Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
02-05-2024 19:40
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://mega.nz/file/lvVV1ALY#I0ZbAWRen3rRPy7dwZlf6KRa4L7vbQeFiaKvsSVj-0Q
Resource
win10v2004-20240419-en
General
-
Target
https://mega.nz/file/lvVV1ALY#I0ZbAWRen3rRPy7dwZlf6KRa4L7vbQeFiaKvsSVj-0Q
Malware Config
Extracted
discordrat
-
discord_token
MTIzNDQ1ODc2ODU0MTA5Mzk4OQ.G1TXa2.7oRt2Q-Qp8mSG4vpWmR5JEhhANuTxxOXzb_0uk
-
server_id
1191318589567934515
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Executes dropped EXE 7 IoCs
pid Process 5912 NovaDestroyer.exe 6056 NovaDestroyer.exe 5164 NovaDestroyer.exe 5372 NovaDestroyer.exe 5524 NovaDestroyer.exe 3912 NovaDestroyer.exe 2096 NovaDestroyer.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 915261.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2200 msedge.exe 2200 msedge.exe 3704 msedge.exe 3704 msedge.exe 4408 identity_helper.exe 4408 identity_helper.exe 5732 msedge.exe 5732 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe 4092 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: 33 4996 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4996 AUDIODG.EXE Token: SeDebugPrivilege 5912 NovaDestroyer.exe Token: SeDebugPrivilege 6056 NovaDestroyer.exe Token: SeDebugPrivilege 5164 NovaDestroyer.exe Token: SeDebugPrivilege 5372 NovaDestroyer.exe Token: SeDebugPrivilege 5524 NovaDestroyer.exe Token: SeDebugPrivilege 3912 NovaDestroyer.exe Token: SeDebugPrivilege 2096 NovaDestroyer.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe 3704 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3704 wrote to memory of 1128 3704 msedge.exe 86 PID 3704 wrote to memory of 1128 3704 msedge.exe 86 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2300 3704 msedge.exe 87 PID 3704 wrote to memory of 2200 3704 msedge.exe 88 PID 3704 wrote to memory of 2200 3704 msedge.exe 88 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89 PID 3704 wrote to memory of 2980 3704 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/lvVV1ALY#I0ZbAWRen3rRPy7dwZlf6KRa4L7vbQeFiaKvsSVj-0Q1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d0846f8,0x7ff98d084708,0x7ff98d0847182⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 /prefetch:82⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:82⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5428 /prefetch:82⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6224 /prefetch:82⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:5624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:12⤵PID:5632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5732
-
-
C:\Users\Admin\Downloads\NovaDestroyer.exe"C:\Users\Admin\Downloads\NovaDestroyer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5912
-
-
C:\Users\Admin\Downloads\NovaDestroyer.exe"C:\Users\Admin\Downloads\NovaDestroyer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6056
-
-
C:\Users\Admin\Downloads\NovaDestroyer.exe"C:\Users\Admin\Downloads\NovaDestroyer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5164
-
-
C:\Users\Admin\Downloads\NovaDestroyer.exe"C:\Users\Admin\Downloads\NovaDestroyer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5372
-
-
C:\Users\Admin\Downloads\NovaDestroyer.exe"C:\Users\Admin\Downloads\NovaDestroyer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5524
-
-
C:\Users\Admin\Downloads\NovaDestroyer.exe"C:\Users\Admin\Downloads\NovaDestroyer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3912
-
-
C:\Users\Admin\Downloads\NovaDestroyer.exe"C:\Users\Admin\Downloads\NovaDestroyer.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9842672264267426734,4977939782025360524,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4092
