hxxps://link[.]coursera[.]org/f/a/1mSJyxmAwpqSjTvoe7uG6g~~/AAQRxQA~/RgRolHV7P0SkaHR0cHM6Ly9jb3Vyc2VyYS5vcmcvYnJvd3NlP2xpZD1ub3U2aHlyemhvNXEmdXRtX3NvdXJjZT1yZWNvbW1lbmRhdGlvbnMmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249NjZiMWQyZGJhNDVlYjgxMDQ0ZjhhYTJlYjRlNGRjY2UmYnhpZD02NjNjOTY3YmEyNmY4ZjAwMDE4M2FkMzhXA3NwY0IKZqt78LFmwEYlR1IVaHlhbGhhZGRhZEBzamMuZ292LnFhWAQAAAPh

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link.coursera.org/f/a/1mSJyxmAwpqSjTvoe7uG6g~~/AAQRxQA~/RgRolHV7P0SkaHR0cHM6Ly9jb3Vyc2VyYS5vcmcvYnJvd3NlP2xpZD1ub3U2aHlyemhvNXEmdXRtX3NvdXJjZT1yZWNvbW1lbmRhdGlvbnMmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249NjZiMWQyZGJhNDVlYjgxMDQ0ZjhhYTJlYjRlNGRjY2UmYnhpZD02NjNjOTY3YmEyNmY4ZjAwMDE4M2FkMzhXA3NwY0IKZqt78LFmwEYlR1IVaHlhbGhhZGRhZEBzamMuZ292LnFhWAQAAAPh

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
332	msedge.exe
332	msedge.exe
4180	msedge.exe
4180	msedge.exe
3420	identity_helper.exe
3420	identity_helper.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe
3364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 4860	4180	msedge.exe	83
PID 4180 wrote to memory of 4860	4180	msedge.exe	83
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 2792	4180	msedge.exe	84
PID 4180 wrote to memory of 332	4180	msedge.exe	85
PID 4180 wrote to memory of 332	4180	msedge.exe	85
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86
PID 4180 wrote to memory of 2460	4180	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link.coursera.org/f/a/1mSJyxmAwpqSjTvoe7uG6g~~/AAQRxQA~/RgRolHV7P0SkaHR0cHM6Ly9jb3Vyc2VyYS5vcmcvYnJvd3NlP2xpZD1ub3U2aHlyemhvNXEmdXRtX3NvdXJjZT1yZWNvbW1lbmRhdGlvbnMmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249NjZiMWQyZGJhNDVlYjgxMDQ0ZjhhYTJlYjRlNGRjY2UmYnhpZD02NjNjOTY3YmEyNmY4ZjAwMDE4M2FkMzhXA3NwY0IKZqt78LFmwEYlR1IVaHlhbGhhZGRhZEBzamMuZ292LnFhWAQAAAPh
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb57d46f8,0x7ffcb57d4708,0x7ffcb57d4718
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,18366903340377541539,11322471547876825735,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
98f0a8d023f59e655c881b9e28aae237

SHA1
a186792384a7c56b04f0f922b20055ce7138acda

SHA256
bde20a0c82f05d26641b485ac9aee8a8ec6d94cb7c8e54595489b19478833f27

SHA512
704169bdb017a370561ccee67b53085bd17ac17faee4c5f9057cf98f9474a3fe32943fd0bf6eb253701b3b96d88f93e6296751198bb7a7f1c7636bea97624018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1c6bd05b5057d91d0c51a7f665e72772

SHA1
04e3b5145fbad03c9613643b95c828817bd60345

SHA256
446635cadfe10bf7727638f03c42d6ad90747cde5b2cd498bd8306ba47762427

SHA512
7f5b924441aeac53ba5d3ecc69a009b00764e5e4d4a1d65de4c73ae968cefd2b5b973539f7cce6747d6daeaf1192ca68b95b4cc1fd5b30126c88db945c49aae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
014771d355852d30919dee70b425575f

SHA1
1b1550fc93ec46ccf079a30001a3e3cd15fa877c

SHA256
c352ab2d8eb8eda882bf86835368e6093631898cc967ea075ca93209f423bb89

SHA512
e2e7f82ab36e7447a78365df0921ec24de96a0aab72621560a75c32597d61c5fd59a2efd8aa5693c79c6f2d6034126206296912b905c3628cc0ef9d3a0e8aeba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3d7d4ac183986c62edb229b37a02879

SHA1
14fe7d6e353218c4da10f9c0a63cbfa196d8f20d

SHA256
8adb2d9c515c279f05972e1d3b516b8711f9ebcee6e76f9dc8b544ed4e2db728

SHA512
cb1d65483154a6a61d4fcb5db739adf29a6dc476e0a266d41e6bd89377d72a56dcba0410f388e4561c461e5e38af5cf48b20f5959964a5474b0a6eea937b7611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd444ce789326cda23d78274642383db

SHA1
0cb98e0c9bd7e91cfe5028c96967ddd931429f5a

SHA256
0b30e5b34be1fc17c73877289d041e6ac2090ecb33cbfd03b35f632107215cfc

SHA512
e10a37a2a3b167ecb3c8da3dd67be142e088f73babae557ca300a055ee883da4c72d5fbfa72ccd07ce1dab637bc46d44f6c8ea485489659d753bfb62d3aa30b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d3bb.TMP

Filesize
1KB

MD5
dc46ac06bc2fad0cf26fcdbd13f4d389

SHA1
16f39f31f531f7c5758294a691a08e6b43476c1c

SHA256
6215eff8d9b87974d154b7995cda29087ef1f2ee709812969da66a78cccddf01

SHA512
ad2ab3d9012240b6223d0982e390ae8fac220ffdc82e5b9c7e55cf70001d35c2328e77577884420aa61c1842bed1de0420af7c3462349f89b66f13e2c2519016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dc26a1b6-284a-421a-8c54-e15c2e41667b.tmp

Filesize
1KB

MD5
c6a59c590dafecccb11b4dd1e71c6830

SHA1
4b248e0a299d79ed22a7e4849717b10cbf67c71c

SHA256
2a4533ab0d99f2c89324ebabd82b87bb50fba39dd49e566dbc05559df0ff010a

SHA512
4d3c46d06c5b8a7497a5cb7274f57b6d7ee3ebdfe04a6be316a4938745e7c266b8c1b26cefe7b2d4abab395a4ba25083225b1f0e0831fa19be43373de04adfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9b09a1b70fcfbbe6e3047071a140b582

SHA1
98bf5e56ad404b0dcde6e1c0d1ed657471feccb2

SHA256
791cc5f9ccbacb146d7c3f09ae5f8c299ee061c3d25b0ff315515d9684088970

SHA512
45c8d3266eea5a3697f72a0bd9c46dadc84770402c325bfb998c50d3218fe300844fe3934c71c0bd4f452bf2133cd59efbd6851ea691d5f625aa40fe5a8f8ba3

Download Submit