hxxps://lassola[.]com/products/arisha-pendant-light-tir-circle?variant=43469534396639

Analysis

max time kernel
106s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lassola.com/products/arisha-pendant-light-tir-circle?variant=43469534396639

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2276	msedge.exe
2276	msedge.exe
4592	identity_helper.exe
4592	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4916	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 880	2276	msedge.exe	90
PID 2276 wrote to memory of 880	2276	msedge.exe	90
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 4968	2276	msedge.exe	92
PID 2276 wrote to memory of 2268	2276	msedge.exe	93
PID 2276 wrote to memory of 2268	2276	msedge.exe	93
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94
PID 2276 wrote to memory of 1292	2276	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lassola.com/products/arisha-pendant-light-tir-circle?variant=43469534396639
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9565146f8,0x7ff956514708,0x7ff956514718
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,6550816564458633607,14772741483077111671,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4284 /prefetch:8
  2⤵
  PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e9c9a5314252fe5469671696b1de6584

SHA1
52eaca4c5ed61ca7d0d04501f11839ff55e95634

SHA256
80a236883480eb8c426b2237cb2fc8d2c984aef1781aa9803ca6ddafa14e8590

SHA512
6a0d84a75db4050289f2e629220cba24186ae4862ccc65db82fb60e57950f961cc65aa65ebe1b795ddacdf65dc253e080ceb3659f07f1db97c2d7bda6b1fa7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
7e807aa81f022805f689082a934effa0

SHA1
ee72bf119e87c6d946f39dbcb91c0cb9ec5b8ccb

SHA256
8a442c740f425f216fc50a221171f7b2523386ee703b89492a36ae7edf8f3573

SHA512
ecfce4c5996e974228e23f75bf97e2b992d833c3ee2f848a583c2ee8ca6f8000b1335ce7ae1456cba99b96ef02d1dbc6c36ecb1e692221015a8a5fe523a246ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6280a9f3d71dc0df5f27ba1a3f2b6e8b

SHA1
d09c034a1bb6c1c70739a605288a8a661e9982d5

SHA256
9914c387b3229817feacb8c0964dbfdf12ce62eb76228c702066b36a54c2be94

SHA512
cb5d68096d48b837f25c52a96e49d3e2f1df44695e3288a91b5471dff03af2da3f58e99db56f307efbf072fd2f8e89b1cbba28f0d4d8dbc871933c565a0d036a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b744bfc5c265ba97da079c4bdc57de3

SHA1
feee7c2b164068b25e347ad89b98a05a0d40defa

SHA256
a4ebb37e9d6eeb438337a022d353d49b065c08c165a3d7a722006c627cb357a0

SHA512
05e574ddd326998b54113442cc2842496a45da0be0bb7400b985ab5a3e992d24ee9162a1663d1b7904f5f9c6e6a152246ecdcd07653498adc1d4e6068c1a9791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6f08527a561bee153ad4e3c2a706ce16

SHA1
0709fb8b76b4b7b2d15d0758b3815ad656d818c9

SHA256
66d35e554a57b852fe194426ffc3529ecb9d1e31a69a5a6b886d9c6a806f40f9

SHA512
73b95a45f3857fab0c10222e084ecf598eb9fe69cacb8605e43ba40a7e2f1f49e0c2b9802b88559b782c9a86b3299a8fdde350f6ac45874a9788e4384b506fa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
131333fc0fcc451797c77d5f65127fff

SHA1
897cd1c1b36cc6db4f5fa2a660df5cdce099fe83

SHA256
a7943e8ac280402fd6bd22490989a96aa546eb36cd182350ded4887ad4b87788

SHA512
6129518a91a22e62a51116bf5b6f3ed20dd3324bc2e9e73741b66b8a9ec806fc9a28a6b87dc7279050edfdde5229cf921e5662bebd6fe7a0d398ff66e3877727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ed25118cf6165caf7588044862132a0

SHA1
337144788326a3811fa1d302a0205a9f2bed19b3

SHA256
455e272c9a2caa26e3fcdbb53908b4bb69ff57602836f1c140cb566090dfac9d

SHA512
137ac505557002aec68c5fa232d408b0ab12217ad5ce22e028ddbdb412dca85cfaa590ffc6379a1c0cdb63c9c830a8236495f1c96558d4940cafc8739f4a2a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\69e07feb6f777fc64e815bb5c265ceeabf2e3396\index.txt

Filesize
86B

MD5
a0a695ddd166078b23156f8a39e5767b

SHA1
70e4ec2dd72ede75c83e93d92fcc0cb1cb43bfa5

SHA256
6e8645c8c4ae0d147d388418c1ea067130481b6b0eb280148a556a9b52ab0e85

SHA512
25db41c2652ddd9a001248314584bd154eeb94c326e4662ec8c7402d19a8b89fcc30c076a9e805a0c47928dcba6108a99cb4ea1a6c4e367648dc1152bf7948f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\69e07feb6f777fc64e815bb5c265ceeabf2e3396\index.txt

