hxxps://whitegames[.]pro

Analysis

max time kernel
480s
max time network
594s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://whitegames.pro

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
95	drive.google.com
96	drive.google.com
94	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
2996	msedge.exe
2996	msedge.exe
1856	identity_helper.exe
1856	identity_helper.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2712	2996	msedge.exe	86
PID 2996 wrote to memory of 2712	2996	msedge.exe	86
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 1168	2996	msedge.exe	87
PID 2996 wrote to memory of 3572	2996	msedge.exe	88
PID 2996 wrote to memory of 3572	2996	msedge.exe	88
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89
PID 2996 wrote to memory of 4480	2996	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://whitegames.pro
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff820a46f8,0x7fff820a4708,0x7fff820a4718
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2360 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,971075857530850685,12376782266564871910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
51bc7ca9fdab21388253b34baf2212f1

SHA1
a3b1bcce08320ec9f83743cb1e33c1d98b456efa

SHA256
f10eb948681fb5bcead96b9b6f9e7d3d1402d28699c18ec702fa66ba2774590d

SHA512
538ac1bacc0241c662772b6bd59d6a421925fa51a7b27ba6666b783c2c3f73d16022ad7981267cac30fe1340406d4114d4946b8fe4b67c27273f10350d12773a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4aeafe2393a23d212427c00c98ec925b

SHA1
5c72a3a1568d16834802adbcfefab362076520a6

SHA256
4b29648e59c30bf023cda2203ee26cbe1082c68ea009b2af9051f387a6051f22

SHA512
c4526ce3efee892f3ab346b92bfb621d9aa1854f946e89c7aac8d2b2d951199712a6e8b5857af9d4531ccde3acf89a3e1525363d61c40089818c53161b6b5749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
339B

MD5
b49131600683e41c41e5ea2c3d99c17b

SHA1
8e47d6fddd9571784a190e1ba2ca5bc7c03ea7b7

SHA256
9a06bd7a3f8e1e2fc77b531d99ce9f65b3f9ab486ef0f08066033892726fe1aa

SHA512
7d76f3da6b1943bb0cdd0c58c85f4ce4be3c1ea905b98101c4593e1a1db04d18a852db76a8dadd9c38ea8b9acdc0c9cb5fb249923a15cea2b24ff046e3c8939f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e1f5c3c902110c5031e10d2f1f13bcc

SHA1
f8f7ca6441a42c7b7bf6b160694bc9aad382d3dd

SHA256
0d125b27232c3d5f61d7b6fc1b5a5394138246a00c40c8b388f5ef3b8fe1af62

SHA512
7e49dd6d86de4e67300b2eabba6600382bff42b21fc7a652c6992a893adc1d4bea9ff64292dc7177df6627dd7d770c79e6f3dfa3760214eae2a5917597ae4037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bb24c6960626b724ee0f7985dd7f64f

SHA1
827634fab221dd2af5134ec71a35cdfd6f6538a0

SHA256
ce47be59ebf4b1455f71c8c0bbfe93451f430b4773386c2e3ad92bbac86c5870

SHA512
9daf1abd059562a5a382f81ff6aa049c0ae24ca557753f07ccd14e4642c4757a8f48153f5b6b73bd6d0ff6936de1b6e402e28012715629fa92064206ba1f7bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65ca50dae4297a1865091b0ad040782d

SHA1
13e77c67630392b9c105f1832a8551a72626dde6

SHA256
45f00c3f8d7af0e9f7fcc13d9d3b0e12c43407f5b6c0b0333ec47874d1630f60

SHA512
3dff5a2fbffb65357721a257fd7caa778ca194396151d64a10d5c660315320181ecfb8078108d377eb3bc6253b1288d27b4f5ea97e8cb9aa43ed94f54da6cc6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4686b3d48a01dfc16078f2f38901efb

SHA1
158068e63eeaecb2a70572ae252571cc06f21408

SHA256
7e05eeb54e2c1b244e0e0f07c7c314de80f83f6e7b7f0e117678d0c4d59a6a4a

SHA512
654099467646bddf5485ff4a22780e1b471251fae281a93e171470ff399d6cef2dba4b2ae6296008b09f49fd1b410b96ab9da407546d3e61a4f4cef32fca8a68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
9b2a007e360ad06991e33b2c6e1b99d4

SHA1
54c57068f6c16741ad1ada2e0b5c00496ca16dc7

SHA256
cefe332f2759b89a9cd4722a04905d503a028f9159e826312840d35ddf9dcfd2

SHA512
cdfb5449435458a9f7990aa61f11f572b3932adc04769f55275179c9020df7bd11918a05acae5cc95e5be45c5c2b12a7bd57c4de5eb4e8c3d62ae5591184706c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59c2aa.TMP

Filesize
372B

MD5
d97340848bc7cbdf61185ad3e406a88c

SHA1
c1d54af61038c01a59fb567ddb40beaee94452bf

SHA256
8a3ad8e96f8501b303fe56c4038f0191f6fbf0be7e7fbdde63ad84e704e90804

SHA512
d93291e4b4fa9907426bdcac7f88a2170511e793eb0995105db036a97aca9b40922db3039732d6c0e5222f93291c3c23e64bf2e9dd508d15b6069e705a26f642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
43b6a770e5889fe1e104d6ac73bb2eab

SHA1
2c5f58a95bfd1ea2913e4cc7b76e734a8a7d606b

SHA256
0aeac8d0a2319933bc49f3325d880606652b416369227857bfaec63898db0ea7

SHA512
d6b7501e3b368aae3d941083b299b13186f0efbd46649361609aa0e9d6c5b96649e943c1642704d00fb4f704e0702d1ee1c93adb56d558c0e735cb14819d96c7

Download Submit