA512 5e2ab0978fd4d75582321627f9a9a2bf2c6a3ecad3b7592c2b7526cc6d2b761223bd82190a61672527bf293cb1f318392ac997b99b13a571a97b4417f6188441

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7b75b600914af462f8f7c1a16bc1bcb9
SHA1 dc97f405ac952a4cef871d2d2ed3d210ac5ec777
SHA256 334a73f97f00e408828b829195d1926d877ab248d033ceaec3617e586e542b7b
SHA512 0e00fbdde12b7afaedb72017f00b40c6da123479d25c84588095fe43aa864cf18a558bca0c020373e0778e256db300bdf80665070944d66c1994a417c6a58247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 8374ef4595e5e7cb94c85973ad92f5a8
SHA1 27d5d1c19cb7ee7c11c7153fdebe5930c5386e29
SHA256 9a07c24b8b3b0b586b013a3c0734696456bcbad0926644d1969e152fb4ba2012
SHA512 800b799dedd7a5f5d63a419b4b3e1e09abaf9df90793a8fd6ef2fe1a0a0e148f5ad3ff527bb4d9640532758d7d1dc5ca6c14d1376b1011881c0278f847c0087f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 c5b642d5f0f040e9650e680024144452
SHA1 cf62c45af549334785f0426a7d42033e006fbf38
SHA256 92b1fe0fb514d6f434af4e2af8eb25913ac0c0107be03ffb2fcab8f7f04fcfdb
SHA512 88a4f82d4d80ade0710610959fd0c86c5d5094c42677a5513ca5266ba855c2b53705ae041905226c136d3a380254e6d56b5e792d2f178bf101533a71af150207

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\BRAND_COMMON

MD5 89eaa2131f58f4e3ef79e7f161bf9fa6
SHA1 0538efcabb569f0f96d27b857ea6d72a97aaf625
SHA256 deee73c72269fac306789c9a5f9768743ba6e4cb3107513faa3f68ae564b96ec
SHA512 159b10393436a0c596aa506fed8753bcc6fa40b8b9060a439d32cfd5f5fcf2086d2f78ebff1875df6e390c089f83fd98af46e14792d6a7c834f13f4afc0d0050

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b

MD5 b384b2c8acf11d0ca778ea05a710bc01
SHA1 4d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA256 0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512 272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be

C:\Users\Admin\AppData\Local\Temp\YB_0FFC5.tmp\brand_int

MD5 5759d6b0f32889fd68cd5405e13ea540
SHA1 ac8f7e15cf6969a14bfee188051d7c616f33f743
SHA256 7df21eb7620d75f5aff07f7d1201e31ece3adc7f5685b54a6d0fd20a2c43c119
SHA512 b80047937970c67990cd78d1ae37b4a376cd92b376098eb166a113697d2e6913fb56ba60f5f9f5c4f51aae956158b1050dd6b8249fb6d95c65f789fff7ac8e62

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 4f4204ca6f9dbdefed65431e0d098e97
SHA1 f7f84842ee09e79b6d0cfc0ff0b2eac1dc34c59f
SHA256 92b0ad5f9eca16316e7ae307882816e4c6d40ed55af9fab98dc710951bee9cce
SHA512 17037175acd0797b88bc1e874dd79d9c36d0c740dc8b232a0fb5f0dc139e71fbfce10a14ddc6ce463fc6da0c9e76399c04e6929dcd36bfc7962d7223a13458f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_394487CAFBCFB8C5917AD7A10924C8A7

MD5 cb848cfc89680eeb6efb986aa3ce014a
SHA1 60635f911c35bf9ae902239b3a4ecde7cdca9bd0
SHA256 63ca4b058ecc3a98aea5073fb9e9c4aed4d1d4e30a5ea621ca50bde7f4ced222
SHA512 193bc3b35816bc4e3c3a327360b02abfcbc52fb9bee75d4f56a6af5f9a4c78e985099d17ddd12ee98e4c3fc0e954fa488b1ab94ab4900da786d9799ab1ca8245

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 13f1eafc777b2b679e11196beb890dd2
SHA1 ec3997038b51c65dd86151941310d5a81d79f439
SHA256 0ac214f927d602ff2a4aa3fb178ab0489261d207dfbc803f7317265aa326f9e7
SHA512 eb8154daa6c8f39b0d2f58c4747e92510ee2a7c7b99137213417f9940e498003d0f7a5f41aa88fa498f704d17e79f46812099f669cb196a7c090a5a4c30c2526

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

MD5 91c7d016991bd227b1c7291772f53a3a
SHA1 2a54a29b314fc7f381f937115e4b9c0f421b14df
SHA256 fc47a9acc0da7efb07544fb8609cfa360cd840e6c83f412614015fd5520bfc94
SHA512 33f0defb4bd7b23c8d1f60cfc84a79e12942e9a6204537e7de976a42d806562d6a1665ecc47a178fee507253985cf33514003d749880c978e0c1deb5995bb015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7431a6be24166d1b99ea303affea0440
SHA1 357cbe81fd9eec932e832f36c5eb245ffceed48b
SHA256 12423e0621d4bdee52b7571a2d535039cfce95ce8078347d56bb9f9f36ee9557
SHA512 8fd47a33cb467cde793bae3283bc7fb350a0c538cbf26a9b15bfd13b9f55016cf850f3c6538f39f388972725cdc9a52641e065b9c1715b5c9636c06e9e9f86d4

C:\Windows\Temp\sdwra_5292_470211609\service_update.exe

MD5 bf41f8b435b3f60dc71829aa4cbd73f4
SHA1 33079b8e8525872b0640b727541112b6bb83cc11
SHA256 f2c822e9e553d0432be8acb4cc561743b49fe11c6bb07a6d730a88bbddd40adb
SHA512 ace1bd09acd2967c3b331cc173903d81ec7fbda4318a833627b0ef307e1f9cc4af1491a95f64e24394d1230e21364cd3a505cc39196be105de38e1752734d208

C:\Program Files (x86)\yandex_browser_service_update.log

MD5 e4873686b6c7e3b3e67e269c39560a9b
SHA1 534f9119e5f1e1d2c4ed0f105ee0fbee45a23ff9
SHA256 318fe1c4e1e59ea488a5a63aa81ba15dadcb948f0d55d3ef6726ae900c87de8e
SHA512 9fa583d5fec542404661bc843d508f01bc499ca7406345d7e8ec98da4ec6b04c01865620dc3252eb1b3a71db6b96815da0cae319623ce49c7e4615954b007340

C:\Program Files (x86)\yandex_browser_service_update.log

MD5 d763eeebdd4bf4e9200f1e8b6f7950e5
SHA1 a3be1c32c3827c1d757166deecaadbdba99e5c7b
SHA256 729b0ad65e8e141bf423d8c957e62932ff1f71e955d7dfd2a3222da2f949b29b
SHA512 c29afd818d597692b04799f9a5d2ab8513d7522df3e1e7d1a1289b00467c23b12d684bff5441a250833284edecb27c558bdfc05feea55df488ca82415d0f9a49

C:\Program Files (x86)\yandex_browser_service_update.log

MD5 b688f7fc273a07b67800ec7e52d482d4
SHA1 bce668bf4e9ce5076497cd8c091a2940daa2a87a
SHA256 10865177ff26aad96dbb7a599890405884a459b5e761adb8390a375e29333ece
SHA512 6de30ab8f4faa1dd4000e60aaf66176edc4138ef46819b20135225562d3898ecf9bc2d0faa5e8e33e2237acaadaf81bc5402a8d89574bf4d2c0349e1169a2eb7

C:\Program Files (x86)\yandex_browser_service_update.log

MD5 8aa79c2080680bdb652b76aa2ed52d50
SHA1 f6cd0223baa3a4445420014f45ddf5e38a16fdb0
SHA256 05ca3da21deaff921ef41f3a1a0bf11b86d104028ba3ce05995fc75e2ae6bd1d
SHA512 ac2697cc6adb1d216fa0d79051994710bce07bf4cf77329f882a8664464bd4953fe34cc48e0df7acd92ff6fc680d39ed104b72684417ec7fee6be8074f54a9cf