Filesize
79B

MD5
8f0df1fe873d571664ff3807025dc2a8

SHA1
94eaa115727ec10618dcac19e2ebcda0ac6f98c0

SHA256
ffe44feee87cb7420011fd54114bcccd1ac18d9a14fbec0ec635f9cab9af6508

SHA512
88856c11440e69b45dcdf5bcc885d939b49d70928e2570dbcf856e4b97ffcd2ec7ee1ff9f1112e5b465cb93db0260f281d83c3119174acb0d3fdb9c6f92fe116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b569e11fbd507fd8eece74e06ce7e938

SHA1
ceacdd64d59f324618bc62bef5b690e19763328d

SHA256
5439013d5c621074ab513a01cf089c2e6a0be20c03b7e1fefc8fb59a3138a595

SHA512
d6ef50c7c00303f085d9394ba75524e583c471c9b149150918752cfbd8a744d6b52291bdfef5216b7b3b73d6aa7a28d9fc0e8a981b1e7e4daf83088a65f9e795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5e8b5a20882cd1bf99fddb40e4322b35

SHA1
949585aa9eaa5dd3cd7459b73a87ddd45c9f9bc7

SHA256
db0ae84d22da0810d37c0a91cf1385c9b15656aed42251e413354e1b32bbd076

SHA512
7975ace7be8501910c95a0181ad21109e11ddeeee26da7c812d22a3710e81616f4c69e5f08c55672a6833bf731c3610ad086e10cb6830e260b19236c8855c9b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a5bf237cd3f00e7d059b6ffb5445558f

SHA1
5fc8c00a1ac50573f7f0754392501bc1d7f47ebe

SHA256
90dab57ca1d953e5a9e22e3310d266a571a7eb5c5e05fc6777791b2729625d87

SHA512
66aae5fe48ad8e18085917389019626fc794f631870812bdc72065909db2a56753dc6adcb13630fef3ee129fc53cc5319104f99db62503092f8c59deb0ed8ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b99f8fa81ca8d061d8d1c1be379d8d21

SHA1
2a97b97ef4a93ec7f0673ff58dbda660bf5fe9c4

SHA256
4559d35850af828114bd37386f94c699aa031b543df97770f6d04205741db68d

SHA512
ffd2e1debb23be625acfd7fc2f9a60a3b70133b907a84aa9418f3b73200ccaa9f84d066c40efb2c4503dc7ae3c600c2b68bf2ae7f9922bd9c7fab6c08a987d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f9bd.TMP

Filesize
204B

MD5
77b1ed9df210d5d100f50378b4c761ae

SHA1
a74cf58a873bdafb2c55c4d6f1f83f5ae00a82a7

SHA256
a17f0fafd36238fa0c83bfef115f5442acbd86168fd42473384c4dfea67d56ba

SHA512
7c747198cd3bf8d92a6ea2e3f446ed98660194119a6d72ed66bb8fe9cf1ffbb8f2ed3ff50681857e77e4c8fac9e27fdfb7f22b1eb71066f1d6c2fd9b21cac458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b11bd7d0-811b-4f22-8c30-701bce6cc003.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea98ef1c-3ee8-43f1-9045-e11bfc778744.tmp

Filesize
3KB

MD5
1d96a5f4887e99f58986925ba6150a3c

SHA1
60876e9b2d73777a81699ae67de51f7adaace293

SHA256
5299b097845032518703166606f271e695649e29a89649cac7aaf26d6a7b6d42

SHA512
5adb0ed781b0337a485a7329f1ae302fdffc5d0fde3e64da615c4c7766acf12753ac111094073acf9025d1db7a054e579e64f105b9d6a275b7c30b01045bc796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
e6945dcbfd991083ffdce0d4e17cb37d

SHA1
242d418e8901e04d2eba555b43871b96c34f2e38

SHA256
9e7b94ff2c7e61a1d5d646e15127255ffcc22e56194cbfdfc7056678dcee7453

SHA512
1634cf018bb9dbc1f98ad561c6ea7d6640f83892adca70292c30fe2eb6b0e5d30f86fca92f01f70d416ff2109040fda032e53c89eef04f251f0e7e06e7ab7913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
22d47f9c3f0dd37fa0334cc6bac10ad1

SHA1
282df3c5e824a5d18130eb068b2914d7f3134cd1

SHA256
32fced6124021f62a43ea00d85ed72d92405a5261f76c978c4a0bea074ec6fba

SHA512
0d0355e6ab518aba0957c64abf9663806b68f9459532f27de6788918cd14599ef3229825ff72b222f92add4f65256b1fa9b5bb20c943909d87b0a5aa34f623f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dad70b35c88f93e148b0e3e35919ad28

SHA1
8b031edb29761a71f055b7dd0aa809d29853d425

SHA256
fa7a71743a6ce9e5e3a30b5688105cd982b6452813119cd62f00de9f042a7276

SHA512
7c5684b35f2d95513912d25b266818162696b1d01c06db051af1363a345e426a8173719a53157f81b9ee42469bf63ad91ba28549d2c857a017d600ea1062c134

Download Submit