hxxp://www[.]redlights[.]be/

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25/07/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.redlights.be/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
1612	msedge.exe
1612	msedge.exe
1544	identity_helper.exe
1544	identity_helper.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe
5880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 3820	1612	msedge.exe	85
PID 1612 wrote to memory of 3820	1612	msedge.exe	85
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4568	1612	msedge.exe	86
PID 1612 wrote to memory of 4480	1612	msedge.exe	87
PID 1612 wrote to memory of 4480	1612	msedge.exe	87
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88
PID 1612 wrote to memory of 4076	1612	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.redlights.be/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c7b046f8,0x7ff9c7b04708,0x7ff9c7b04718
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16145993547915975554,12086337677945993058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:4420

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8dc45b70cbe29a357e2c376a0c2b751b

SHA1
25d623cea817f86b8427db53b82340410c1489b2

SHA256
511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a

SHA512
3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1790c766c15938258a4f9b984cf68312

SHA1
15c9827d278d28b23a8ea0389d42fa87e404359f

SHA256
2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63

SHA512
2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ed951afb801f7d452be608067909383b

SHA1
bf60b50f276c971e3c0238524c61a7ef559ba421

SHA256
0313ab3160327ae5ce491d2b12dc2a286480007980b1df7abe1f32e6ec233042

SHA512
ccbefc89cdfc2c00c1a7cd902eedf0961b96b6b1dcb011042030b0cd564053bcc46b54015f191305fd42c8b7f1cbb18b6f1872ce73152cb54f0a26f03b781cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
775aa8a34f32d6a1b6867fbe26ca70bc

SHA1
5979acd79f16e1dd09e8a2ddbb03dcbd0088ee71

SHA256
62048438a0649d723d1f527a6242873f125222d3529b1cf3a86d549f8275d614

SHA512
d5710f19db026a68f6b7dfcae52c7b6730cfe188145cff568c1612a26faa3eed95325e941b5ad0abdf0aee8748ca3dac75b9e8857bab3df5dd1d283f21add6e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e69528a53359d194bbe6933c6e3a362

SHA1
475f34a907cc8b1bf7c9c3d82980f2c16c09e953

SHA256
1d57c2a98578a42523d4469538740408a5460d23d2222e74e93a0c761bd0cf8b

SHA512
3cb09075eb1eb4ef9c2b2a27756279df3e74ac14168a1d34bcc81d1022ddbea6e333041c788f3d5a868f2cf459949b27ddcd953d82ab24ecfdbff1091a646138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c327ed5d7e67afad49b1cd32eee1901

SHA1
89fbc987b30ab6a5a91d0453749830d4e734dfce

SHA256
9e7633bff8357fa940ac55c623ca6bae89e12963925d391d219da5c3821ff2a3

SHA512
5232e3e27f39a20bb4c470b7b7b15ec01da8e7a5c113e056e3e10d5024485624a3b366736007956e19810ef92c93d0ecbf9d60d728b92631d7d89b8f9f851794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
1f61740fd2a5da403b6901dad4b10036

SHA1
061fafac1e3fcc18675714dfb39745cb83e9ffd1

SHA256
fc4b6ea2f001cb8b953906907d62e84c2dea6c2881f15ed21001f5ff75d96c4d

SHA512
b15469351603a56f0b385c9518d6a934aff70463c0bc9eefd327302a951d7ec3ec513d19cf2ec8a69f1b63dc5a70e23149443180853b096c51c521c10eec122c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
98d45f4c363fd8fed0faacf3bf5c89e4

SHA1
15b01b251bb5ad0a104eb153eabeda6b0d4747ce

SHA256
2ac9118a771b4cac1251ecc0ffc8970f486045196f47a08be2fad95682f4cda5

SHA512
a84d3e859058468d2b2dd14e18570b61254517ac5e0d0877ecc3c685e97fc4c58f0e975971e32fd2925137f354504d46433c85777f458f7c42f7ce4420c38e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
c840f817ee04f80f4771deeee1f9ac86

SHA1
c07a77487f2264cfbc131e3287690a59e90fe095

SHA256
8ac95bf8418d2e2c863d6c3176da283e30526589a4f82eda8c1433d094d4cd54

SHA512
726f03ac66d42d86d2db0dece92a2538de70cc1dd78851dd882444c4aaf6ac338f0e552a0fbd74b902656014aa2b0644faf8b75b76de1ec72ed97feefea57c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
4ae37f4b2036a775d5da94a230c445b0

SHA1
273825eeca097ac98126a23a6c7f0601af02c476

SHA256
96d286c931751e359ad21dc548abfc2d935e87b54f537677b14f3c2e2dae4340

SHA512
cf80d4e0a1aea9ef1fa93d696746e64f19b0f09e728bf2b5fd4a05f15877e2cac5ab63e267a59fbd2a5c439a59fe121d0d5bc18c33b5d8d29807141b78614fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583da0.TMP

Filesize
536B

MD5
6e575414b58165fc031839d29f2a712c

SHA1
e754fdef01ad71ab63482283f794c926d2f0d030

SHA256
203dc6d2644dcb16b8e55a84d2d8d710cabd1396530e41653c4e05a01588304a

SHA512
3524678aa4ba3517dcfc9d82c4b53619609cbd6d2b4ba42fe8c8420121f91c30c8661d67d236f44456b992eb3da48d440a9efeca1fdde2d3b5cb56523f5cdb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ac6975bf523f08ea4324617eede5132

SHA1
075f2a8bc92d7d371c302e1b5afdc8e9fd0aaced

SHA256
94c63b33cd9fbda54ec009c489fbd71a95e9ff0101cdf1d63d4df7fdb066850e

SHA512
55db6d706c87b441cb102edd91e64d55b5a64139c9af3aebbeed52447c4ff48e7bb72feed0fa3019094223c69de12da29b92ed2fcd8e94083fdf81003abca201

Download Submit