hxxps://youtube[.]com/@boffy/

Resubmissions

20-01-2025 05:23

250120-f3dfastmap 7

20-01-2025 05:07

31-12-2024 05:12

31-12-2024 04:49

31-12-2024 04:46

31-12-2024 04:31

Analysis

max time kernel
881s
max time network
847s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-01-2025 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com/@boffy/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3172	msedge.exe
3172	msedge.exe
2332	msedge.exe
2332	msedge.exe
1676	msedge.exe
1676	msedge.exe
1116	identity_helper.exe
1116	identity_helper.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe
2416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 4624	2332	msedge.exe	77
PID 2332 wrote to memory of 4624	2332	msedge.exe	77
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 1404	2332	msedge.exe	78
PID 2332 wrote to memory of 3172	2332	msedge.exe	79
PID 2332 wrote to memory of 3172	2332	msedge.exe	79
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80
PID 2332 wrote to memory of 1132	2332	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://youtube.com/@boffy/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fc6a3cb8,0x7ff9fc6a3cc8,0x7ff9fc6a3cd8
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,2479939362945436411,13913073950576071815,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f10a9ede294ceaaf59b989af5842e8fe

SHA1
ff5a015438445da48fb3426c9fa0ae5b66551806

SHA256
eb12655861584a5dd029079192cd8f8175b873a5018c9a8ceeac718616000567

SHA512
85c0f6747de3107071c20516dfa9d27adc14aeeda85efeb108ab9241f4cd7faad8a841ad09c91f6f5bcaabf26147ae01ba8db9eb9a30759527ba569fa2f23896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ec697c3e869987abbfe8350f18023043

SHA1
1bb418e5f6e1a3d4e64a65cfa77692f3aff6bec1

SHA256
793a504dfcc721ffa00c0bf92ab7002253647491d1da4f2c7f3a68b1598f6df0

SHA512
6eccda10e2f772079757d8b9397bd88ab1e24ca006eb7ea8b3ab7de8d4f0b9e1e338577540d4396cda03559b207280e67624936bd585251abd27a4d92628f8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
64ffff93d27785c2e15bc25ac15c0fa9

SHA1
dfdccf30543aacb00d5d0e1e55a903da20b19460

SHA256
7cd804f25a92c2b39c2e7b56b1fa6a3a7bce6dc8b2827edd0ca3b9f4f8180961

SHA512
b541e8c0ab47758873d8492c8a864f37354e597848cde3a770f05fb0c643e8d768f6dfabe36ce37fa60b3b562ade2b79abf5c137ca30e38a0cf3331b61de0d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3d334a1ab4d663e25a4e103e39aadd03

SHA1
34d05022bb31b755e09f677505dddc9a3f0ef98c

SHA256
e67c1409dc9bf53c25785246a4f15d054b2e093e7ce8dbefaa2c6082916c6528

SHA512
bf2ef58a5e61830a0596b45abe41c9ede92f1d4aa630418c46adf255b14e6c1cafe0d5c44c2b6fdfd1c042da5be543fc7d2289ab65fc25c6024ae752de7d7ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
56b4148c291757477c22291578e75b7a

SHA1
76dc135c66b69f7efa668e04b3f279c6671fde48

SHA256
c64bedaa25aabf13321f79824616604d1b9f01ac5369bf15c0bc4e0272ce5987

SHA512
81806c473c1d86563e1ff064b656de8854aff9c877e6288855298c2a01788783d5c0cae3368b963844412b2900c4ed5fad9366800deab98f98e372b66dd6f9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
47fbcd575b7eb901f0990a90a4095aff

SHA1
39b3fa53c880d7af50df99e45453b7177d01b2ee

SHA256
4194ab894f63563176ae345eea63a36ffdbb6e71fe04b3407e4cf0b5f07f09a7

SHA512
f0b904099a2d9370c05fcfa50e1d4778fff21794924aae04b91cc8f76d14f9bce8f63d1f39a2c3b1e84e6d7a93d2c2bcbd94464bb86fef9b26190f845fa46a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f44dd4df7a5787812d8b31a6e4cc48a

SHA1
4d56fd1ace667e36ca86453d0a1de1a2bcebd0df

SHA256
8234f8b8cab109e22de847e70517c566cbad57995076edc00be66fe2595fd1c7

SHA512
4ecb23902182c1c6bc86018ca55d292a2eacc93ec8f0e81d5f87fc4bb5766f15e1d2cde5df7de65e65eb1013461961e6299cd2bacd3a5816b8a975c52ef52619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8eea779f87640051ebcb86a769680c5b

SHA1
9e9a84eb943fa8f22977c86d15dbc69ba2ae851c

SHA256
859f16e7443105a1188120474a283baa3ac7fd2e457f52b1f1ab9a5b7271c8ee

SHA512
643705ed3ef83793e18c031ff18226494c3f9a592c7619290c160e404f8d393526bd554ff2b41669fec8073bb81d900d41f8f7c2e769b38261380eb409dc22e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d51b75b844f232018ec2ecafdc841f6b

SHA1
1841e71d2570e0847573115a5bef9791d3d84753

SHA256
12d05fd16d28f5e0e9b767697f5f40afd9bf696c8f0ec201e2b31de6fed9396a

SHA512
93b31dc7e84c7ca4b6c52f48c4f1c9503927e473683bc3918dc692047419c107800412801884544c17e546d5e31e681a60a2a23b60b3353d8eaa0e637442a24d

Download Submit