hxxps://mega[.]nz/file/qr5nSApR#QbHqZGH-9Gb9eX0c8f1CSQFAygVCM8Qjr_f50hi-APY

Resubmissions

22/02/2024, 13:44

240222-q121zsad4t 1

22/02/2024, 12:57

240222-p6w69ahf21 6

Analysis

max time kernel
1167s
max time network
1201s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/qr5nSApR#QbHqZGH-9Gb9eX0c8f1CSQFAygVCM8Qjr_f50hi-APY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
180	msedge.exe
180	msedge.exe
5096	msedge.exe
5096	msedge.exe
5052	identity_helper.exe
5052	identity_helper.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2636	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2636	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 2236	5096	msedge.exe	42
PID 5096 wrote to memory of 2236	5096	msedge.exe	42
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 228	5096	msedge.exe	86
PID 5096 wrote to memory of 180	5096	msedge.exe	87
PID 5096 wrote to memory of 180	5096	msedge.exe	87
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88
PID 5096 wrote to memory of 8	5096	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/qr5nSApR#QbHqZGH-9Gb9eX0c8f1CSQFAygVCM8Qjr_f50hi-APY
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd65c346f8,0x7ffd65c34708,0x7ffd65c34718
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4084 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1696,10477401704465345537,14926130448105945007,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58670ac03d80eb4bd1cec7ac5672d2e8

SHA1
276295d2f9e58fb0b8ef03bd9567227fb94e03f7

SHA256
76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8

SHA512
99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3782686f747f4a85739b170a3898b645

SHA1
81ae1c4fd3d1fddb50b3773e66439367788c219c

SHA256
67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13

SHA512
54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
24eaaf0fa4d1960f03461507db4b2c89

SHA1
9c3ee2de9d9f33ee4d870d9142f404ec9198464e

SHA256
79c51196ffa404a18af6b96e28563d9d2a16231b8c121410ee902c10df0626e1

SHA512
d08fefcef5e787a1dc0659c4e814e4fdb0557a8f94faf14598fff88d1e2013b04a1c9a1ac939f328307f6b9ca52b12ec35cdad16925c9f3bb24eb5381a230069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
1.2MB

MD5
27a52cce074518e22285a14f812fb0d9

SHA1
b7a50dd098d5f1c19f8d339a7217122f7eacce24

SHA256
060f0adeba630758c105a187a9a81f9a7b59a361255c6abdf5482ca36aa35968

SHA512
4daeba7a521c552494551abeb3778f70bc4b8d662299e45a157bb89c172cb66184548b1c9bb53fe6772993bd310843d3e8d9cf85044c654ed1ff7be2247934ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
c131ba2ad157416218bae040db191221

SHA1
265516718db2684617995520bc90241089085e9f

SHA256
92a41f34274737128ad8f5be2b9fc672cbca4d15f7e6ec695cdc4a8845d2cbdb

SHA512
1ccd8b1d49aab021b940e8e435adf3b730b2a012698cb51f8aba3eb18ac2826e92562a7497a480469aec8fc11d6268fa2e0236bbef717ca2968904d668e051bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
6ec2278da3765e0e67930a53cb00bce0

SHA1
e2914e8e41ce1a00654fe44d1d69c4a0b5451654

SHA256
cf5df764a791261b22ed12d4759f20db0484d2ea30540e0a9128f429d133ba9d

SHA512
262e51c964d90a3d8f940f763522cd1bf1e6ee0f9cd42e487dd631b05c0da4411ef3e7e3b952dcfbaf565051a1278b018b319699020770603326e3a14f5a9e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
1e6c8edf04d02c91f8eadbcd9e8cf68a

SHA1
f5bc9e11dcccec1672bba2ef779207089d6af61c

SHA256
f9625c678758ca1bd88145b03428dd08ed9955430c1b684b48b5de8900f53fb3

SHA512
8d840afd6e5166829b9284d1202830cd92b2936c301013e56308ff34129b4f9062af6fb87aeeb80238c8721cfd82a85ed25312ba9da17624138092afa664ebbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
a7d7f2ace2bee90e06eb93b6b100be44

SHA1
b151d35272dfb1e4ac134f34488a960de7952b74

SHA256
267bff698076e78901d4f843271ddcca1929518eafb0872294bce479b1890e38

SHA512
a8bf887d20a4bf1c8c96bc36dede7f0c9701d1cf922ce35ae5fbef5bee1358b55eda60965210e9b0887bee92dcc0b31f34f77e603e5905c34a533f6ac268af63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe58b3f9.TMP

Filesize
335B

MD5
6333c2b84a7cca607825112d02595f9e

SHA1
6b88f7491ac357d707486037454c1180bcdf3ed6

SHA256
3ff0aa23927afb1759581186aa969c1f404a4180aa5c8bb607bfc6b39c5f67e4

SHA512
9fc975d7a2dc95d0e513f1cd5ef8622b0cc5ca86bfc63725a258a802972dbf2cdaf588f1d6ba3c82badf3e596a30e22945ad6cad08a1c2582e67cd6c38b2a4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f58ec330a3ab68f230e778e24b94843

SHA1
0e8c8de1ce71b6dadc6e9af2dd9f3a24b65f2175

SHA256
3837cc42ea688496389e5bb2282397e84d08779b05afd6571a323d064adb0efe

SHA512
574ff97b438b11be5a3c9a3f9d71a24a20af484db18f8bd4282739161d77dff66dc1af5762a5d800bb1f77b855fb761706e3faef07e9cdbecd7defcbbec88f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a55c0fa8fb1a1b2e424561b6b37c40a5

SHA1
086e10bb3cd8dacf0e7551df8977f9e66da6f6ed

SHA256
a8b85aed425063feb5244f50009840d4ffa1d19238580b54523051d7c4b95e54

SHA512
0ab24434246695e8ce2f98f64e59eb8e16dca53f13e4e81b734fb104c9dbf8073514314d6c5ab7892c29179d0ab0460de73378017ea936c97d24f6aa89c1f4bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1566ec6e81952e1d4ca7d60ae274a6d8

SHA1
ea1fd91178b60a7011742c7199b98974df84110e

SHA256
50b7a31ed15b86b6dd5e29fd2a483561970db129d7f6b3086181f1c9ea293631

SHA512
d5b076c76414ad744818df540cda7dee360e773acc24bdacb36b33fd71b275ea93b1a155914b486327905ad65832ae88d55e94edd8fe936be8be3995d976e208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c033.TMP

Filesize
48B

MD5
6c882a5fe2c9a5c8be6aca058f72681d

SHA1
66ddd96d9d32ea9d178d1dc1e5efb1eeff60a533

SHA256
8f42045f0c8eba4e665fb0dd14ab8040e5b5abc616a5f7c7af7362b91b4243d9

SHA512
0b60417cdb1008b62d69857d2f654a44b87dddb6f23852027a08403507ac382ddb12fa2424bf4a9c7d4a78fbb559947f1da89961c659c4b2c6ccc07778fd5e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
359f204eb7c8d6dbf4a6e1f388c366fd

SHA1
3867462a597b2de9fba3962188615c9c5ff689bc

SHA256
e30d5706dcb8d17448f0220d19ffbff3f0d2e515d4381f7ce15af72c2d3ee70a

SHA512
5e6a8d4d2f9714bb754e76d2b4d145f3d6277a21e42fbd2d75e869c441d684e47675cb6f89ea12fa0d1b7ca4058b75e004889946666b8e22f8860ddfe9347699

Download Submit