hxxps://apptopia[.]com/google-play/app/com[.]csb[.]merchant/about

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 06:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apptopia.com/google-play/app/com.csb.merchant/about

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1504	msedge.exe
1504	msedge.exe
752	identity_helper.exe
752	identity_helper.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 4736	1504	msedge.exe	83
PID 1504 wrote to memory of 4736	1504	msedge.exe	83
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 4948	1504	msedge.exe	84
PID 1504 wrote to memory of 1476	1504	msedge.exe	85
PID 1504 wrote to memory of 1476	1504	msedge.exe	85
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86
PID 1504 wrote to memory of 3060	1504	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apptopia.com/google-play/app/com.csb.merchant/about
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2e0646f8,0x7ffb2e064708,0x7ffb2e064718
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,16636130023619037500,17374864493603229983,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
98126b2691d37fb86eb80c9a8e925a41

SHA1
cee9ca498b796dbcc9555616ae31c66bd2ed48a3

SHA256
f872a17ddd3a8cedd233f9f11a6d14ff1424f13ed0341445565b461f46108d9f

SHA512
52c2ce0647f848f82c2d04d8ad7abf6ac3fcac4b4b41f1de4138cde65ca7a2d6ae72cfd7e4f710b16d9b47e4096eace5300a47fdfda8203f344ab45eeb4f8ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
050f3052661b4ac3c02d764057826b85

SHA1
5a85b200acb99efe5622fc6dba5cda4e0bf02d57

SHA256
5e50a89e55325c575ad77b3d627bd5157593d79e592bc69b99c3d8a15c562c57

SHA512
b92cba61891446bb01b83d973b47367a12fa3d85653eedc8119fb06bcc3dcf0bf7a7847e9d493b46d74c9bf9c809bd19c1d4c6cbc554cde04d749d92dff2d318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a3a6065d3e47f13a5489984dc717b246

SHA1
b30e97d433772afcd3648405407f9b188ddde23a

SHA256
a834bd571df1c95a82303be0995fc22e2a2a081760aab5d546c2451ecbc38e9d

SHA512
5e7399bfc41ff6df9a6d3bd44b2eddd98e3abb173ab07025291da1785732d14fceace53bfa0d0b667d5e523b0adc8131fc4991f9bb7ef97d28845e11298fe65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e714720b767571e3d335206c4e41641

SHA1
78441be264f6786181aad86f74542f86e0049678

SHA256
0531723d0a7d1117d88d51c158eff2228df986a110a9396780b7563476306647

SHA512
5ec7423a3af3dc02e34b2308a9ff2073bdc058643ce9e45a6ab949d8d18aff6d5519ac04fa78c759026cc3599f12d51f1e3c2307533e8c411c9dc8eb8d16e4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6227b336739ace0bc0a81dbc63933119

SHA1
9bb364f7a8c545f2a1d2ef6d47ac5cbd1dfae043

SHA256
484adeca195660a1878a07a9c1fff9751a4ac1706645d2cc6d8e3befe4c32cee

SHA512
2f18aa11574e1062fdc4834e51c3ff20ea48c9c573918cffc8e29e032b55b30d404ff0ea416fbccddf27a4eaabcad96f2cab7a0a7405fb5dff06e2e3fcd6e357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
df8b82c5c449ca4a2be223d15ca32867

SHA1
6f638586a4f9f25954b1ade666abe2fd614e5a82

SHA256
1dcc993e4906f5c4fb2a35b64e0bd7e7cb1c664432e600c71f44d84d435adb23

SHA512
cc12c8ec270c6ecfce346b9786b7a98fb0b71ca871d1a6ed7816ee90831e3f09b448e7311c7d44fe713b90b9dc286a58f4b7fd2751814a02dd0e2119c219df0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
75f714fe8a56371c36094b6559eff43b

SHA1
c459e84d9c2515cb1b88ef81c33b47b3aaad9318

SHA256
261c99c85c114e0c043bfc6ee6c00593b8067cb4e3807e6111c827d3c59b04b2

SHA512
4267b08e1548230de4348aedc22acd430e2ee742433539946af7844c4976a9244187059a3ee3452a20de8fcf19f2d2916767de1cd67e502c1d7fca58a600f8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90fba34895a99a56df59883abf8710ef

SHA1
04984551557fcd833706e0af71165b3079940a62

SHA256
ee1367b7060770ca2c8648903b6a455a6ea598803c5467ff4e4a68b760205d93

SHA512
10d626e18bda70af3f309892d0a66416c25ccca80f73d5c7cb6b3c26cc3ede1dcf191948e2570d51cf994df4564e3bfb037dbb675fce8e08fac2f7ca6981bfbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b53b5fb55e336db3efe0788a1ca176b3

SHA1
0ae8e50717e57588d1d4b7ccfb9b77e2590aa58c

SHA256
3abfaaf66f49c230ba88b6e1981ae0f18e8af5a72970d0435e97b37fef7c7456

SHA512
87348d76e5aa561685508058735d0e10a9afcb9fc7d046dc745796af5db17ccf0a1a8329e5bb3ddb539c0827ad6c65382c94242872f14aa6d3820431148e54d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a364.TMP

Filesize
2KB

MD5
362712368de38b7629c096f524f490ff

SHA1
00989755a5878031201b1896e3652532a377144a

SHA256
8f2872a700e28de09f25e790b5cffd122f92067b2c1097a1277e96a55141e234

SHA512
38db4edd8ef4a47b7c29809bbf1449c2b435c233b59ac0a3ed168626df0b2f344ae4907218b775740d171d5fa497aaa4b8f54db39b81d782f0fc731dce63bbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c50bb0178e0602372da00c93d0832193

SHA1
fbbd543f5ffadd2520ef3e413b447ecb26d3afbe

SHA256
38c8a8302172f449db9135f2a9b3720f0b8d08397fe14bccbe0c6c37d3ba7b46

SHA512
37be3c4f5a480aa77d485fd929fdc796d3b203a17e4e9ae587dab05a24de4646ed010ed3cdc8f9aba5d3f6fe8d7b4d34fe18aab1913c99e63b58e7dcdf979979

Download Submit