hxxps://raw[.]githubusercontent[.]com/Archmage83/tvapk/master/%E5%9B%BE%E5%9B%BE%E5%BD%B1%E8%A7%86TV%E7%AB%AF[.]apk

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://raw.githubusercontent.com/Archmage83/tvapk/master/%E5%9B%BE%E5%9B%BE%E5%BD%B1%E8%A7%86TV%E7%AB%AF.apk

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	raw.githubusercontent.com
9	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2360	msedge.exe
2360	msedge.exe
516	msedge.exe
516	msedge.exe
4124	identity_helper.exe
4124	identity_helper.exe
3008	msedge.exe
3008	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe
516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 2176	516	msedge.exe	84
PID 516 wrote to memory of 2176	516	msedge.exe	84
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 4864	516	msedge.exe	86
PID 516 wrote to memory of 2360	516	msedge.exe	87
PID 516 wrote to memory of 2360	516	msedge.exe	87
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88
PID 516 wrote to memory of 4896	516	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://raw.githubusercontent.com/Archmage83/tvapk/master/%E5%9B%BE%E5%9B%BE%E5%BD%B1%E8%A7%86TV%E7%AB%AF.apk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9835546f8,0x7ff983554708,0x7ff983554718
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,12709496125178365478,14735323980701085401,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f26c5af-7a28-4c16-9bf1-78b45b01b150.tmp

Filesize
5KB

MD5
80faaeb5e74dc8fa2510792bc9b1c064

SHA1
5e7fceca8769bd179b32e6e1b6cbd376da9530f1

SHA256
3e363073b680f6ab7bbdf14763061d9e8cbb86eb71e67c4d9e7cb91f09edf6c1

SHA512
a16017cda17fb7e2b063a56fa3b10e6e3f0fe5ab9f2c62053363f28df4ce687f5c00cd6e8374da9b0c0575959a2c9f37267c930dae5939e1e69c9e5c0afae0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
93ce00de284a4211976a84b9723a3e25

SHA1
32f67a6dfe3726ffa7cecdb1ce75bb742129854d

SHA256
c2173fb8e2596a8a65af4ea721b9f78a261f8d658d94f7ea449663862dcdfc1d

SHA512
02aafe5a784986076a980a1b0026aa87aca26042e79b8b64cd8769f82705935945e4da5e4da4cec17e1e83b7839b40b56151c8499bda485909418c1c12345dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c938fe769a672be358d44010fde11462

SHA1
c8277394fa901f254c442321553acbff25bd17e6

SHA256
394868a88938141dd54e9ac316b5066d0a817efb7848ac94923c6ef99517bd39

SHA512
29e2e79881ac44eeaac40c735dfab6b6047cc5ea27beec9967044caa10569605f4b3fad9197100afff0088ce34f1f460ac03f011cb8852404897492006aa004b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
562B

MD5
9edb6429349263e41a72dff1d03e7819

SHA1
3fa13e43b30eac5bf5b34bb4fe57a5b611daeb67

SHA256
f4ce9532d7f0e571c7462fbb0285d2a672a9a4dcbff2803dcbe238fbdb2f2048

SHA512
1a7c8fbb1e9147bb335970c5022af5e98cd69b7ba1717d2245e87b4e91dd94f733ebe779231b03413c19e173754957147f1252a32c23d8766c3253671c589248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c855f2a03c1ee7223377a50c47a1b514

SHA1
0866c8090389d1d36d02940aaa78a7f12e04a568

SHA256
954ed1f6c83eb4829700c68c6baa4c1ba10a8b6f1e378b80a7af3692ba193e24

SHA512
3987c1c9c58e3da98131e3d76a9473dd55f42f660540665a540d75834261add797a7e0f464eb97a92cf9cd28abead96f59298d4bc15b79824f157a1215d89251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c448e30e8eb7af0cefb5204dae35a96d

SHA1
9896748a6fd0290726c51abe9935747e81a6c380

SHA256
892d6ff39c9aa0e321b99d01d7307a4a40e3b23179dc203d201829fbf9199526

SHA512
41df7c9f11058b89af40145b4a59f1acf8172e1cd13a631a3ea96bc573af98a62cc15e1ffc71c02368d0e79f9623f1618bcabdfc42ed460171763993e66d343f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc611ac94cd36096009542455b84ba79