C:\Program Files (x86)\yandex_browser_service_update.log

MD5 9d1dfb8722c79c943a430da0aa1ff910
SHA1 865a7603b60b89eef204d4e31ddacbb135acaa27
SHA256 14515e3951eaf7dcc9485a91931514f40a58094bd443d4a76f2c01a4c31244b4
SHA512 3697f93a66ffda2431e22dfa8a6330d493ec36ffefb25fdcdc59aa0f4dcc808536b3a584d6463735692e68c49da2c432457668eaad644705df8a270e45dc293a

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_ru_2x.png

MD5 a6911c85bb22e4e33a66532b0ed1a26c
SHA1 cbd2b98c55315ac6e44fb0352580174ed418db0a
SHA256 5bb0977553ded973c818d43a178e5d9874b24539dacbd7904cd1871e0ba82b23
SHA512 279fb0c1f2871ce41b250e9a4662046bc13c6678a79866eaf317cc93c997a683114122092214ce24f8e7f8a40520fe4ca03f54930148f4f794df0df3ecf74e9d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\import-bg.png

MD5 be2acbae1c7b09125a85c5517a7dd70c
SHA1 091dbd354f830ddf74258b337dc4f7177a860d1b
SHA256 d1f78371b8d86ecd9a1e6c5878ff5da756f8c9ebb6b1a6d5d24ed017ad64c010
SHA512 dfc66f11ab6f79a8726efe47c478664973b04a277a9290cc6703899a12271909c757482be8c0a2cdcdd290e5a2a29d441a8d09c2bfc686a9482f07ceeb33f673

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_UA_

MD5 1af7c65a09f5b23c8919656a631580db
SHA1 c9dca1523cc25f50bdd8d5ce2d354abb40cf6e5c
SHA256 71f09d4dc7592990580ad74d2f5262c29f98f72e11319daccdbcd1f095cec3f0
SHA512 f39f7490857186663577af939c802757ba35a8b15fd0d7acc9786779f5cd2e179dc41d5b89695abaeaf1b6acc9d20b5754e6201f2ffe55c393e8fedb3ac24eb6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_light\neuro_light_preview.jpg

MD5 d72d6a270b910e1e983aa29609a18a21
SHA1 f1f8c4a01d0125fea1030e0cf3366e99a3868184
SHA256 031f129cb5bab4909e156202f195a95fa571949faa33e64fe5ff7a6f3ee3c6b3
SHA512 96151c80aac20dbad5021386e23132b5c91159355b49b0235a82ca7d3f75312cfea9a2158479ebc99878728598b7316b413b517b681486105538bbeb7490b9c2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan.jpg

MD5 c51eed480a92977f001a459aa554595a
SHA1 0862f95662cff73b8b57738dfaca7c61de579125
SHA256 713c9e03aac760a11e51b833d7e1c9013759990b9b458363a856fd29ea108eec
SHA512 6f896c5f7f05524d05f90dc45914478a2f7509ea79114f240396791f658e2f7070e783fab6ac284327361dc2a48c5918b9f1c969b90795ceacce2c5c5bfa56ca

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\configs\all_zip

MD5 f7ca8fead90bcbc1c3a1a84522ee16b3
SHA1 18c01a06df1972ceef8d496580f4bfaa66775f50
SHA256 5bc1b0a641b68a04607963210cdeb39bb4e08de392175b23e20abbc6b19ffbf4
SHA512 ee5871159f5976cb42ca3062f383aea6296e58cbce449a2e12dd8514e9b0b576e8ad7ed9f7407c910c57d167f17ee9ceaeb675668233ed99e40f3ef7937b8a64

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\elokbjeafkcggjfjkakpchmcmhkhaofn\brand_settings.json

MD5 909b09582eadd71cdfd92d615ea70a87
SHA1 715f244e8c4b306f26649167a2186a598f65f3df
SHA256 7bbd3e9581b9990cd48933c7b6ed0a22216db7f3544daf510b4acfadcab0426a
SHA512 95a6d43d88b88bacc7ad49ea40b1797f28c2fe835f8c5287b13426581088154d952803c8461d6c311520fa3b92ceae4ee9f9328a9e70ceb9b48be639f948cc4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\fcgfaidpicddcilhjhafmmcgfodijhjd\brand_settings.json

MD5 fda6c7f7660e9be254ef3745b8dcc4c0
SHA1 953062beb6ba234633f1de0a6964e7dec3ba2cf0
SHA256 29660aabd512c66468f36862bf0087855e4c18bee937e9d1a403d548f0ce1b8c
SHA512 0b18601b8771071d601c00a8ecb687d807ca4c785c387701f6dff99566fab72227b9af84a17bf9c40a583c2501d3c20cb93681f4a1f6cb0227e4dd5b5a005077

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\extension\gopnelejddjjkamjfblkcijjikkinnec\brand_settings.json

MD5 4c817e4c2d0ed4b5603e7192da413a6a
SHA1 e70fe2b6c5548273bc00b8863e0752c7bf93ad11
SHA256 cbbda477eaadbaf9fc385bff50dfaf9af360dd82fd8b345209456d8da580273b
SHA512 39a4796f25ee166dd8a079b3556b1e50d9e85a1bad8a9229a428a9d160411c7362fdf05db872ff167ce23f7769de582f63155863bd3e06313d49e71841f369ae

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\stop-words-en-US.list

MD5 202e1cc3e24e0a76bb1fd8779ddae5cb
SHA1 7566a9437663e808740ef75c9a79f414daa6b44d
SHA256 95984aa8caca82fc5c2ac6721e17206e45f12404567bf05bf397131ab83cef58
SHA512 dba1d7714da25c670cef62d22638ba759add34e26e69666973e26b7e7542b7c04d3694bb0f22ec2b7f89a33e48b3546507a108a385ba5945e0d293f501511717

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\dictionary-en-US.mrf.sig

MD5 197eaa00216af72690c09b8b82211809
SHA1 1e49ba86b771b391b63335fede7614f5ac427f84
SHA256 d5e3a63301977129113a9c0bdc0dd14173768c6f9f5ce2f2036c0cc6a53d706c
SHA512 f57b8e7d481ba5791c6bf454363fca3aad042270b572fb4b2ae1c0429a6e2f70d153b6bf44b139d48c959a1817c4e72ad3b280257b7877746fe93c40c880f514

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\morphology\dictionary-en-US.mrf

MD5 c8a293e130ee93c08592f0f5ba9616a8
SHA1 49e7d245af097bd28af5ffa503858830cd45011e
SHA256 fbd6c8f911927a994db26eac21e4c028d75ea9de593eaa525f331e5c9a911ce3
SHA512 9f4c01c6083ad7063db29b7075e0ac475794dfaa9b6714b119174607aefbf5384cbf17a96256b097de5b2a73669d060d5082cf2aa9244e7968c3d8853d09083b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\safebrowsing\download.png

MD5 528381b1f5230703b612b68402c1b587
SHA1 c29228966880e1a06df466d437ec90d1cac5bf2e
SHA256 3129d9eaba1c5f31302c2563ebfa85747eda7a6d3f95602de6b01b34e4369f04
SHA512 9eb45b0d4e3480a2d51a27ac5a6f20b9ef4e12bf8ac608043a5f01a372db5ea41a628458f7a0b02aaba94cd6bb8355a583d17666f87c3f29e82a0b899e9700bd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\abstract\light_preview.jpg

MD5 9f6a43a5a7a5c4c7c7f9768249cbcb63
SHA1 36043c3244d9f76f27d2ff2d4c91c20b35e4452a
SHA256 add61971c87104187ae89e50cec62a196d6f8908315e85e76e16983539fba04b
SHA512 56d7bd72c8a380099309c36912513bcafbe1970830b000a1b89256aae20137c88e1e281f2455bb381ab120d682d6853d1ef05d8c57dd68a81a24b7a2a8d61387

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\abstract\light.jpg

MD5 3bf3da7f6d26223edf5567ee9343cd57
SHA1 50b8deaf89c88e23ef59edbb972c233df53498a2
SHA256 2e6f376222299f8142ff330e457867bad3300b21d96daec53579bf011629b896
SHA512 fef8e951c6cf5cec82dbeafd306de3ad46fd0d90e3f41dcea2a6046c95ab1ae39bf8a6e4a696580246c11330d712d4e6e8757ba24bbf180eec1e98a4aec1583b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\wallpaper.json

MD5 662f166f95f39486f7400fdc16625caa
SHA1 6b6081a0d3aa322163034c1d99f1db0566bfc838
SHA256 4cd690fb8ed5cd733a9c84d80d20d173496617e8dde6fca19e8a430517349ed5
SHA512 360a175c5e72ff8d2a01ee4e0f365237bbd725b695139ea54afc905e9e57686c5db8864b5abf31373a9cb475adcbdb3db292daf0a53c6eb643a5d61b868ad39b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\preview.png

MD5 0474a1a6ea2aac549523f5b309f62bff
SHA1 cc4acf26a804706abe5500dc8565d8dfda237c91
SHA256 55a236ad63d00d665b86ff7f91f2076226d5ed62b9d9e8f835f7cb998556545f
SHA512 d8e3de4fea62b29fd719376d33a65367a3a2a2a22ed175cc1eeff3e38dfbaac448c97a6fbea55bc6159351d11a6aad97e09cb12548cf297e01bd23bf6074de08

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\custogray\custogray_full.png

MD5 55841c472563c3030e78fcf241df7138
SHA1 69f9a73b0a6aaafa41cecff40b775a50e36adc90
SHA256 a7cd964345c3d15840b88fd9bc88f0d0c34a18edbf1ce39359af4582d1d7da45
SHA512 f7433d17937342d9d44aa86bcc30db9ae90450b84aa745d2c7390ff430449e195b693a8ae6df35d05fee2d97149a58a7d881737d57902d9885c6c55393d25d6f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\fir_tree\wallpaper.json

MD5 8a2f19a330d46083231ef031eb5a3749
SHA1 81114f2e7bf2e9b13e177f5159129c3303571938
SHA256 2cc83bc391587b7fe5ddd387506c3f51840b806f547d203ccd90487753b782f1
SHA512 635828e7b6044eeede08e3d2bb2e68bc0dbbe9e14691a9fb6e2bc9a2ac96526d8b39c8e22918ff2d944fb07b2531077f8febd43028be8213aa2fad858b6ee116

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\fir_tree\fir_tree_preview.png

MD5 d6305ea5eb41ef548aa560e7c2c5c854
SHA1 4d7d24befe83f892fb28a00cf2c4121aeb2d9c5d
SHA256 4c2b561cf301d9e98383d084a200deb7555ec47a92772a94453d3d8d1de04080
SHA512 9330009997d62c1804f1e4cf575345016cda8d6a1dd6cb7d2501df65ea2021df6b8a5bc26809ddfc84e6ff9450f1e404c135561b1b00b9e4915c69e84f89cfec

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\flowers\wallpaper.json

MD5 4938bc67f6e2d6e8faeb7ba9ca8dbc69
SHA1 7600cfbe9d5e6be6a12642670107857abe36e383
SHA256 3bdb98cfc0379426a56ac7813f4bdd4787bea9ee8a65b7914e62226e584ac977
SHA512 27b680deb837cf7831c2d865f210fa1321fe5a2ee885be1dc058916ae0fa0e6fcf9c9f9de4ee86806dd3ab271c47f79ab621741664b8bdce7be117ff52ef6c85

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\flowers\flowers_preview.png

MD5 ba6e7c6e6cf1d89231ec7ace18e32661
SHA1 b8cba24211f2e3f280e841398ef4dcc48230af66
SHA256 70a7a65aa6e8279a1a45d93750088965b65ea8e900c5b155089ca119425df003
SHA512 1a532c232dd151474fbc25e1b435a5e0d9d3f61372036d97bcaab3c352e7037f1c424b54a8904ef52cf34c13a77b7ab295fb4fd006c3ab86289577f469a6cd4c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan_preview.jpg

MD5 1edab3f1f952372eb1e3b8b1ea5fd0cf
SHA1 aeb7edc3503585512c9843481362dca079ac7e4a
SHA256 649c55ccc096cc37dfe534f992b1c7bda68da589258611924d3f6172d0680212
SHA512 ecd9609fbf821239ddcbdc18ef69dade6e32efd10c383d79e0db39389fa890a5c2c6db430a01b49a44d5fa185f8197dbbde2e1e946f12a1f97a8c118634c0c34

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\huangshan\huangshan.webm

MD5 b78f2fd03c421aa82b630e86e4619321
SHA1 0d07bfbaa80b9555e6eaa9f301395c5db99dde25
SHA256 05e7170852a344e2f3288fc3b74c84012c3d51fb7ad7d25a15e71b2b574bfd56
SHA512 404fb2b76e5b549cbcba0a8cf744b750068cbd8d0f9f6959c4f883b35bcaa92d46b0df454719ca1cef22f5924d1243ba2a677b2f86a239d20bfad5365dc08650

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\meadow\wallpaper.json

MD5 f3673bcc0e12e88f500ed9a94b61c88c
SHA1 e96e2b2b5c9de451d76742f04cc8a74b5d9a11c0
SHA256 c6581e9f59646e0a51a3194798ec994c7c5c99f28897108838aaf4a4e2bda04a
SHA512 83fb3fe4a3562449a53c13d1c38d5fe9ef1fa55c3006f59b65eace9a6ad4963e768088bc500dbe5266b5979c6ace77874ef11a15a7bd9fabae00ff137e70ecb5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\meadow\preview.png

MD5 d10bda5b0d078308c50190f4f7a7f457
SHA1 3f51aae42778b8280cd9d5aa12275b9386003665
SHA256 0499c4cc77a64cc89055b3c65d7af8387f5d42399ff2c0a2622eccbd6d481238
SHA512 668e1a70a50a0decf633167ac23cba6916d0e05d0894daae1f7e3d487519f0a126abd4298430b38f52746a5c3b83ccd520b3d9b0ae1a79f893e36821a0458566

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\misty_forest\wallpaper.json

MD5 2b65eb8cc132df37c4e673ff119fb520
SHA1 a59f9abf3db2880593962a3064e61660944fa2de
SHA256 ebe9cadad41bd573f4b5d20e3e251410300b1695dfdf8b1f1f1276d0f0f8fa6d
SHA512 c85fe6895453d0c38a1b393307b52d828bad8fa60d1d65bb83ffa3c5e17b71aa13cab60955489198503839ce5a4a6c1bb353752ab107f5e5b97908116c987e52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\misty_forest\preview.png

MD5 77aa87c90d28fbbd0a5cd358bd673204
SHA1 5813d5759e4010cc21464fcba232d1ba0285da12
SHA256 ea340a389af6d7ad760dff2016cf4e79488bda1a45d0a415b3cd02a4430c9711
SHA512 759519b8822a6a4b88fc9ba47fa9d5d898b2f5a0f359acfbefc04809e6d7f5df86fb130f191eb6f63322792a18c0e7170aedf3ce7060fd9ad7e1bec2e686c3b2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_dark\neuro_dark_static.jpg

MD5 e6f09f71de38ed2262fd859445c97c21
SHA1 486d44dae3e9623273c6aca5777891c2b977406f
SHA256 a274d201df6c2e612b7fa5622327fd1c7ad6363f69a4e5ca376081b8e1346b86
SHA512 f6060b78c02e4028ac6903b820054db784b4e63c255bfbdc2c0db0d5a6abc17ff0cb50c82e589746491e8a0ea34fd076628bbcf0e75fa98b4647335417f6c1b7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_dark\neuro_dark_preview.jpg

MD5 29c69a5650cab81375e6a64e3197a1ea
SHA1 5a9d17bd18180ef9145e2f7d4b9a2188262417d1
SHA256 462614d8d683691842bdfb437f50bfdea3c8e05ad0d5dac05b1012462d8b4f66
SHA512 6d287be30edcb553657e68aef0abc7932dc636306afed3d24354f054382852f0064c96bebb7ae12315e84aab1f0fd176672f07b0a6b8901f60141b1042b8d0be

