hxxps://mega[.]nz/file/4pNn1JQI#gOiegCOxLMQXv2ZYaRjpDAnFURP-W7f4lobum3-Hzxk

Analysis

max time kernel
479s
max time network
459s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
22-05-2024 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/4pNn1JQI#gOiegCOxLMQXv2ZYaRjpDAnFURP-W7f4lobum3-Hzxk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608923091611987"	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\VEGAS.Pro.18.0.0.527.Multilingual.x64.rar:Zone.Identifier chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1380 chrome.exe
1380 chrome.exe
1956 chrome.exe
1956 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

1380 chrome.exe
1380 chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\VEGAS.Pro.18.0.0.527.Multilingual.x64.rar:Zone.Identifier	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: 33	4488	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4488	AUDIODG.EXE
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe
Token: SeShutdownPrivilege	1380	chrome.exe
Token: SeCreatePagefilePrivilege	1380	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe
1380	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1380 wrote to memory of 3360	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 3360	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 1432	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4108	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 4108	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe
PID 1380 wrote to memory of 2344	1380	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/4pNn1JQI#gOiegCOxLMQXv2ZYaRjpDAnFURP-W7f4lobum3-Hzxk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd8910ab58,0x7ffd8910ab68,0x7ffd8910ab78
2⤵
PID:3360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:2
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:8
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2184 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:8
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:1
2⤵
PID:720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:1
2⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:8
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4516 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:8
2⤵
PID:2128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:8
2⤵
- NTFS ADS
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2676 --field-trial-handle=1828,i,4615601245791725633,12224728340852005332,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1956

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4756

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4488

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
ace0981797850923c09b4d67cd69e519

SHA1
8bba6038ca64036ee60d141b09e080f069026c9d

SHA256
cacaf51a2d49e1172233248ad062eb2592e26d6eec2c649eb424cb43a315cea0

SHA512
4e41278997fd5d1d1d836081817aa521052e615de78d19231aa470e22acca25bcdbb8485979951db76012f062d950114d9cd8aecf4ab41fe741da3faa02f628d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000
Filesize
1.9MB

MD5
95343d5e1d94f8a392ac37c45397fe57

SHA1
da71a7d378b9f07b4fadd77bfcdd089abd5229ec

SHA256
6715e72636b953afba8a684f82959c8036a2351ba0cae4b79191a7a83ba2bce9

SHA512
3319a9ed9796a9ec97188360667123061e7dd0df4eaa1e78f9a2a2eea77b66a4a853addaad3838875297bc6c961f826faf8162aa29f8f631ff69ce6a5e1371bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log
Filesize
46KB

MD5
c0f4dee9b32f45bff9adc2dbb813d2db

SHA1
731b5f634aef7a9c69b40898a84ba3d3bd1df887

SHA256
ed9b8257f15c53672a83068f8792d95b6fade30a6c38c9e3267b387332b13b3d

SHA512
973ab22dc1ee42f9c03a658a7259d2aea7a983d411c327884c75f5cc07a18825bf188ee747888cfa49c9fb410cf114072c32664722e6081fab05363c9ef03405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG
Filesize
376B

MD5
b0d2a4b48d6a7dbb21f3370b54cea0ab

SHA1
841548f758a63aba342f74aae7c1f1035e5dccc1

SHA256
86b6441a3cee7d87c9f2416c72480801667f1f77ced4f3d53e20fbd93eb8e264

SHA512
fadd7699f4686c47da713bbf44ad80a7a609fd9e131f3e75c362ea36fe7cd7eb04875418435e126fdf49a9aea8ecd6f62d3ce267d867f2839922a655853d878e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
baa20a98ba9717afe8cf462ba4811886

SHA1
87300cbc4e4092173c57d7a5b76490a229f6f0e8

SHA256
b1919dee0a3a81a304395d484a36accefde9b50a7978d45343ae0a1de26c3f11

SHA512
273573cc0db75a38354e8d017dfa897ab24cafa05424d6b7c06b62053ea682f7f39dea3292f26538f5b8151c4c73a80dc84a0df9960670e0989439efea0f40fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
038fabeb3fe026106cde6feecbf6e14c

SHA1
984f37b5bda39df008b71450b6d9f508be564e5d

SHA256
4f4c3c2ce83d065d277421a75560be247070ec779663182f26cf02f2997f0f87

SHA512
48259c91dce391faa1004bfc6d550fa545fbcd52e2c431cdd18b67188a913403e6ab33396a519543db9a02ca7013f48dbe9253fc536156baf779f9ae1257334c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
8d24f05f8c04b4d02aec1cc1ad119af8

SHA1
6e3d855c71f6056b4fdbb8a0138e33e58566223d

SHA256
6139fa6cd337ba3f99ff66b949b1b7cccd5eb2081904d21d8773e518a8a51097

SHA512
022e5f34b9e32451304a3c0a9f469cba4fb89b78ae44f793d6f6beb1efa64b75dd807b27dc8d23b20e90bff317e59d014ef9d91cc2a5c3cf3baa35699a82e60c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
f56d2e11f4cf4a4ec4addd5ded4f1a26

