9098f0f0569a01c61fd82b91aa02634295b6adbe8d2a95e57db0eac666f6f16f

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2023 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Yandex.exe
Size

4.1MB
MD5

5600b8bc13cde04b710bafe059d3435d
SHA1

f6fac7d7809fe8e2a192483635d9f41f6cb6d497
SHA256

9098f0f0569a01c61fd82b91aa02634295b6adbe8d2a95e57db0eac666f6f16f
SHA512

01ff62a69eb590e7db293cf5026e44c71d76deae27de2e1f04f9d011385cbe127ea696b19a1191a3fe9107a94c8f75cb24c7b32275c4eaf4077631dd6b40aea6
SSDEEP

49152:XDnaVVMzMvkMUzM3n5xlekY+r5u8QeKxFOJxdb4vZKV:DaVizMvkMUg3n5xRKdzOJDb4v+

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Modifies registry class 1 IoCs

Processes:

CastSrv.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Extensions\ContractId\Windows.Protocol\PackageId	CastSrv.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

3812 msedge.exe
3812 msedge.exe
6016 msedge.exe
6016 msedge.exe
5208 msedge.exe
5208 msedge.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

vssvc.exe

description pid process

Token: SeBackupPrivilege 5344 vssvc.exe
Token: SeRestorePrivilege 5344 vssvc.exe
Token: SeAuditPrivilege 5344 vssvc.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Yandex.exe

pid process

3708 Yandex.exe

pid	process
3812	msedge.exe
3812	msedge.exe
6016	msedge.exe
6016	msedge.exe
5208	msedge.exe
5208	msedge.exe

description	pid	process
Token: SeBackupPrivilege	5344	vssvc.exe
Token: SeRestorePrivilege	5344	vssvc.exe
Token: SeAuditPrivilege	5344	vssvc.exe

pid	process
3708	Yandex.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1472 wrote to memory of 3900	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 3900	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 4380	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 3812	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 3812	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe
PID 1472 wrote to memory of 5136	1472	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Yandex.exe
"C:\Users\Admin\AppData\Local\Temp\Yandex.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1e7786a5hf059h4772hbf27h4d946498167c
1⤵
- Suspicious use of WriteProcessMemory
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffa94246f8,0x7fffa9424708,0x7fffa9424718
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,18217312150552403743,9719474771724375407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
2⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,18217312150552403743,9719474771724375407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,18217312150552403743,9719474771724375407,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:5136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault174cc8b4h5e1fh4c35h9ddbhc4cab85dfbf0
1⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffa94246f8,0x7fffa9424708,0x7fffa9424718
2⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,13026087977334305386,8635553294522500855,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
2⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,13026087977334305386,8635553294522500855,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
2⤵
PID:6076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,13026087977334305386,8635553294522500855,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5144

C:\Windows\System32\CastSrv.exe
C:\Windows\System32\CastSrv.exe CCastServerControlInteractiveUser -Embedding
1⤵
- Modifies registry class
PID:4956

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault637c5e4fhc816h4e8bha4bfhf3d410c6124f
1⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffa94246f8,0x7fffa9424708,0x7fffa9424718
2⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5469797600664336213,1776415987808952004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,5469797600664336213,1776415987808952004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5469797600664336213,1776415987808952004,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:2200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1222f8c867acd00b1fc43a44dacce158

SHA1
586ba251caf62b5012a03db9ba3a70890fc5af01

SHA256
1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

SHA512
ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
df349528da9b3c5cb8fbde0461f7d296

SHA1
f54bb4971f7a5adbd9e55f58a4d50ef1cc4aa1a8

SHA256
78812a9ccff0cd0806c0cee28cb1b4976049c6912e6cff0e67fd12f4d7119261

SHA512
fb192d8abc14e77cf7c0fec1036d4ebf5505ff8733c3e35123e4913c8f30de0cd6b98a8e934fb8e19c33f16a3dd2c1f857e3744da198363bfb0c1e00e2c5273c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
df349528da9b3c5cb8fbde0461f7d296