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\neuro_light\neuro_light_static.jpg

MD5 9c71dbde6af8a753ba1d0d238b2b9185
SHA1 4d3491fa6b0e26b1924b3c49090f03bdb225d915
SHA256 111f666d5d5c3ffbcb774403df5267d2fd816bdf197212af3ac7981c54721d2e
SHA512 9529a573013038614cd016a885af09a5a06f4d201205258a87a5008676746c4082d1c4a52341d73f7c32c47135763de6d8f86760a3d904336f4661e65934077e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\peak\wallpaper.json

MD5 f0ac84f70f003c4e4aff7cccb902e7c6
SHA1 2d3267ff12a1a823664203ed766d0a833f25ad93
SHA256 e491962b42c3f97649afec56ad4ea78fd49845ceb15f36edddd08d9e43698658
SHA512 75e048c1d1db6618ead9b1285846922c16a46ee138a511e21235342a5a6452c467b906578bdd4a56e7b9e0a26535df6fb6319ae1cae238055887b48963fa6ed6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\peak\preview.png

MD5 1d62921f4efbcaecd5de492534863828
SHA1 06e10e044e0d46cd6dccbcd4bae6fb9a77f8be45
SHA256 f72ea12f6c972edfe3d5a203e1e42cbbaf4985633de419342c2af31363f33dab
SHA512 eec8171bd3bea92e24066e36801f334ac93905b7e8e50935f360e09fa8c9b9f848c4c62b687299e8297c0693d6dbaf9c6035b471e6345d626510b73e3606ee4d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\raindrops\wallpaper.json

MD5 5f18d6878646091047fec1e62c4708b7
SHA1 3f906f68b22a291a3b9f7528517d664a65c85cda
SHA256 bcfea0bebf30ee9744821a61fcce6df0222c1a266e0995b9a8cfbb9156eeeefd
SHA512 893b2077a4abaa2fe89676c89f5e428ccd2420177268159395b5568824dd3fe08bea8a8b2f828c6c9297b19e0f8e3a1b7899315c0b07f4b61fc86ce94301518b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\raindrops\raindrops_preview.png

MD5 28b10d683479dcbf08f30b63e2269510
SHA1 61f35e43425b7411d3fbb93938407365efbd1790
SHA256 1e70fc9965939f6011488f81cd325223f17b07ee158a93c32c124602b506aa6b
SHA512 05e5b5e9c5ef61f33a883b0286c2239cb2a464581d6e8a86d7b179b1887b4cb2cd7304e0821cdd3208501421c44c63c248a5166c790792717a90f8ac528fbf2f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea\wallpaper.json

MD5 92e86315b9949404698d81b2c21c0c96
SHA1 4e3fb8ecf2a5c15141bb324ada92c5c004fb5c93
SHA256 c2bb1e5d842c7e5b1b318f6eb7fe1ce24a8209661ddd5a83ab051217ca7c3f65
SHA512 2834b1ef7bb70b2d24c4fedef87cd32c6e8f401d8ee5f3852808f6a557724ce036c31a71298cd0ed601cde4be59ec4042542351c63c4e0ac3d31419f79240956

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea\sea_preview.png

MD5 3c0d06da1b5db81ea2f1871e33730204
SHA1 33a17623183376735d04337857fae74bcb772167
SHA256 02d8e450f03129936a08b67f3a50ea5d2e79f32c4e8f24d34b464f2cb5e0b086
SHA512 ff0e60c94fc3c0c61d356a26667c5170256e1143b29adf23d4e7d27012da72ed8865ef59dc2046314c7335b8d3d331e5fd78f38b9b92f6af48729dae80f85b15

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\stars\wallpaper.json

MD5 9660de31cea1128f4e85a0131b7a2729
SHA1 a09727acb85585a1573db16fa8e056e97264362f
SHA256 d1bef520c71c7222956d25335e3ba2ea367d19e6c821fb96c8112e5871576294
SHA512 4cb80766c8e3c77dfb5ca7af515939e745280aa695eca36e1f0a83fb795b2b3ef406472f990a82c727cea42d1b4ef44a0d34a7f4f23e362f2992dbff2527798b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\stars\preview.png

MD5 ed9839039b42c2bf8ac33c09f941d698
SHA1 822e8df6bfee8df670b9094f47603cf878b4b3ed
SHA256 4fa185f67eaf3a65b991cea723d11f78de15a6a9a5235848a6456b98a9d7f689
SHA512 85119055ddfc6bc4cca05de034b941b1743cbb787607c053e8c10309572d2ef223786fc454d962fbb5e3cde5320117f9efe99041116db48916bc3d2fcd4ffa25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\web\web_preview.png

MD5 3f7b54e2363f49defe33016bbd863cc7
SHA1 5d62fbfa06a49647a758511dfcca68d74606232c
SHA256 0bbf72a3c021393192134893777ecb305717ccef81b232961ca97ae4991d9ba8
SHA512 b3b458860701f3bc163b4d437066a58b5d441d8a427a8b03772c9c519c01983e3d3fdb8da20f6a53ad95c88dcdd0298f72822f39bc3672cb6f1d77fcc3f025a9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\web\wallpaper.json

MD5 e4bd3916c45272db9b4a67a61c10b7c0
SHA1 8bafa0f39ace9da47c59b705de0edb5bca56730c
SHA256 7fdddc908bd2f95411dcc4781b615d5da3b5ab68e8e5a0e2b3d2d25d713f0e01
SHA512 4045e262a0808225c37711b361837070d0aeb5d65a32b5d514cc6f3c86962ba68f7d108bf4d81aa3bf645789d0753029a72c1ce34688a6d7af15f3e854c73f07

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea_static.jpg

MD5 5e1d673daa7286af82eb4946047fe465
SHA1 02370e69f2a43562f367aa543e23c2750df3f001
SHA256 1605169330d8052d726500a2605da63b30613ac743a7fbfb04e503a4056c4e8a
SHA512 03f4abc1eb45a66ff3dcbb5618307867a85f7c5d941444c2c1e83163752d4863c5fc06a92831b88c66435e689cdfccdc226472be3fdef6d9cb921871156a0828

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea_preview.jpg

MD5 53ba159f3391558f90f88816c34eacc3
SHA1 0669f66168a43f35c2c6a686ce1415508318574d
SHA256 f60c331f1336b891a44aeff7cc3429c5c6014007028ad81cca53441c5c6b293e
SHA512 94c82f78df95061bcfa5a3c7b6b7bf0b9fb90e33ea3e034f4620836309fb915186da929b0c38aa3d835e60ea632fafd683623f44c41e72a879baf19de9561179

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\mountains_preview.jpg

MD5 a3272b575aa5f7c1af8eea19074665d1
SHA1 d4e3def9a37e9408c3a348867169fe573050f943
SHA256 55074794869b59cd5c693dfa6f6615aea068c2cd50cdae6dd69bd0410661ded8
SHA512 c69bf39362658dd6cbd827cf6db0f188a9c4410b3c6b7b532595fd5907974e2141d857942ffb2497282e31eaa33c71240c2c2bd8721046df55e3358e8b76c061

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_TR_

MD5 9aac83dab47ce1228e8819cdcf1cceb4
SHA1 c3d60af194dc7be089ea62750ecedbb6e5fa16fe
SHA256 199b7586e0d25718342e3657eedbe81d20968759af4a8a63b04eb9ac6ee56d5f
SHA512 3cf47d3c13c752222a34a94896c005db96927c2d5d4c132655bd7a84bfb9607a0feeccefbfae8e98467cd8642c31d843bba4c6293007ef071d91e7dcfc8bf1b3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_RU_

MD5 fbd7c40aa538b758a4588a07e88ac57c
SHA1 af30b54822bbd0674cb1ea9a51be19b7a78d43b4
SHA256 4ff2f383821f2e77878e4e624aadda8d4fc942e54803c69747da41c9988919c8
SHA512 bb183fe4b7f197bcf1ef72b5095cf41065f288c1426b006a6b99873969592825b623eeec51642a98fa783f6d7817766747a3f1209c8344559d21614f12c58448

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_PT_

MD5 0dde45f225a4290e59bfb55c80d4a51c
SHA1 3ebbbbb509d51a7c8e5cf409068644ad5ddbc09e
SHA256 8acb93ee7331e6b12feb81102b435c4bc044c614ef0fb8e69d2a0116bfe33d40
SHA512 d250d3891165505eb1fb7c5d2ccad397428785e8a6bb689dc56b55f2313f4b11bf402132d6f34ab6e9192453c43b74915bd7ddfafaf1716a954ccabd8b4d28c7

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_KZ_

MD5 7a9698fd54deaf12679dfa246adf5b60
SHA1 e824691b404a9aafe617c9c88e2063aaa08794bb
SHA256 8ff43d0de20a9e37107bd6428d6ac41843fe4f8261b00b8cea5792b72e365122
SHA512 805d72d8ade2e2018e7dba83bfdc292b3cdc4dff9746e717d74f5955466e55f67f8d03076bf1a6c5f8be37e77f8aaf855044b8b28a0e7f39580dad009fea4e8c

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_JP_

MD5 eb6d55790b6164b73e275c2401ad0550
SHA1 5c47d0c866925eb05a4b59986921ed60f8a612c4
SHA256 61f5b2ef85394c0034cfb05b650d7f4d9d79ffa87f2f6448566929f27a11411f
SHA512 0d4915979764f168b320e5152adfc18b186c5c966a3d42ba02c81bd5041386e08a89c818aa79d1c76304a3c9a3971982d5c97fc0493f19c1f283a64317acf9f3

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_IT_

MD5 da963f528183e2c335b3523c5b5e667f
SHA1 1b63bc824508cc978916ad6ace199d8058ef53dc
SHA256 bdc01e40b4ac8d262d616d31bef7d8bd2784c918ec9ea76e2be929bfb554585e
SHA512 8e1dca38a869a00bf7eb86b4173850631b1085068da2b49a184ef68029e03b8fe1906d8d0df2f6a5457905570b6dad57191a8175d6581a50092d531bda672e73

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_ID_

MD5 2271cc49e222c5fd558572fe9d7808b0
SHA1 6dbcf76e96e67434b8b9f294a61d1185afd9cbba
SHA256 8a4d261a6344c0eca555038eab21dd54d68c3cfbbe6eb11e7792c33f12537d03
SHA512 f3c5b9480dda3b8d7d7c36e5b2d4084c776ddd92d3a1e8086b9bb447486060ba07fb3d7ad9c8a15421d19b82b4e61f60057e94da726e5c8a7362438fa8b1961d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_GB_

MD5 efda29551136fcc4de2ab4092ff02e21
SHA1 a911fb873c1221efd99e9ca330435788aea01a75
SHA256 c491c7db179d23b53ec7f378f280d971d7b96d738187c1377fed5bc8c89a652c
SHA512 e650b8b567dc658720cf74d8eb5cb6d51b4685f208232b9510a6b8739f8caa7f1d5e5e7b20a98b0b856ee56dce86cdae3eb7cf1b83974cb473011253a0af5c25

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_ES_

MD5 1c5d71e5a413ad550a08fe785f11d94c
SHA1 6c90db1ac6f5aa58202ee350f4e53ae3971be2bb
SHA256 e60f38def5e81c8784a6e09c61bb9577e3bba62a959d01a1a858f1ac30b61643
SHA512 5a74f8161ee5cbca1d935186b28d3650a6632be8d9b558996043decf0ebe05ab81af5ad8d94aa4632e370e596e9db9912c8e08bfaf0e1ef127c0cfd4d059b3af

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_DE_

MD5 4757da1b4ddb8085be308d987b150a35
SHA1 ce3492d4efa7f87e29c6b53aa7e3ac6d9ee95152
SHA256 9133f9eca9355387159ecfecc7158796305713c4046445d601eb5ded5fc0d3c3
SHA512 025d1e09494ac470f0cdefea6136d928d47f5f795f105603b43f37e43884e2c73da15757dc24f6793760bcc11501a2a4b3832a31f213c6751da20fc866ce9d72

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_CN_

MD5 f2826b7f3232265257d6efad0c443d21
SHA1 9da0d12745e199ac3f30f92c672b4dc97f35c75c
SHA256 cfb1791b0a72d00fde5675da5c041fc2de53123b5f5b2b2129237404eb8ba482
SHA512 4a8ac9dda75df8016e9b367b5d76afbab7f4f7f6fdcfe7f36d6273b7709fb992c377d21954a3665c234f84f640342b90161965e5dd09942ff8fbeaa8cccf7b8d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_CA_

MD5 f8495a109372348b2f3aa8fd41fac4f7
SHA1 77c42c500e5a0889ad83d7693c6988b091a45012
SHA256 3b5a77e2a5d9bd96d68ae95981d82aab133fca44110622fcf5ee7e12dd667ebd
SHA512 19126463e599d7a41a7b1815ca8176a7aac922ef39807c262ae15671bb49c0244e884094b361a20554c08e0aae028155d6608f080fd0d72ee12d36185ea203a2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo_BR_

MD5 6a8fa7f8a6893d052627cd428d1e3237
SHA1 81422d8c739a136967a6bf77167bda1afee1280c
SHA256 71e8cdfe763f3479b399ffdb8dacd136e118c52b9d980e75e97a41e592cd258c
SHA512 86bf094a4b2d7d13ac1d9d872458ca88cadca6744a638173e0425f4eba5ff624343de2c9b9ef38502174847e0b4f00ce768c7fafdf8e7f8a9ad1d1c2fb308d42

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\tablo

MD5 b8aca2f09f3c9ecbd1c848007c3fd8b6
SHA1 e81fc8e2512026f9df9a661529a1e7a9ce0b2ba3
SHA256 a3b688dbadf99ba57652809adf074bb6e441895d0035983fae33912128fdb7cc
SHA512 df4eae94ee9eee02ce2fb7ced9968d9f644369638ec1ff392a15a28c89e4ec112aef966260be4072681f87145eee1460db1ced15b61798e3955c10eed3454a38

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\sea.webm

MD5 00756df0dfaa14e2f246493bd87cb251
SHA1 39ce8b45f484a5e3aa997b8c8f3ad174e482b1b9
SHA256 fa8d0ae53ebdbec47b533239709b7e1514ecb71278907621ca2d288241eb0b13
SHA512 967670863f3c77af26fa1d44cd7b4fe78148d2ba6ea930b7b29b9f35d606554d664c0577068e0c26fa125d54627d7e7543360bce4acee0af17783b07450b5f52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\wallpapers\1-1x.png

MD5 80121a47bf1bb2f76c9011e28c4f8952
SHA1 a5a814bafe586bc32b7d5d4634cd2e581351f15c
SHA256 a62f9fdf3de1172988e01a989bf7a2344550f2f05a3ac0e6dc0ccd39ed1a697e
SHA512 a04df34e61fd30764cf344b339ba2636b9280a358863f298690f6a8533c5e5dfa9773a14f8d16a5bb709ea17cf75e1da6302335aa9120009892e529bfad30df9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_en.png

MD5 1376f5abbe56c563deead63daf51e4e9
SHA1 0c838e0bd129d83e56e072243c796470a6a1088d
SHA256 c56ae312020aef1916a8a01d5a1fc67ed3b41e5da539c0f26632c904a5e49c62
SHA512 a0bab3bae1307ea8c7ccbd558b86c9f40e748cdd6fd8067bb33eeef863191534af367a0058111553a2c3a24e666a99009176a8636c0a5db3bf1aa6226130498f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\sxs.ico

MD5 592b848cb2b777f2acd889d5e1aae9a1
SHA1 2753e9021579d24b4228f0697ae4cc326aeb1812
SHA256 ad566a3e6f8524c705844e95a402cdeb4d6eed36c241c183147409a44e97ebcd
SHA512 c9552f4db4b6c02707d72b6f67c2a11f1cf110b2c4ac5a1b7ac78291a14bf6eb35a9b4a05bc51ac80135504cd9dcad2d7a883249ee2e20a256cb9e9ceeb0032f