SHA1
92dcf52df1fa46aca436d9b47df86189fafe23b4

SHA256
7a2bee03275a706ea7466c87afe91e3d1ffbf704f031f62f3ef59194f62cb14b

SHA512
550de3495d6e66b7f4fd465481e9963e02f5baac517ce08fb97d0a8f0ef5be25f3d75b203a8afad815b3b9eedbd289b53f7496643f05057d86c6efa5e86d5afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
a8dab35c01589b3a2753ca08741e1747

SHA1
8542827e85cf1080d85dc67c473d293bf85374ae

SHA256
c826e85aa23af0a43edf780b43faeed5b0ed356eac5b9c9865dee1cc89d2fd65

SHA512
911f5c63f03acde41f4bdf882d7433f728717a10bef9dd1b1f8a5582504c810acde38dfe019a6837a9c38acf74a72d33f6004e7508398f9dbefb973d70d9553c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
50ad0058da6a5744066691c348ca1102

SHA1
c1fa2b2c914a855cc608a4ae17af36c50dfa396b

SHA256
eb304bcbdd4fafbcf7670bca6e19f6e96cde771b1b502d500fbf6c4abe9083ab

SHA512
7c672b673316df04dc1bb808f3952c7028fe650418a279ac79f8e5c1b387ac986cdad43cbc4cc32e1b5c1f1a1a20874db17422b595007422250414e9a7cad727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
ffd88fa9e264ba07e53f809bdbf54214

SHA1
67218a428b830d421aeefdda7794289cbd0bc96e

SHA256
8c2c3613e01b5bd03a1c5f007d810cab6bf3b72baaeca996a8e293735e83a6b9

SHA512
8b3d3bfaa593074c0a9e140fd532f11b191e72b43b65c3bc650a4665c13789b7f4499579cf4ff9f756febfebf6ea03c87c317bd635074028342a6af3ae041136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
dffc7e5e9c4858cc4a9b68104c51afb6

SHA1
e01bd321035272dd520b5e0b2b441736e35994e4

SHA256
2a4ebb8ba30ade5cf7a4916ca64dbd0aed96f038a63105c84e6402ed1e0f510c

SHA512
b0b080f8ea9d65bb3300d0d3c1512362f190715726713406577a28078365378c92841fc02548798fa01a0cc964aca3a4c2684311f14c00893829a1d3e5592ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
878782ed8c2a5ca78a38e077c5ef26f2

SHA1
3485f4eb65f6df3d7b02f111efae980e3c3ae09b

SHA256
4dc7bb9bee86b765c39cdacbe09daed588700e054cc05321d0cbbdb6a2f64704

SHA512
0cb1596970605247f6511b4f8cdae77a70aa2c587d122fdf9f122299b2be98a15662e866e2a15ac9a3a01d62956fcf33b0b2b437b44a4d2423f11b6e891102c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
f9a573c5801dec24600291791c165b70

SHA1
a839887b1253110a94d1913805bff6f774a5d202

SHA256
b795a822e165f25b13298233140757a579a0e4defab0df7fc83b90df542a8576

SHA512
5ced815c1a7d3e41d5cb745cf8916acb4a872531cb822c6299e9af0ddc89167cc9ef10e62038917779dbd1878e205e21b4f9cb1e0266bfdbfefef8fc229686d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
376B

MD5
3a9f2171832b7244ce9acc681a588619

SHA1
35bd7421e94b29fec2b13a68b5201d167b4735a6

SHA256
e0e488d6bc59fe7920409ff71d5b3fdd823f4f76140ef9e6ab6bdd8a5dcfad83

SHA512
5e2b7fd26ef7c11bb5c4f1deaa35242ce71ae745fc502d3ad1ac9c4da6db6262f0d2380b037b5d59880978c73ccbac8f430855d80dd61fc35c2ca3ef1a9b3dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe57c4d6.TMP
Filesize
335B

MD5
63686f1fb1bb02b9e4c0c2d20c2660a2

SHA1
8506945ba513f1951911ced03c285b3e9c5cf519

SHA256
cbbd117e3878b874973d770c745306fab2bc31f39279b9c284eafb82a9be83ce

SHA512
75a6318efa993e2d80f16d96b0e372fa33da068e718dcdb6a173aacc885446a0ab1b2a8f46a6065b8773d40ff4e74322593ad978b9d211c840f8e217383a0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
8f5a8f277d4c9523f6526750b667afef