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3164
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4672
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4e8 0x4f41⤵
- Suspicious use of AdjustPrivilegeToken
PID:4996
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD562c02dda2bf22d702a9b3a1c547c5f6a
SHA18f42966df96bd2e8c1f6b31b37c9a19beb6394d6
SHA256cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b
SHA512a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9
-
Filesize
152B
MD5850f27f857369bf7fe83c613d2ec35cb
SHA17677a061c6fd2a030b44841bfb32da0abc1dbefb
SHA256a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a
SHA5127b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5896c87ce40e3b07249f46e222a71f8ee
SHA186ddf28f3858df3bfb4378bc13f2dcac9d252945
SHA2565a7172c9cd94ef90a1e0e628d300ea8d53db17e894a8305c6955670638981028
SHA512c5074f49351e30b8584a5da73888d3a7cb69ec095878d42eec9d2ac2687d97e498a4f358899bbd6f4c4d7e8679bd0ebba97353c9591198ac424e25ea73b661b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
188B
MD5008114e1a1a614b35e8a7515da0f3783
SHA13c390d38126c7328a8d7e4a72d5848ac9f96549b
SHA2567301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18
SHA512a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b
-
Filesize
6KB
MD553a7e4c178f95819c2d3bde73a810ca3
SHA1e289b8cd6ed3ace8910f876561cffd3dab0f85bc
SHA2566bf6b2813f7e635704fa3a638edc185250a9389f4830782b6080aa9501b53716
SHA512ed45dfbfe064cb7c63571238484806d444cdeaef49b60d84112d2d31ee004688531050e891a43825ad3af60a3b672a1864341390c852dcce836199d85b0049ff
-
Filesize
5KB
MD52fa2c6acfb982084fe35a5efe2b8e77f
SHA18d6b1dd2586d97820f8d1f18dfe299f5f1f82531
SHA25603bf2cb5edaae3e1117043c9f1751e4ce6a2a80e2c6da1fc4aa971e23f997d6d
SHA51249b580061fca6c84c1c0b334b03404d67a4201364fa619e6724c982c2bdc721742879f85ffdc1924df1a8beca6d542730534c4b3b24ec233edcd40aad12156f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5dd4851c045caf5c3cd6330d28a72e2d5
SHA1dd5a6d1d53d0f152675a3368ebcdd1f680fb522e
SHA256cf533bacc7160fb3e04aad5b43b0bb54ae26d812ff2317542147d8f6c3a55760
SHA51246ab351b76c99c863e6c8b3922b39f8d4d847bc41a7eb7e222ef9c383d61a19a0cd0b5674f625970e08dee66150456d4fff0bbaf817aa8a1b6b4d1f84b9f7c2f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578bf4.TMP
Filesize48B
MD546a602e8013cb6e1f5ccc2d2b88100d6
SHA162180595737dc81178fa0d72382b485984707113
SHA25680bf827a3684eb01a68f7c411e996d2c7838fcd0232c0bb502db75b1cd03380c
SHA512f4ccfb04ed83dedfe01fc89e63d1836cb3862b6332c8edb7c95b8ecd7ded99bb6994a84e34026c211c3b43b8b171047c03991d1a7ee546f97c8e3c6cd35d519a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bf772818a38812bf0e85617d4b83cd8b
SHA16e48c0bac9317f274b134e32af04d889ca52f7a6
SHA2567c8ab7512de6f8ca813d7a1ef1e3992b00e04abc4cd32649b8b3b664d27b2efa
SHA512b964045a97e1d884f688d080faecc54cd905a7aea326884133875abd0fd18b7ca364cbe76a6fcd6b607fcb2032f1f9861683311e625cd8b08b1e229a791c76f0
-
Filesize
11KB
MD5bf98e65ee610f6978b31be7d2216cf2d
SHA10f141647497755666580f26385813651890b71bc
SHA256c65fcf8e87c984bf4494588c068fbcadbb6e7608f177e226eabe00a048ebe0dc
SHA5121e96a0bf9d237b5243abdfdc6da4d887e1210eadbc02cb90d748bc5d45d8d9553506cad0ddeb83a62c1bb28286aa9e343bf38bc2ca5b74f4fca8025d039ebd53
-
Filesize
83KB
MD53a149f83e1c6d6984db3e9853341116b
SHA1c5d498d2a498e5cce8f4c8a5f92392d146662162
SHA2567423e2f661bb0127b386e76c019099bd96610a905d9f4ec6204a88154ee55235
SHA5128e01072e43a8575e02c023f9792a5a349f63bd3f8a3d0866456cfa765477f5b99693acb2704205b2be9a38550f5de9861fbcfde3e2cb9a671b394ea7869706b9