SHA1
f54bb4971f7a5adbd9e55f58a4d50ef1cc4aa1a8

SHA256
78812a9ccff0cd0806c0cee28cb1b4976049c6912e6cff0e67fd12f4d7119261

SHA512
fb192d8abc14e77cf7c0fec1036d4ebf5505ff8733c3e35123e4913c8f30de0cd6b98a8e934fb8e19c33f16a3dd2c1f857e3744da198363bfb0c1e00e2c5273c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
2f2b1fc1553780154b0c255c3b6b63ee

SHA1
77f6bd31a10fb8a9c84a0f4772ed3351f7149b97

SHA256
33c78905d9791fbed76140cce3262ca077c7c5b02a920cdaf51f433785f0eb1b

SHA512
d97d4c132cb4736ba5a8b78d9514fb0d6986573f8051402a46e3211d73a0359aadbd882cc4c5cc74740cc485ff0cc8f05f428fdce7876a5e2b6cec2fbd255d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0fa7cb09618e3a7d200a0f48b3304fe2

SHA1
75ec1f06c3ec87f032f62496e068681c98fef856

SHA256
f9155863ef1ff47d3aa317039bb77ab272137d143a4aa4b58c886f7e1c94f9d3

SHA512
da3d480a2d4214fec827dfd263cb3561195c04cdd42538e23e814085ccc99b5042871e4621e1a88e415f7ee7cca1331fccd3587ed73a4a48ce28cd9e271d5db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cf0e9be07df01b38958329100b331bec

SHA1
34c8eaf3d8602d1ae1aa4c2e479b3c836319121f

SHA256
e90af87a9665ccb0ea390a705727fb2121f708add6eacdf3a796f4d92da219fb

SHA512
84c4711016780b2458626f5f7d5a1bace3ae43467e3334f0dbf8344e2685a0e5332bbdec6111e853b6398b1c9778e393daf4fc583f0f69e2155b5267ceca0198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cf0e9be07df01b38958329100b331bec

SHA1
34c8eaf3d8602d1ae1aa4c2e479b3c836319121f

SHA256
e90af87a9665ccb0ea390a705727fb2121f708add6eacdf3a796f4d92da219fb

SHA512
84c4711016780b2458626f5f7d5a1bace3ae43467e3334f0dbf8344e2685a0e5332bbdec6111e853b6398b1c9778e393daf4fc583f0f69e2155b5267ceca0198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
ac6c543f62e2f53451c15de60cfbd467

SHA1
56ca0693dc2c1bbea9e574cd86b011082b77bdac

SHA256
06a3dfc3e1f0c46a589f43386ec06483969755b22f95661e6f2dd0d9f0b1736e

SHA512
6f51ba93e374754e0b1d91bdea81823ac6be969df82bce7d2a15effd3d78ff93e49d591cc6ae083e41aff7c5853fbb6dea0557b8f163e5315922ff29304c7d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
1153a77415982aef3373eddfee5ec576

SHA1
d6bb7519f408c8618c55329e1fda97854f271faf

SHA256
a1540d340a8d79ee26d9ba0f8267304138ad30b2eac31336ad9d2cde9832965d

SHA512
2c6c893176decd12ffbd77bf4d025e70aea4e1a7bc51485a970b2b028308b7bf0e3d94db85f3f6a62929c08f2f13661f334bb882af3d263be59db0e7fbd071ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
ac07e4e7baf04c7eae162ecf3e85182e

SHA1
e20aa930576453105baae756ac222df871f0a8c3

SHA256
3905192d4f843584704dca9c33867766c21ee01f03648f0c2ca604afb3fa6b42

SHA512
24daca3984ab684cd907dfb0238a1734202931b73d39e25eca2ef59521fb3d9b6b28c1d839fdd9ae3598dc2e0748016bc0890d511bebcc10b161bc5a842bc114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
1574dd55399c57aacbdc21d9be847ed3

SHA1
4591db26d8f9bdab3573e7e9317aedc189734b03

SHA256
b381ab769a2b5988e91d21211291458aa78b084c7de1e403a647aeb132a6b08c

SHA512
b5d43c74037695e8e75a45a13b91c002692bf1f0234fab60e89fb4d10672f02a344bdd4ec6a7ff0301e5a954cbf9e20f60c8247c16ac23df83bdefe9ade1da10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d9cfc377-dd08-418a-be60-993c6223e0b6.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
65956e960c149d8628cad3fb4586b692