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_ru.png

MD5 ff321ebfe13e569bc61aee173257b3d7
SHA1 93c5951e26d4c0060f618cf57f19d6af67901151
SHA256 1039ea2d254d536410588d30f302e6ab727d633cf08cb409caa5d22718af5e64
SHA512 e98fbfb4ed40c5ac804b9f4d9f0c163508c319ec91f5d1e9deb6a5d3eada9338980f1b5fe11c49e6e88935ecd50119d321ce55ca5bdd0723a6e8c414e1e68e16

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Temp\BrandPackageTemp\25.2.5.953\resources\about_logo_en_2x.png

MD5 900fdf32c590f77d11ad28bf322e3e60
SHA1 310932b2b11f94e0249772d14d74871a1924b19f
SHA256 fe20d86fd62a4d1ab51531b78231749bd5990c9221eab1e7958be6d6aef292d9
SHA512 64ebc4c6a52440b4f9f05de8ffb343c2024c4690fe5c9f336e78cd1dd01ae8225e8bc446f386feb442e76136b20d6b04ee293467b21f5b294ce25e500922f453

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\25.2.5.953\brand_config

MD5 098faca683b8b0981cd1985bcae0e83b
SHA1 dd1a0956bfaac9e4a2ca01bcee213224ad9eadc8
SHA256 32589433fa2d8492f8d8d40bbfda0d00ae3aa857e2131fe297e8812d00d86277
SHA512 ccb279b6caeb5213f2358abaee480e9e6f8eac6d4e5ff389eb14ac0daf7f40d5f8d8fa407a0775032bd699f88116201048587eeda8ab72b7ce64bf369ea195e5

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

MD5 91c000f1c9155d8f543ac1f012f5d39d
SHA1 eb271265141e452ebc2287c653dc60d36dbac7e3
SHA256 f48f8f19a1e996d763289b5968c53fd07a031e430fd7f8e8ef2f31ac91af5a55
SHA512 009b2bc9008d05773bb1a5898dd4846f8c65e4c7953b56918c2e5416d065499d869bf858bff97128551e63a34964f155ce4841ea88d03ac88bb02f01c2960e7e

C:\Program Files (x86)\yandex_browser_installer.log

MD5 31d5cc9e9cddc1af11faa74c9593afd0
SHA1 d76b75eac0301cdabbef55827b40fb77bbb8feac
SHA256 03cae35929240c13c973daf40ae990c9f535b5ab53cc000ee680e223f9323a2c
SHA512 c0ea460e88ac974393b3d1ca378d7bb3ba038c0341917f0a0358589ed900f464f424bbcfb68efccbc733a023e6ccb707e246cb068bd6381a7ac7714e7835effd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 804d54676daa87f979d6a92a7a488ddc
SHA1 c82dd8106508000c222a699974609a62ac6293a4
SHA256 20fbdf9f2bab4fd5154cf07c3b6e6839f0cb74abc326b7cca10f7c25b3db6570
SHA512 f6dd881af9da552c563b5645dc7b887686713537bce0d3c08a6eda45f44336bc6dd340ce869397ed3b94e262d4a44b36ded3e5a8bef7043e07bb6543dc5b2d73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E5AF9A59B2A0198F537F5F6F7EBA776_57ABCF7C80DDF20409A123C0B25EDA1D

MD5 a356a4bc93f9a93fb44f7d93e0386092
SHA1 dcd3b98b81dc0dfea8b70063a2c7d3f16f4b5341
SHA256 d3b9db67871994c190f995d563e12af29d4196a99a67a4cd44f93984445209de
SHA512 9608c5d0e4e81f73106e6436efb65cb83a1781d9ddc6aaa7701af0017877dc99d9f33e46fc489ef8de06dfa49dcdac04bab0297f769198a8101d4f3a3258d79f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

MD5 dc4ef674729c69dc6f8ce01e7713951e
SHA1 5218e2fa77c1432e5369892c6a1aeb713f14899a
SHA256 87042a859dc3b2b263fa84ee65231e68eddd470b69ba3822ee16e5c28af2c6e3
SHA512 09ed28945f51d4b3a3f178f5c56ecf298a0a9f573ab6f731eae675235e0c2ea9cce5136045e03ea96fa4cc3f6d0865bfd55065df9251758aa922d1f92e751510

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D

MD5 0eaa430b224ab01a0c709f1579e7e93b
SHA1 5b9de61696d36a38974848124c125def7d3cd52a
SHA256 46113ddb105d6c3d7510b584230fde04f9144004334fd8a1cfcae7d473c54974
SHA512 e3f48f612a6e00a38808d07c9652e31d6ac8228a219a511212284837ea6191139c5afbd84942dae65475a243b1b0d86eb4687959e2df30c634e9c752e10f24c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dcd8a3eccfa3b080b522035427d5da9c
SHA1 0cc65a880867f2108d0e08dd90822f146b3ddbdc
SHA256 7c0e238dab5c4b9f0cb49d41c7d9452c009542ee3f47c7664a5b03c291401c03
SHA512 0c3615a9e128b221b3c69e30945545a27a18cdf2dc18b7f399e5a0dad4593b1642a4f45e17cfa894cd0df2792968a31960f3f393426ae930067c8340cbb6eebf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e16fcbba1b7ac3a2f01ac602184f27e4
SHA1 b82491bd3b1224d46a3c0ba47e90ff9d585758d1
SHA256 bb4374fd58237d026569aff309c5601aba1422fafff5c85ab1e8b2a72841daba
SHA512 6b4fd11f9792ca303f31f3bca653b4d647e8e23bab8149e48cd8f538d0bb5b0449c88d430dd98a47546976cc07d2ee962f5fa832b9c7e44462d65a856c3b60ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe589621.TMP

MD5 cc27b3e03388a4b7c2f58d7e21e4b6a5
SHA1 b54ea4747256ea9cd4f4da5007dd5f508ddfb28b
SHA256 d8e906a2e37b5284f4f0b656e6e835ec9fb9b4764df401a3b4c6201ab5acd915
SHA512 c554eb8996090b25faf2f47a07b293d32cd9fc4691d48eac7241b9753e3f45356eca5d54a1845eca8f89f6d9643abc72372e7a2451e0c54e6276ed8fb07dc78e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\Application\install_state.json

MD5 0bf9b3763a949593f332ea04c09f9e04
SHA1 3eaf3565f810877c76dfe3233234c3d7a2920489
SHA256 f3a90f0576e4779de2caf5bdf7a2cafea71a97ae7b9354af936beeecc87eb616
SHA512 a74a266920a6e8bfa478f315e25560fae9e9d6d399d38d6f49f37bf5594adf68d573d97822cf6d2d302746b3654e7cafd74d4c7841302940a95f82f5202d3b52

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\4bf94651-ccf7-44bd-9c2a-b72b7f86f598.tmp

MD5 549d276aa171e5775b923e5e14d4a29c
SHA1 e2dc59f9558afcf647e4e8caf2e5cb7bf87736bc
SHA256 fd20567aef67980ba32e9cb4979f6a620047d67b6a5d377a27a38967877c15f0
SHA512 e32074ac38b9f262aff7b415f6705cf7c6847f090b9ea3be6c1284fc79eb58f90add2b39b128ccba36af5636e9d545a6006c5e317db6aa9ad8a82928f31f0d45

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 ec2bc3b809757454b9d4d7425b134490
SHA1 c843dca5db11eefba43810c02776c4b04fb75e8a
SHA256 9851a97d71ea6fa84345bb67efbc74639407961803000fed97c4357ccc67944d
SHA512 7118aef10c47818cc9c2d1ece1a48b6458b05bbbab27e28df767646540817f5b132d42f82b4806b02acfe4922230f3e90383e519790ce0ea545afbf580516d8b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\f9518420-d457-4cdf-9d8d-fb47785747fc.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences~RFe589cf7.TMP

MD5 5ce9671d2e41f828c55605888b218655
SHA1 445c39e45fd1abe035030debfae3c88b7061d9e7
SHA256 4055c354e1c04ad0456cd65b8884681774217d9be0af80892752897a1c4e3c77
SHA512 b8bb6437236af99aabb9fc2b9244c94f7d9f4d0a5829918287bb696bb6d4ae6b708c975474ade0da2fa4604c92e31df6ce3eae213280b26c42336e936579b8c8

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 a04c509e350482421cce4c1cbf68e577
SHA1 bcfe0df3d8270c06c87526e27755614fd318d137
SHA256 649244db118fa9a3b437db186f26fa534315ac98597d7ccfa84e287e2b09679f
SHA512 7ed9593b6dc6a01a450318788134da1d100d9784dc94f07c3a3f80deba5fda793f1c0d9d78faf225f3fdb24ef6cce8994c3967ef64affd687287a333bc967b6d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\0b653c76-ec56-493f-881f-96cfec9a8a36.tmp

MD5 54497ce2271deb0e673ec048b44da343
SHA1 5f886314234b7aa6a4da5efc937a9d63ed007727
SHA256 3dcf052bb8050fa32f28873bb665f63f457799cb9a92549fb2dbea94014f929b
SHA512 d0d77d763b1b12c1b9d7a9a3f2aee4640ed5fb10d828b7c3c2cb051504c2b7b6438309124b934b346a4152c0aca009883d6bda42dc997188b8ca2736ac3419c9

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences

MD5 3d55081d5700612ae1fb4f2bc9aee8e2
SHA1 e192c118695aa4c9e435578a3a5a008474d9cb23
SHA256 b4b35f04ee88c95d1e1fece144b70ed87103375ed8f6398c12317642a804d8ec
SHA512 a747495044178e54ca2659605534630f800536f98cc6afdcb7122f56ebe72644cecf575b4490579853850119e55e4067372f99be9572209d52961de752020ed6

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Secure Preferences~RFe589eeb.TMP

MD5 423991eae8521aec09a7a961c878e843
SHA1 fae9b74f95206423aed0ed210947f28e4cc53692
SHA256 877c101919eeab749de66d18051b2029e5f3aab8575bb71eed4bf474d9c65349
SHA512 296ab711dbf06b89cb6f33a4cd526be09c78dfa8315d164f875b88e1f793441d7347d1834c3e050a9dfea80ea99e1dd01a5167e9bd171f580846d907ebc83429

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\GrShaderCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\web_ntp_cache\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\TurboAppCache\Nativecache\a1ee86e2-92d7-4da7-8e9c-a0daf8543812\index-dir\the-real-index

MD5 030bbf0ecc0626ec15944b67bfe16ff4
SHA1 3d6496679306957244d7041e2e1829cc9da94136
SHA256 7d32598a1137134cdbb8d3f4a644c0470613c4ed15615073df92bc01e41c6e12
SHA512 e67531c451ee4f735cebf7d445718ce235ccf09c4def93653368879e5bc46ea84965faf6c88dc54ba2e0dba75139c553dac091830f62ce4d300b467274703939

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json

MD5 1a06e08dfed875c7c748f64c025271e4
SHA1 59a6141df43098a3c310c1270a7ff7f0cef5835d
SHA256 43e05d187b826422c36e4c9acb77808bca80e7cde5b84a686b93eb2437984c97
SHA512 8c719eefed7204e7938525652ff9fdf70278bdcfe004cb8d2860a20545410f1833cc1af03b84a4073b520557a367bbeae996514d1a855da0ebfe95c6a600ad71

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\turboapp_db.json~RFe58a1c9.TMP

MD5 1d59a0a6c415adab506916c65a193662
SHA1 af5ad5bcca658cee30578922da38de57ebea9747
SHA256 1281e37e94ff1db893a3c5ae1aaf5f3d04448abaa0cc394c7485dbee4cdca616
SHA512 0ff4c4fdc59bc138b502e27146b9ac40803a6726d34a65d35e577c123d2f72c7b6fa324dce0346e32d6514a9388927cda49d852d44642afb54c4bfce970f2dfd

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\64.png

MD5 8440c3597e83ff1c7a7cf59556cf5a2c
SHA1 cb5f1dce00457d8475dae15df3dd71f66c43060e
SHA256 bf089d45819bf9d044583525c34ec0a1199fbd8ae1858f8d3eea07ee332b2a59
SHA512 5b00af8c7ac557c8bc2ec9f9afee1e91cf06c33ee3deabfec7dd4b382a12ff0a942f90c501c44e66b38f38e448b465fa55a8c74e8afbb357e3c2e1381aef4628

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\256.png

MD5 1535a76a498b65bee06ded1c5f50e4a1
SHA1 018661eeef38f3d500aedbfe207d832b0f90a42f
SHA256 3bca4e4770c35facfc30643c961cdd582df578fbe5c8dc4fac0b58bb11dd4e5d
SHA512 87005610e053dde9f81f2f86e41170b6470678a8dd6963b0bb979e1ae0c493c204f93fdc002a4cf76d17bf627750968802dd0773afe5d5cc6a8fbd4a8425f3bf

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\128.png

MD5 e4e50cc5b187d2c380bd98cda0ce9140
SHA1 4b9e71a015e7201eedec8b1cd51219b18e232eab
SHA256 b7e5aff778e8930f415ae444c9caa6fc4eb6a26bfee7d80603c6c69a645a2702
SHA512 fd454ffcbd68f1071dd5d54a221b3f41aee88be38b5acb63bc285d04232da9d13fdb9011a85f87c579043d7987f0863e6ec8b3ac1013454ee6bffa5acf4e67cf

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\96.png

MD5 4f2707f07034b3bff67c301f7e849d2e
SHA1 3c3fc972f9eb7b670d94b018356a78067851c2d2
SHA256 ef2af430071fedf5ca3a58ee3370ed517aeac8ed39860cb914c69730f9dec188
SHA512 1ef91c533c93ed39246514be9bb4817bc553f755a08c0f36d6f0f40c31a73ccc1003fb422e4ada109d15048c80abb7da2a13bc5a5557ea189bd528c1e3a9cb2b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\48.png

MD5 d2febeac064e50019485b7eed903fc19
SHA1 83d85f246a6cb8d55d7d159a82163cbca82a5476
SHA256 086dbea695a07a1c9a128e217c75f33feed49be7c48b86987928ed1286145994
SHA512 592d28728d6278ea1a7425122c88a556e4584107bab883915cd5a7414abfeec2f3ca6efa89b78147399a12943261a80f1931d721363e52e82afe0675a03c63a1

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\32.png

MD5 b2e115beeb708b1128414a99e1364795
SHA1 7133bd55ba21daa3a1309e89e4ae6add3c7e582e
SHA256 db9a7fa18af97a9ed6d6936b6661da6d5438f3580191a879079e444a1675405d
SHA512 3760e8ba321ea5265ec92340768b2f8f3247b97751f7998c48694e7890c3521bca126dedaa26272b0b570f2e4338e42b6f377f9afbe581ba7a7d51730379bffe

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Web Applications\Manifest Resources\fipcnjpflgbbjnfeonhlfgalcilbfaie\Icons\16.png

MD5 4ba9bff449aa818bd40d00277c088df7
SHA1 3fd8742ca57a086075239e1c2f76821177aac653
SHA256 1532cd8dd902ae80ed72d42304d8a43194cca7d18b0c993fa4ac938a8631b702
SHA512 8dee24d83ceabe5728dc4cd38f21de57ae7355db34818976d117adfe37e2687b8630d353dde0d5815354c63b75d960769ad151d0717213924b1a8a1abb406573

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Crashpad\settings.dat

MD5 0f4c0ffb7e3dba99130511338df01fa9
SHA1 0d2bd9647bd8577511d25d2905b296fd26349a4b
SHA256 c56ae312f0c238f437cc018459e1cd1ef9e7efb1cc39ceec9760ae75ac844c6c
SHA512 c715d880392adbffb42728f5f2ed5fc6f215a391d3bb05899f0ddc9a01e23f965cfe309bf21c02716e34cdd23e30530744b63e3124baadacd08af7fe0718a581

memory/5928-2922-0x0000000008EC0000-0x0000000008ECB000-memory.dmp

memory/5928-2923-0x00000000113D0000-0x0000000011402000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 e69b930626dcf3d7a6562841d881b423
SHA1 b3b2d6e9b21c676e9c6c2c356a82527ac59af2a2
SHA256 a6e3ebe96af4762865b108c6b38e1d677685d45c76cc47a9707eb723f44de958
SHA512 647b0c290791e63d03063715841dc056f9e53b741339915f0862e2ee3be7f2b54768e71e3bacc0f76186a74c081ad49bcc8031b399d6a66344543b2d6185d4df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81796305edb2024be5424aee01e4b514
SHA1 29896a9e5af8622433a76a52e368bd15216dffd5
SHA256 fa9bffb84f9737d518773cd7b8843eea42d9f7de8dfed7a728fb22f2c4f9e36c
SHA512 a76a87531da387a48ee52c4eac30530d582724934b8f87e36a1816dedbe2f8032f907afd82a416ab35342289088eb104306801e242f44103c9ed754d9aa4088c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 8feabdb87b20f0415064bcbe06df6f24
SHA1 1d15518341aca4dc1b80d0b44f63fc2f685bcbc3
SHA256 3505b71f1e1142b69db65223956b36dc0deb5e42490402e98b6bf49d77444042
SHA512 aeabcee879eef6cac3f08536bcbbad27ba3ccf55b1f1e58a9cb1722ec6a85664288befa570cc82913f2e2ff80d9f3623160b35ca67f861e75c9e4c1706f72994

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 c2eb3847fe60bb74bdacf30db7a76944
SHA1 c8ff71355e1328bc3d0a04c6861da916ab64b907
SHA256 a917bde527466bbaca164e099ba5925b2f33816adc6488424564d47927486ff2
SHA512 81b74d0fa66100c2d6c073a5ca6701bf32bf5a1ce66b6fdeaada1b128c71397973b24049008bf1e0bf45f1b76c6e3e9bd1dac0faad771b11c716c685dc2356f2

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity~RFe59042c.TMP

MD5 bcf1a42e5ae3d0059bd133be03665f16
SHA1 7d2cf1a019dd4249293c6ccdf46ab84c32a15692
SHA256 a0d86820621df7c243abf394d9c8ee41df118d96b1c297c07b54d7805a15c573
SHA512 cd119100cbfa1fc1e6db203dcd41d5225a89d24496e1999ef6a5d739cd3744372917d070b40ad37386ed9c6c584a693120ec7a439d8ef6cd9d6c8a9b833693b4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Preferences

MD5 fb310c1b74bf4b650252f47b4cd13ba5
SHA1 adc11e1ff65e141bcbcac5bd31013da6e8018978
SHA256 0b3a26466f7fcb9925d95dfa27a20b018206f30bb3f6e53ce20c83acd76368f2
SHA512 ac2cbb9de61f79b78361310190b816ffc17cfe7b761dd074d02865f1dffe24ea30ad3da46bf62c9de03f5a1636550f8d380d8dba8ce63bf08f8221922ef5b970

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 57c6583ea43509334e59759814ff08cf
SHA1 76e2fd65c0115debfba76134e29fd70e2fdb1bcc
SHA256 e219ca3067cda3b222151a886be13a9c724e2cd67c3d97b569ac09560d4614f0
SHA512 478c425ae393e80a1290d4a3697289f6e7dcc758bd9c1cdb12903f9dcad01e582d12b37e3114f07b8f8fee8d76f99f4a914a04fc7f44f68d5af0229211fd80a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 c977881bd63b4862490cbe54b296432c
SHA1 f8bf5c11bfbd6fb07af0db16379383c699949c6a
SHA256 aabd56b92398fa53a5cae0320417d84b9498d7558a354ce12a236f2b69f58275
SHA512 781885e26bfbaad5fac0afddf71e20b907b33dfd2d24d7dd466aca15a54f648b7d13fa81ec8da51924e5cc97bebfd3efa7b5453192823ef1979ff75579bc865d

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 585b214813902f41279363a8db4a0331
SHA1 3028d61cb7209cf725942921e07a573c190b2dcb
SHA256 227c2f09629a433a748468fd74234fcca0c748f35bfc2f9b2fe09ef150e7b266
SHA512 b49bf9c0ff93edf0a0af9245b6194913c53c6a225b02e6465f380d53e4f6104ce5d51a79695149b7094e296b30d9c06d172b29c10e4adf4b03a32595871136ea

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 8063621117cce7a62c661d2f1ddb91dd
SHA1 188c40f4021e5b63b20c4308b0597a4020234b98
SHA256 5dc39dd3aa40603aaa4c9d5f1b8a6c3a1ea3a383f44b515df23c1398492ade47
SHA512 60b5225c042e2b5e9a7b8bb5236689e68be9882c075c06f26bce5ec9f6fd9eddd230d0690ad4edad4c5ae3e94ad799c7ba87f7f6848b3cc135117e8aecfcbef9

C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\deny_domains.list

MD5 085a334bdb7c8e27b7d925a596bfc19a
SHA1 1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256 f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512 c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

C:\Program Files\chrome_Unpacker_BeginUnzipping2444_355376685\manifest.json

MD5 e7314184e67b4501f5048c2e5f181d96
SHA1 f741a8a1b8c18c8d4974f937ef589b134dde5419
SHA256 7bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a
SHA512 773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 50ae286f328f0d03cc5acf18cc052e32
SHA1 8a93f0825eed731d5c635b4daa089bb466c6bfd1
SHA256 e196925edbe7cc99bcb88280891ce664a72d13a384a19c3c426785c2340d1143
SHA512 ed4b63ebf65fca30c016318ed306fb001957d1933fdc214b974ad271a4b76cf0bcb881817221ea32ad9140ed2ab9ea6132ae07f0decdcfa1605bcde74543ccb4

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State

MD5 cfd79b50847ad2654cbf22535a945ecc
SHA1 ff856673ec89db2ed32c9f02a59da79d1a07f035
SHA256 59e19bdd38396f6b53a1dc45d40200e82f870616e488523bf4c5692c2313dde1
SHA512 ee43ff6d28082f795f26453328c4d94bdadc2908b88b4956ceb7dcd98bbd2511ea59fbc5bcd9b5847e36a0976bd389dcf08547423b1dd8f9ae94f23c7201f288

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\Network Persistent State~RFe59b4fe.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 f541cad788ab9249a5630381aa2b6da0
SHA1 e09d3a23b11ea0ba8ea4d39e4ccca3ec3305c116
SHA256 d2ae77bbd82f275074c99d940559836e4693796c0e385acdca8c633f048d3916
SHA512 541be9bec78ca6d2c02db94388bda0997c7d3349a7fccf10fe44ad6281b6a6b66809a283a68047304ff88a7c842867752f8c42378f9784950ba7f4da1b58cf7f

C:\Program Files\chrome_Unpacker_BeginUnzipping2444_619473589\manifest.json

MD5 15b69964f6f79654cbf54953aad0513f
SHA1 013fb9737790b034195cdeddaa620049484c53a7
SHA256 1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd
SHA512 7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

memory/5928-3240-0x00000000113D0000-0x0000000011402000-memory.dmp

C:\Users\Admin\AppData\Local\Yandex\YandexBrowser\User Data\Default\Network\TransportSecurity

MD5 5f16c93e5894b20d4c771fd9ff389cba
SHA1 81ae05201829654c584fed8a7ebd80579f696be6
SHA256 b2ef034aabcc5c7528f6ee6739f2bbb53bbeee63889cb060eb0707033f579e65
SHA512 06c05b266f70bd9ab0acb1f2fe719f1d443da51c3789e97b3573a46eaddb1ca80f1b8c918fd045f2a1972decfebe712600ac5a72e3c4703af80c48e02537447e