hxxps://lp[.]rosenhebrewschool[.]com/lp_rosen_modern_hebrew_different_levels_ppc-en[.]html?cid=86892&adGroupID=101223&utm_source=google&utm_medium=YouTube&utm_campaign=HEB_EN_GGL_YouTube_In-Stream_CA_High-Conv-Geo_All-Devices__2021-05-23__86892&creative=532927010827&keyword=&placement=youtube[.]com&matchtype=&adposition=none

Analysis

max time kernel
146s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lp.rosenhebrewschool.com/lp_rosen_modern_hebrew_different_levels_ppc-en.html?cid=86892&adGroupID=101223&utm_source=google&utm_medium=YouTube&utm_campaign=HEB_EN_GGL_YouTube_In-Stream_CA_High-Conv-Geo_All-Devices__2021-05-23__86892&creative=532927010827&keyword=&placement=youtube.com&matchtype=&adposition=none

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3040	msedge.exe
3040	msedge.exe
3704	msedge.exe
3704	msedge.exe
2144	identity_helper.exe
2144	identity_helper.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 4768	3704	msedge.exe	84
PID 3704 wrote to memory of 4768	3704	msedge.exe	84
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 2536	3704	msedge.exe	85
PID 3704 wrote to memory of 3040	3704	msedge.exe	86
PID 3704 wrote to memory of 3040	3704	msedge.exe	86
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87
PID 3704 wrote to memory of 1448	3704	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lp.rosenhebrewschool.com/lp_rosen_modern_hebrew_different_levels_ppc-en.html?cid=86892&adGroupID=101223&utm_source=google&utm_medium=YouTube&utm_campaign=HEB_EN_GGL_YouTube_In-Stream_CA_High-Conv-Geo_All-Devices__2021-05-23__86892&creative=532927010827&keyword=&placement=youtube.com&matchtype=&adposition=none
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe57b046f8,0x7ffe57b04708,0x7ffe57b04718
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6091504314035406498,9321996999676824165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
43e999d1eb6211e112ddf738196a4c04

SHA1
2e1ed0a9751cd1408795b49de3fae5f8e85552af

SHA256
64ce812cfe5cac1317cdb8bf5df84a358b3cac4735d6c781daea14a63da6d275

SHA512
1069e7a0c5b3b3414e40141ddeced720643ae896073e582ec9b788509a68f59d93fcf13fb049fef142e9ecafc2f885a9c4d9140fb39a1b275931a4f31e8e30f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
47f4689cdb57ff02a01410c0f052e5af

SHA1
ace436b6822a289c324b69ec95a47d25f682142a

SHA256
9fbfbbb3d198c46fb84ff164c71ffd2efe46b31a919c4fd51cb7237a2b115b49

SHA512
a3272df2cc18fbbff426b4e34c10ed52db0243f87c899979560a4b8b94d607f30fdeae44d32fcce1776455454a08653e0c8d204bdf36e49e6bb523bfff44f4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b638fff55d21f623e4dd115159de2167

SHA1
ffcbc040678c36d156ede3116e0c54256aac0387

SHA256
49b14c308759f783af4b9e6800576acadc836ca2e8c4e65b2618aecaf89e05d1

SHA512
71ea58159229c6aaf1ba04a37df5771ae29e99c7c29a64c91a17764785f9352f173c098581dda24f4350737f6bff9c0ceb7fd57f2fb996be39c34a71675f64ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7d597407dc42ae7751b11bb30e4949f

SHA1
73b95b82e83da8c02a0af669c931463403899ed8

SHA256
42a0f87758a3f16dc325ff7d4931e445f1bac6875d61b5f1d6d8198c78c1a0c6

SHA512
b871afc0777f698e93c7d487b1850983ceb9bee691234a17a30e7d553e831dbe7cdaa53d325eb23b1f53335ac34416c12e33eba1e88bf80ce7e5109fade29351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4646bae09eaa5da180a5dffb890e1b9f

SHA1
b8ecc15f77517ea1f8b8ed7773fe90626f1fa431

SHA256
c8a1fef3e0af8597808a8c106e9ced9288d306c0a8d697f936136d1dd54cee83

SHA512
d5ba48e949abd3328958d51cfe7565f7c83b56b303609c222cea017d4edb19f4d803b6c3a181a189efcafeec4056762fc34d67b848a1db7ba250e35880e4d590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15f743fdf864ecd381ddac810cfcfddf

SHA1
ea82a30314653de4ce608e80d86360f87ab682ac

SHA256
7624ce2d91213a87d3620cbe818cb882223dd747668a245a328d0c98bff11c15

SHA512
a5f94f46b955bfd1bba384b58cebc6024bfdf69b9e63c69822948f944b1e63621b3ce9e6c034a1ecd027957901dc7bb1f5444f473773998490aedcc986f3d7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d7f1.TMP

Filesize
1KB

MD5
4a6c70b918543d5dc9b38eb54f303cca

SHA1
51cb2a8f5edfe1b4dd22394fc3342fe7b9e22a5b

SHA256
4775492b69218d0b967c17a3047d74f31147b030ab042b62e005d73c74b942cc

SHA512
81a0d3a3a481baecfe3170273f3b0f36105cfc33cc7f8d0c0b25e0b117c4a39cdd9cf705775df0de3aa3f9fcbbea5a3b1d15645a9e4482d14afd239ec5161a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\daae8f03-4036-4c2a-983f-f288b259fa57.tmp

Filesize
5KB

MD5
16982d8c23f1b8dd9c20ab383f3c081b

SHA1
a7a5ec255c3e55cb5f45d1bdae3e73310f7618ec

SHA256
0379ac658205ddc5d964592c3052c23afd0f0c5b2a879d7130080bace5d1544f

SHA512
adba0c587808e33a52c007d9a27c0a6109ae65f427eec170fbe98620b2726c50a59b19b2f4d8729ee389149875cedb0f0190152e499c84a7ef2d630b5fb09cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aaec807f412817bf9641e897b299dbe4

SHA1
a6a8a297bbee55180396a7232f604cbb5f5fdaf0

SHA256
6910ac117b717dee6b65db01510803f6fb3453994e683856fabcb3ecfc6576d3

SHA512
589f3b71d082c14a0fb95d8b4d2c558800a4a15adf177be54f05368dee938cd107a5d8c322bea93e5b03de06e674fbadb7f1bc94aae6f2f35f9d93c28b664576

Download Submit