SHA1
d324f8ff5ff7c73adf3ff2c40a26d3a59a66a300

SHA256
c7c8b9d9006eedb981128dcad34357a33444d43b6a952fdab5c663527cc6f9a3

SHA512
9b30fc37c1e1ea3d303277026e67022f3d2c0312bf61c077ceb8bdfa8e19f230619fc4e29765d03ccb64fa446b98f0a85bf93f7c081ac6b7e9922772cab07e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
58430c2d04e4cfa7f991513d7c3b8a79

SHA1
6df87270bb52894502d83c000320321e27d655f6

SHA256
e3336f9319cecb586dfeedbd2364d4cae7c3410755e9a5b9064bca329a01d22e

SHA512
271ee118bce84e11f93f08be94ec4310b9ffc0b822de5dd6635f59b12708739a13be05357e5565148a143897696b2e597417dda91cf7e3b11abff9b9b52494e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
65956e960c149d8628cad3fb4586b692

SHA1
d324f8ff5ff7c73adf3ff2c40a26d3a59a66a300

SHA256
c7c8b9d9006eedb981128dcad34357a33444d43b6a952fdab5c663527cc6f9a3

SHA512
9b30fc37c1e1ea3d303277026e67022f3d2c0312bf61c077ceb8bdfa8e19f230619fc4e29765d03ccb64fa446b98f0a85bf93f7c081ac6b7e9922772cab07e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
1fc334445e31d595b46f5f96c90a02bb

SHA1
7ff87beaf55e85a03e50d5ad83b6035e4805c7f5

SHA256
7cdf83aa060028dfc44721fa57ee3f92e6c18a5b6499d80925c1ed0b5e610e1e

SHA512
635ed689a2ca6ea1809e7fc5ec8869c37f9778e208304f78d89a468c4336246c1a0e799bfa1c664ca7dab6f4c880f6b74f6c238d30042317727a7231a301dd4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
58430c2d04e4cfa7f991513d7c3b8a79

SHA1
6df87270bb52894502d83c000320321e27d655f6

SHA256
e3336f9319cecb586dfeedbd2364d4cae7c3410755e9a5b9064bca329a01d22e

SHA512
271ee118bce84e11f93f08be94ec4310b9ffc0b822de5dd6635f59b12708739a13be05357e5565148a143897696b2e597417dda91cf7e3b11abff9b9b52494e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
Filesize
5KB

MD5
97c029165fd344d4fbcd19d326d7d537

SHA1
e1fea9e14dcb5264beb69109a84dcfa7631ccb5d

SHA256
3a6eee5b0489f076887d5df6f4ac6a7a5195a2cb2e09f550931d692c24fa6e99

SHA512
c3409a17a145a34ca318dba9049a179d669f7df1074d920166e730676578caa9dcbd0747dae33a891388c45eb7dff907768890be231a73730cf674227dc1cedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log
Filesize
5KB

MD5
97c029165fd344d4fbcd19d326d7d537

SHA1
e1fea9e14dcb5264beb69109a84dcfa7631ccb5d

SHA256
3a6eee5b0489f076887d5df6f4ac6a7a5195a2cb2e09f550931d692c24fa6e99

SHA512
c3409a17a145a34ca318dba9049a179d669f7df1074d920166e730676578caa9dcbd0747dae33a891388c45eb7dff907768890be231a73730cf674227dc1cedc

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui
Filesize
38B

MD5
1836835c6e38034f8972bee59ee4ad39

SHA1
37c307aa08942a6695b947ccc05741ab28fca593

SHA256
c454d1e2a675a6f3773953ffe1fec5f5534388ec6911b26cb9fa07f831a189e6

SHA512
c96ed94103ce8bb4b4cadac5d534c878ec696a86f6d521ce6567cf07ea612207426e5ff5b22784475eb4c418dbd4f8e793b964f223b9b7c6f181c36432b9861e

Download Submit
\??\pipe\LOCAL\crashpad_1472_SODBQNVCRGQHTRNZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3572_AYAJPVMIDOGGQVFJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5704_LVUAKDZGOMFOATRR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit