Overview

overview

7

Static

static

3

MEMZ.exe

windows7-x64

6

MEMZ.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MEMZ.exe

  • Size

    16KB

  • MD5

    1d5ad9c8d3fee874d0feb8bfac220a11

  • SHA1

    ca6d3f7e6c784155f664a9179ca64e4034df9595

  • SHA256

    3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

  • SHA512

    c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

  • SSDEEP

    192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
    "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3652
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2724
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4468
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2704
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1512
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
      2⤵
      • Checks computer location settings
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
          PID:3836
        • C:\Windows\SysWOW64\control.exe
          "C:\Windows\System32\control.exe"
          3⤵
          • Modifies registry class
          PID:4420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
          3⤵
          • Enumerates system info in registry
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2920
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4b6446f8,0x7ffe4b644708,0x7ffe4b644718
            4⤵
              PID:1028
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
              4⤵
                PID:2176
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                4⤵
                  PID:3892
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
                  4⤵
                    PID:3360
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                    4⤵
                      PID:540
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                      4⤵
                        PID:1128
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                        4⤵
                          PID:5048
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                          4⤵
                            PID:4068
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
                            4⤵
                              PID:2000
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
                              4⤵
                                PID:5000
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
                                4⤵
                                  PID:2736
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
                                  4⤵
                                    PID:3556
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
                                    4⤵
                                      PID:920
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                      4⤵
                                        PID:2768
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                                        4⤵
                                          PID:1128
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3282631590935783289,15023019318038295789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                                          4⤵
                                            PID:4596
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
                                          3⤵
                                            PID:3612
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe4b6446f8,0x7ffe4b644708,0x7ffe4b644718
                                              4⤵
                                                PID:3460
                                            • C:\Windows\SysWOW64\control.exe
                                              "C:\Windows\System32\control.exe"
                                              3⤵
                                              • Modifies registry class
                                              PID:4972
                                        • C:\Windows\explorer.exe
                                          C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                          1⤵
                                          • Modifies Internet Explorer settings
                                          • Modifies registry class
                                          • Suspicious behavior: AddClipboardFormatListener
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of FindShellTrayWindow
                                          PID:3068
                                        • C:\Windows\SysWOW64\DllHost.exe
                                          C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                          1⤵
                                            PID:4656
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:3052
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:724
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:1388
                                                • C:\Windows\system32\AUDIODG.EXE
                                                  C:\Windows\system32\AUDIODG.EXE 0x2d4 0x308
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3824

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  4f7152bc5a1a715ef481e37d1c791959

                                                  SHA1

                                                  c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

                                                  SHA256

                                                  704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

                                                  SHA512

                                                  2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  ea98e583ad99df195d29aa066204ab56

                                                  SHA1

                                                  f89398664af0179641aa0138b337097b617cb2db

                                                  SHA256

                                                  a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

                                                  SHA512

                                                  e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  384B

                                                  MD5

                                                  4287d57a143d83310430607c08dc98a6

                                                  SHA1

                                                  374318cb4c97e558e950f6788882788a5248b9d0

                                                  SHA256

                                                  9f7e0da5e4e0a0aba360503b8ec220b066fe557b3acb5d93d9b4350ead1d74e3

                                                  SHA512

                                                  f6dcd2930dbdbb3c52df2d885a8aeed1588bd56de71c6afdd0ca72c5159750b4cb78949e87496ded4b66b976ca4058b645f6d034ddd02d9f65bcd94cb724f1b7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  792B

                                                  MD5

                                                  288ce652bdad45b4dfb188aa134e3f5c

                                                  SHA1

                                                  0fc53f09f70128762a272743d6e3c9abd8875b20

                                                  SHA256

                                                  e36fb0510c6c1f17d9fa5895b5c9c87565067b56bcad031a1e1f17f1dbd84eb9

                                                  SHA512

                                                  83a4fb104cce4cc7b07dd67d2fa5a129d90484840b3424995ad7bd640a457be9060923313fdc9b7e2895d6991e94bae08465cb737a9395a9698e221f1e9af7f0

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  06ef64311040e9bd1a58a550d110e191

                                                  SHA1

                                                  34c11a4f8e4999bdb77279cef4c3d959a5fa621a

                                                  SHA256

                                                  bc49af754c7a636ba69db29fa43c907166546025221162ec4c8f1fc256eea06b

                                                  SHA512

                                                  6aa992326e5d9c9003f4ce78c2148d0a6e17120070592fe53f73ff67875c088a554455e43d5ed81f30713b2ebd52e1d7d92c9a8e3b89641db2b350740c7f938a

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  2ea4c20adedb2cd9f32ac65047b64118

                                                  SHA1

                                                  2aca6994ea220b6236ca52d8a39137c819909c61

                                                  SHA256

                                                  63859bc9f886b1bb79bf346dcf9c0ce2b9d5a8d57193c2bfa4e0abe8c9c5af14

                                                  SHA512

                                                  dc03ca99b354621de1d2a46ccd6363ea01fe75b06ad54119e22a81b67e71df4ee91e72994bc34ad6b416d8a6f9f28735764859c3589ccbc57d747683049bc90d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  fcb4491c0a0021022e364e854fd16063

                                                  SHA1

                                                  9a85a2b83f6aa767fc30b7bd8dc6a4bc4d1585cf

                                                  SHA256

                                                  b8162da2848c450087210e2724f25d51733d366a8b85aebc1375c467a7efb399

                                                  SHA512

                                                  8ca952d648b5d5c30775dbecbd838f97d414fd6e2f8c6d5160add812bea5b866c57d889b2d26244976eecfcf8488a16940e1614b4898c542f1c821a01128acf9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  558491562350f7e442e5b86fb25d04a8

                                                  SHA1

                                                  413e92574cee2d8398ceb589363f651df7f1a315

                                                  SHA256

                                                  fe431a1808f8398ea79cff12805049ce36ada9f53ddd4e5986e168d6ff8906b1

                                                  SHA512

                                                  332d7b0352445376615c6518b7e0c5624e43ed1a75e222092270cec05284d4b061029464bfc2b224142f87f600d118f81f60f9120a6b08e27a8a404b3be4a9b7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                  Filesize

                                                  90B

                                                  MD5

                                                  f3736702002c63d07404acbd14aa2b2b

                                                  SHA1

                                                  a09e8516b21f96c2ad6d4fe71c96390c67b3c2a0

                                                  SHA256

                                                  e5f282725e24d0e440980b3c1146f580edb8a27edab7dbf0bd56f85435064169

                                                  SHA512

                                                  8bb207300eb4da116038446c65e8e49ca70084d5bce83d1dbfce34acd5c4059d2ccc1e42aae62a83cf70cb3ab6c2cf4f174440bba4685ed29accfbc23cb3f813

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                  Filesize

                                                  90B

                                                  MD5

                                                  be4110f720e609909fcb83d105f8fd6e

                                                  SHA1

                                                  c53dd0305488fe018ff5c2583d6a419961cf28ee

                                                  SHA256

                                                  cabf5345d8ebde804f0a169565800ede8103020ddbed264290224b8ed79187e5

                                                  SHA512

                                                  ab8a43a1b1e19c3d177d70cbec8dda51f9439dd984181a38ecb7b9619766db838214f8294495fa07d0435311954cc7c61fe53773c472f432cd38d4c7fed27e74

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                  Filesize

                                                  26B

                                                  MD5

                                                  2892eee3e20e19a9ba77be6913508a54

                                                  SHA1

                                                  7c4ef82faa28393c739c517d706ac6919a8ffc49

                                                  SHA256

                                                  4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

                                                  SHA512

                                                  b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  372B

                                                  MD5

                                                  3428dabe7ed223c15063e24b11cfe0ec

                                                  SHA1

                                                  177635b72fe6ad9adc4f363bcdec49b9a50ef2c5

                                                  SHA256

                                                  489f47f6e9037862f3c5bcc7a1d7ea5b7dc417373a714c7a8722f6c7400c784b

                                                  SHA512

                                                  a3451d0fcef2b7e1dd3caafc5fe6994291d20af6487041417fb8e7680fcbfa693b640d30de24568924acb132ac70f50389088ebf891557d349554b4661e17adb

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591553.TMP
                                                  Filesize

                                                  372B

                                                  MD5

                                                  41ff68d354955539c81ec85e61f2bff0

                                                  SHA1

                                                  0e99b9e5d06e5d902596de62a18ccd972c1885e8

                                                  SHA256

                                                  03875b6f11113ae5cb67e2b3810e3008e5672ebcddd67a040b0fafa0e33d66dd

                                                  SHA512

                                                  eba73c786f24e3599a74efe82e0452ab5cdce4cd10ca95c82e40be313e2d863c0fa018a21679b36839ce7bd67a8f22372ad56cc8031082cc334b1b5a478ccb3b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  fc8fda253af3ba82b2b8a7525042a318

                                                  SHA1

                                                  4935d86e6e14a1a0e2bb4736042f941ef6b13285

                                                  SHA256

                                                  ae7aff5384b125869bba474ba02d85087a7a83bec3ee18d99b2a5a205837d624

                                                  SHA512

                                                  16a14fc7db56725459a1f98800af85348ac153d26c2469a85230a2213135af7944cde6aaa8f0582b50832f1beaecd399a644b0e71f75a1d62e5ca0b3832446b7

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  ba868834d736b8e9c45a7dc24700c790

                                                  SHA1

                                                  8d7fc637f96bc766bdb891bc31b1c949da71bc5b

                                                  SHA256

                                                  3ffb7076d793ed82c798dbe7e98b5f90b8a60cdd81cd68cf766cdafad380b890

                                                  SHA512

                                                  6e8ec28423d0cd5976efd4b487f2996295a8690ac8007835a968930f857f6fed512ba56e0aa8b52e82fca9d35ed1022b7ccc52d80096d6cf79e5d149987661a2

                                                  Download Submit

                                                • C:\note.txt
                                                  Filesize

                                                  218B

                                                  MD5

                                                  afa6955439b8d516721231029fb9ca1b

                                                  SHA1

                                                  087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                  SHA256

                                                  8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                  SHA512

                                                  5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                  Download Submit