SHA1
d6d83a154f4eacb64cf27faee66aa1127043609d

SHA256
fa71acc124a29911f508f6f886c2f216f94077678af217433ec44b2814307713

SHA512
718cc22b7783f9cd73d68a44bdac3b8045bab112c4d1720a705cbbf0768285e01c3920e294c60db4de8ee78f1b27db64894682d3f3ab6c34d8b6e8d8165db734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
6483a836930518a2b00c7fb119320e2e

SHA1
e75487f4ead0b803e8b6804fd658b8fa03eddb95

SHA256
f9d9e66ca0f70d84fc1edb9d473bea6212be155426e88bb5c9a22d2d322027a1

SHA512
1733a7049c34eada3bea9b0b8048ed24c87df2c96c8a9f0322aead4b1b7c284348f9d7a127b2c3ab7b01aa13c3ee88d4daece8c6c86df1b343912113fffdd437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
76375485d8f94bf8fafe35de7616def3

SHA1
bf49c41fa79e3dc557e9edf010d0b841d279cf23

SHA256
77800c8adf2491bc6cc9e3ba3aeedd8706ed15ddd835912e4005ffa36f5d8afd

SHA512
1f5cdc6df9dde767b8acc68ebc71dbbcbeddaacad65ee746e5240ad3711881d6426861a13a3d684f2345bfe146e697629b124fa9ba84ff159e2fc43a5333beb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
42d0eaec04ccf51a97fc7cef34943e60

SHA1
e2a4a0cfcd9d0a457e541efeace47ab85123ac8f

SHA256
2c1629ae2811012dfbbe3ff7fa69e766beaa2f7eca52f4693c19f37a4f829b18

SHA512
fb37b44e3d4dc126190fd962621218eade446f15182d3af604ca6f0f20cc0856d765c737c6387c53a67340e8117704b3a19c4064ea4829acfd315f94100b4d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
5c222da3339ba519783c53fa616db7c2

SHA1
cb147c863090b910806df34fe7c8794aa1dc61fc

SHA256
24d175805fae3f673901eb46c7e7a23851d758ce36240e0f6f425ae913e59c99

SHA512
2c6688e86af23d6565ebb06c7790e583feee0da3e774378c2bf69eb67f209f9ffe153a44098b8b6b68789aa17512d678524f0b754936576ccbcaa892982bb4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e70.TMP

Filesize
202B

MD5
e9b91749aebd7aebafe5db0499cd80da

SHA1
e8f682dd60e633e8543c285167bdb7a8cedf7ed8

SHA256
6a3a166292c91f2381a4ad81ee5c39105cbbead2dacb5a663fb5bbcbd5886c3d

SHA512
dab3d1a498dd634202f15d25cf6564b74ae236b526250028186ea62591356de00a270adf0b204960b265668e83d58e1f736bd47c14954763c880695b80e798c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe255453c5b40788f69f548d8e01c127

SHA1
db9978c6cfcf1339a4ca2650cb58d632d07f34ba

SHA256
660b67fea53f70d52454ca84aaa46887685d78e13031031ea6f292888396ab42

SHA512
b20c1a65154b7653cc29266b11ec27eb33f688ff75fa269f5493340b84ae1d7fe6e3e537cdb0e4c3849db8d288e8c8ceb081447d2abbeecce36151376ec7d296

Download Submit
C:\Users\Admin\Downloads\图图影视TV端.apk

Filesize
7.9MB

MD5
2f370b48dfde8626113eda7433e241c9

SHA1
54934ad1c76cbdc7c970225fc9a9ace70b4db78a

SHA256
11a6bc5cb5a20b032a18f83a4b39ddac661fb533fec3dbf62c8fd71f8a9a85af

SHA512
7173e3d49e45d8bce457e4be24e291dc27d3af9541cc38822df7898e33dcf0c3fc631685696776e985ba24bdf498d46822ed2f84443acbdfa4b1328bb5771e7d

Download Submit