SHA1
390018b4967737733aab973a8b7b9b86d5d076bf

SHA256
32e128bde4c8d68671f6b8e1f034a2d3ef8725cc4a282e9c973282f9b5ce5891

SHA512
24d24c44017e10011427db127884ceb583f1a41c6818c37789bc1bb3cf6dcda3d4e84095f6b9a21c03d5d61c6fc49a6b40d594c7289ebcd1de3db23deffec6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
523B

MD5
584f6269868646765edd4f8512ffa0c5

SHA1
86b7bf19a803b779cb9eebafaa2bd8d28d11cc17

SHA256
4483d18ec74498b38f8893e490590fc7c9c013e53cf98ca543802593aa2c39b1

SHA512
9f37f8b0912d1732c4f28224c50541899c26e5ce8fb8a324c4d0fd609a71cb17f24e97f370693d80ed42e4f54f86afed3ebc17277df01a266a9f2a7757546c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f19efb2b31607a15691b863dc4ea40a7

SHA1
80608ba56c0a4e9518fc42c093937b6c9c9a02cd

SHA256
733f895b5609f090db5f167858d144916e73b9b39b1230ed3be554cf46b0c8d0

SHA512
4efa536d82bb4a450f64598ff37482ef649d2da33c78e506778d18b971a34db55300befe4ae94f66ec58bed89e8939ade2e264b9d7f072dab5ac4728c1f12bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
dc5d1f71c308d72820f9deba8a6c2faf

SHA1
f36ffefd7cfbb6c7d74ca6395d29d33c2bc0cd92

SHA256
ed48af969a9b4189054f5031a96d679a8b4199f9f6cd90486293f4d2ca391150

SHA512
5bd556d126ef8ee2351bd932b810d65dae067328d5221fd53c16948936018bf3fb45ac7069324469310a0d82a29115ad107c684e926ebc2b6522ef8188fc498c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
237dcc30b9b5be225e9be514769b02fd

SHA1
ee7a051c82a0eb951392c52ab7d14d7d3b8cc804

SHA256
fc639b112ad688b13b2e833fa1a2be0507bc6ec440ab0bb6aebc6b4e4c21edb3

SHA512
9c78025b24e52d3c9b3624036f07a691c8c05853d049528794a3597aa9cd742d5c23691853e2d324269d9d2ac7e6d33dcb361afc79f4b7be7ded1858c6aa1ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a6a3c729aaaf4169a907e84e0c7ba39d

SHA1
fca35749b51b28120ba868e1460ce336b879f784

SHA256
a8a446011b7f9eb3dd0063f230c33e40bea5d8634f310570ddfa9ae1e49c08fa

SHA512
13fee4f0984a2ecad5daba3c0087598c6fb0a67f1f4f7d108fe57ed97f44cc39bf578022ace1d0b3f5cb01f13d3417092954a3366b4e48239f563cd719b1fc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
4890ad5790317a326dec3a22969d041a

SHA1
7aa4e87a2cd9ab426f7c4b352d30062817aee23c

SHA256
27f05d5aa530cc51c69991777172e1534bc9ce9d572732d0e58e4aae02590c43

SHA512
78dc1ea8da10088398fbdd2571dd96312e94dcca1c00e85b9b1ccabd3fbff9397a1ea4090f8e0cef3ddb7eb0ddaccc7ded9c823b6aae2bd14e44728c48019cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
85832ad54baae6fed73b7541567666f4

SHA1
3052b401a33cc9a7bcaf5709cd8889cf2028a0c2

SHA256
8f0e8f670f5cfaeea6df85c2abc99fe3d43eb41bd673da59d0dd15bb635c4a74

SHA512
95f152c16e20a54ec8537e2e2a4ff7b117fce3ce6996ec8d07038aa62ae286a02a9f53223d917b29cec63d5448485f1d6e800a50e3a2de628365431e5a937642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
88KB

MD5
067d128d76870c939adad2f7632cbca1

SHA1
5b1617be20785bad2c2e383be4519298b26f6a05

SHA256
eb4cfafd6f1a778dbf8882daff378519201142c06c4e466cc8b09975820e03d1

SHA512
57c6023b6a146d3af4a32f70c876b586157c6b5a2d4c0854fca90c14fa34fcd65ad2e68c4d570a9662f79d46e2bcb88a3635f52c4724705109a89170dcdd718b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d85a.TMP
Filesize
83KB

MD5
6cd57271a08c69ca4899e18ee89382ec

SHA1
c5e10ed486cebb69bd9203685bc0c5dd3b01c712

SHA256
7537f7b71213ab1dc2d94275f82ec8b85e2d40b129114b6657266d23d6dd7853

SHA512
bf793ddeac33e0ccc53c15c082ed25769c7826eac36633f150afa77ad78e0dededd660645f5306db03a1cb53dc5f96623fa829a1f5206454f06aedcb589506a6

Download Submit
C:\Users\Admin\Downloads\VEGAS.Pro.18.0.0.527.Multilingual.x64.rar:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\crashpad_1380_TZADNZOCEVFMXIRX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit