hxxps://mega[.]nz/file/LqRSRCjQ#c-5Psw7KDmSxCWQT5xtRPLcHTwxjSOnSAwDNfFDUJ44

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 21:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/LqRSRCjQ#c-5Psw7KDmSxCWQT5xtRPLcHTwxjSOnSAwDNfFDUJ44

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0007000000023564-226.dat	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 397734.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
4968	msedge.exe
4968	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3364	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3364	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 3588	4968	msedge.exe	84
PID 4968 wrote to memory of 3588	4968	msedge.exe	84
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 4020	4968	msedge.exe	85
PID 4968 wrote to memory of 1632	4968	msedge.exe	86
PID 4968 wrote to memory of 1632	4968	msedge.exe	86
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87
PID 4968 wrote to memory of 2964	4968	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/LqRSRCjQ#c-5Psw7KDmSxCWQT5xtRPLcHTwxjSOnSAwDNfFDUJ44
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a6f46f8,0x7ff90a6f4708,0x7ff90a6f4718
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1776,2488477871068016197,3284021482593292812,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
83c11c08a355f8e047735ebc23dbf9d9

SHA1
ba5df34662ea3ef2286adcbba1d4d876b8b764cb

SHA256
d983569060a68ffd253f4fb1068e9b8645fea0aac2f21625efb3b5717602cdb6

SHA512
970b5f9684ad6d989882f47396f867da875181bdf7282e0fb034d690d63d1214ca5cad54b8609ef7d0dfabb81a0370c4c8ce2677faad3765a7484c9b4a0dbf26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
4.5MB

MD5
5d8adfcd42268885380d907d9d9f731b

SHA1
4dae1df97f982fa26d60207b059c99ef5c762462

SHA256
07af2ba5a2de66844bb637c5802cb531e0fe9603d2e0b0c26ca1353120a7f435

SHA512
57b01db4f90b92775186b470e8daf8759732e984823efe5b556b276339fd08d05ad9c5b86fe8271a4532e8bfe7daf032c5ff295131cdb8847d28a281feb3f389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
67KB

MD5
671fb365422849226a5ca03ce06eb98d

SHA1
1db04ea531931996af2d6f8446e12e3da421f45f

SHA256
54a44445e5ce277bec1b05e4a80c6b50ea14b3758d00ccc20430bfa62c62123c

SHA512
9c9cd4061d5863285001ec2d886eca12ba72352dff431595785b0ceea803a294877f4f26e96edfc7e6c35185b96ae0084db93ab108b0f9611cdc1aa06b9e2504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
7d11efbb7450cc4fc8afde6aa4dfff43

SHA1
fd28ca12b60b45b92137397b8d573cd5ad08c4b5

SHA256
b8f6d2d1115750d04e2192882f2eb18951e84eb524e8bf893c6c8418260dcb8a

SHA512
cb9cb753ee2b10b8d2bcb444a639a3904a437742078b774da8be918f97db43bdd5ec3cbe0508af4a32dbecf97010d6f2582938cfc6d0871f46c36611d14f1a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
09af0eaaa90557adf78aebe748df7686

SHA1
dc5999a8642aed066289bd8509c42dc9932f6f2e

SHA256
8fa8bfc2aad190765f8661d09051ad15f1a99897bcde6f9e08694242095f1c6b

SHA512
6e189a881a18d5a2c1fe41cce30c7667e6f89798e5fc7ad0aa8aa51b588a97a25af3d3040bd0f34276d078fa9672f8b57c616498c58b6c5bba5d77b1feda011a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe58532c.TMP

Filesize
335B

MD5
ebecc13001b89cc11b3b1a99d8c51048

SHA1
2816e72b662e866ad61e314fc47bf2f0c58712ed

SHA256
9a94346fae56bc29a4fc1b92453c1a0c3ac11fb376e20c208c917e33980ea697

SHA512
8b4b8a8c807826d238e39e2978cf46e064938b34d0cd7c4f7ac38393bfbfd8d8f0707ad4f67a9660f9de895e34122af62accd4d6c2768e502210ff1e1913b259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5cb6b294ab835649ab1bbc2374781f34

SHA1
9e215c47b5324d10bcf210adb9271abc7ec66622

SHA256
b5732cff53cc134636a5977a2ced4a6d219ade397cb0acd0c8d374570b712a66

SHA512
d5b57c1859549d09df1498ed16f050fd960a33e858200fcf6499a7373b7d8a6d388a2ce2e0420a755c1388b7936a1b5b78948fdfc963579e3f98283c9af44b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
891e0820a2d48a8609cfd35bd2bf9fa3

SHA1
626600b87573551fbcdb3d284484807f38a68cde

SHA256
e49863edb376a7a6d8619d0c908d719d479ddab283ca47a72242a49db5fc8bfd

SHA512
811c29d1090e908f14858052efcf69ea9d34e398fd7084879f81651a03465d39228433adca49f24ab56a482420bd02379d9a449ed577cc88c3b1a339c13bf74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3edf0d174afdf991280d5956d1d64d7a

SHA1
cfedb85d0c49fc511cc0e19e3dd720968e5ecae1

SHA256
4778fb12d850cf94e7b577e8bc359145fe0cef50e9be0ca2cf5b149810895adb

SHA512
f299a39f0b94b14ea3c893df5f1e4a8a0de59d43348f2711c91c59a38707015019204e016f2e0051efdb3eb2e6bf9e1c33abb580f1668837ffcfd804fb35427c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a18414a5447d8ca14b58de6d2c967b28

SHA1
19d8429017d01a616e17ade1b7b00818b4089c1d

SHA256
6c8e48993832ef246a25d13fb726b048022c50ba61791e934d1c617006c22e77

SHA512
1dfde479943920ed0cc907b3a7650c54ac274cdd878d1efbd2908a49d24933bde925f77d361b95978331d6a02ea7bd1ea57314821904fa37138d28000e5152fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586fcc.TMP

Filesize
48B

MD5
34a4187de0acc8cb95e839c984783036

SHA1
b1b99d6a536605160bf200f6638d65ba569a2c03

SHA256
b547da33d81fb34845ce6bba744fa858275c9798604458fbdee40e983819f48a

SHA512
e06292ee78807539504c3c05159b2ed6b360a486f826185a1bc3ae4e1a137430a143be3913a1a4ee6109098247c67cd4a71e6acc4c523a036f0023e8f7cd34dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dec52e08cc8adfffdc8ef84daeb5d98d

SHA1
f3bacc74dc3a283eb089e2d2c78169ac1d195a22

SHA256
681187416595684ede236461e94d39683d4f7e8065c5e0bdc946a219ef53ec18

SHA512
1697e920561a86c5bb480d1d2d42572e921bc7fcdd89f802d02d796dacb0e4f195370b9c107c9b7078adf57b1d10a2b663cd51454033da7ba8e0e4390e4c06b9

Download Submit