hxxps://mega[.]nz/file/GMIl2JYS#vUns0kth3f-NvhMxdUcmLlJA9vJjqxjEoFFo_wjve4g

Analysis

max time kernel
900s
max time network
468s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/GMIl2JYS#vUns0kth3f-NvhMxdUcmLlJA9vJjqxjEoFFo_wjve4g

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
4512	msedge.exe
4512	msedge.exe
2224	identity_helper.exe
2224	identity_helper.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4960	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4960	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 2904	4512	msedge.exe	84
PID 4512 wrote to memory of 2904	4512	msedge.exe	84
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2420	4512	msedge.exe	85
PID 4512 wrote to memory of 2424	4512	msedge.exe	86
PID 4512 wrote to memory of 2424	4512	msedge.exe	86
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87
PID 4512 wrote to memory of 1036	4512	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/GMIl2JYS#vUns0kth3f-NvhMxdUcmLlJA9vJjqxjEoFFo_wjve4g
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcef7746f8,0x7ffcef774708,0x7ffcef774718
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,611608041613348592,3399040233960327890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4d77130ab1b6f62969ec362b58560c0d

SHA1
15091c42754b4ed708fb7e5788fa978f71f82af8

SHA256
5a9ebec141286ce39589a000dfcccf4a83262e53384750f2a9a0e425a88b3a98

SHA512
6f62a37c49ef536943693ee0620bdd710cb5ad9e0cb11a5b87d11905b1a191cc28ca8090fe239e3d2041f827edf2a48ab0d2657dbb609c4aa980d5d49bf84f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
4.5MB

MD5
bfa4a7b6d5f065cad38f3c04d08e273e

SHA1
8dca17bce9c49102e40eedfdb98039b1ea5ef807

SHA256
8679e71bcbd0bd8471f29f5ccdc23da161dbe2d1896c200279588d7f1ad44658

SHA512
9c46d7e442863943ecce15c0a9ef013b93113a4a963cef67f0be71f382c9f09122bf9dfc3e26b978f0bdd15dc09b5a898df9f48dde115238f6f403b536a32f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000003.log

Filesize
100KB

MD5
b2dbebd55f7bd9ded1e8c2301e4895ad

SHA1
42bc0756eeef79152ffb5df732304f47a2a16d50

SHA256
92cce12f05ff5401cd488b0056ec5af0ca3cb849a794ab40f450c12a6c0a4246

SHA512
cd7b2ec1c4f07156a9c014a18e28addab3795c7dd5d8f592135e548a490009768d55579655244ecc6f912dd927c14237825a2c89b4b2c357973d034ce81b0d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
cd8474bedadfd8c4f015baa5d2c9b2f1

SHA1
a1932a41c4618bfa1fc60b28da080e7b9126b9a6

SHA256
47d420750ed68d11f4c3ea6738f5c215e125ea575fbfa9f61ae0a9c4b156c5f2

SHA512
e55bfabcf4bb9d0d6978f513ccf0cff340ad70baff37b89771a60efb7f25a899f5d8e2a9d56988807108c70dc822bde33b05f6aac1ce67fe630c85c0310e16ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
4a3ade37eeee2274bfd4c7903392bee9

SHA1
2602b630be1a524e5720efda11c64499e66827f7

SHA256
ae7dc471b7a9933d0361d9717da8c0395007afbab900554b14c7dac31de55453

SHA512
ad2ccaeeb1d52a54e39bc7534b2ac2440c146cda587df57d2c67cfaba294f2423ea8f86720669a28e0d92c846346d59c25afdad8f1556a9ace76844225faa42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
b1258d546200de2e016e25bea85f6cec

SHA1
c11a2e1c9182d5ebbe0f99704bbacd38c1e5b737

SHA256
1192d9e0597c93312e0c9e8755de68fd1072fc22dbaac2b8b51b6a58e9fb3877

SHA512
6c1ac4bdc6d47c0f07d2352f3969df1746752bdadd28634eea3c10e6ad0dbb1a956a8660a74ece7388489aa901a224cf9e0164b4171d6026ec7c96321b086c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
2b61432502da9851f751e8e0c28bd3c9

SHA1
3dc4ced65b05f45c9fc7ec464dc58afa7cf5d4bd

SHA256
c7d1ba3d88703300a7336ccac5e8d0982fe16339f9fa1c1bc1a7556b25df7751

SHA512
dedfb502b85146dce84281c11c68bf7c4d4dd77dd87060ee819b8dc3dbf58ce9eff36c30fb15a3e970e944bd2464c39c284444858b4cffea8c2980d99ae25164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
84d3ecd7ab758e4280c213e4621a7983

SHA1
8976aeaddf2639876d754579dbf6f8afb36ae767

SHA256
4c865a747c7da034889308e1a4d98765acdaa11c6a7119d56f8e109d5442c1a1

SHA512
c3eb76c71c198a44c7f79b28b748ca24a756333fca448f9cee75ca5c72bcc73a16e8aceff549478150e5af500274c2bdd6c2e8a5f654f22c8ee091fccea5cc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
0741eb9c81f5cbe7b1d297e035a1b63f

SHA1
6435a23e8bafaff024b9117a84881c58fb6f4659

SHA256
8c398b3b6f005bbdb058ecb9be4eb26190532db5f8396e41c475babbf45ed3b5

SHA512
c3a63e8d3323ae9e102c21b922e1c1bfbbcadc6bf87dde3b9926e3f1fe9e5fcc0895ad3267deaf54fa03aea43a00472ef914802396c86cf8e81c46e489b2f506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
3085be00b821ec3bf3b264364bce8d16

SHA1
f861278326743eac9b9f499b6b35bc0426675043

SHA256
6c4c508e18d6e582b6ab5d7ebfebb6eb7301dc348770a9ca5c6dd59f8281d525

SHA512
e62835cb7356294370c0e0c1590a5f248b14f7c542c3396c70a8a69d415c623fd3c2312765f93c97d8b8e34281a87588d1e15f430c967efbdea8119f6ebe9a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
e33ccba8ef33f7e879479b61337d717e

SHA1
f643899c24fec5039b64902ea6e268e49e38c7f0

SHA256
7445ec7e7963d38a92f8281cf15fb3fbfd6d7154e426ce4790f9cff2a922c7ae

SHA512
c4326df77f402427f10a56470b43f861acb5a61e9339b65302d0a69a03ff4603cc66ddec744ccc40214b75b917f9745b7bd449163b73eff125b4625c162ab643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
ef67bf282174638f6617646afda2b2d7

SHA1
d6e94775e3ec2a83d69a61df28cbf3869b7f9816

SHA256
09959fcf1693637ed20ef612733c990c8142b1adb5dd54eae668bcd2ff07c6c4

SHA512
e3a99d09114d27f01ad1527e066b6593d2346089a86ea98163cfe4d24fa6130e06f2a0542ddeeb0a2fd6b1558a0048d097fd177f5c246ece6304070848c21068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
ef045e4222626bae1e801a4b43f4ad98

SHA1
930cca72f86ac52bdac19528589cbb8e6dc87e8b

SHA256
88e186f45cf078a70fd584f33b04b722e398076149b227fda3aebb7fa51284a3

SHA512
5535debf6d05447c7695947fc04eff2ddcd69d0032b6521f4e7ff19921e1b0dcb3923256e0c0a3032ba3bb2c82f9e24a1635b5377a7954ba3d26f7d2d1f0f45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
0846cb8fa51f542ccbdfcb782924585a

SHA1
11bdf8f036f057a35cf9e00cfd82837c21799891

SHA256
2306d35fcc754d2e677fce0f9a22e149c9445c50e5abb6894f46150d25f1d7e9

SHA512
a8a8b4535661ab997c05956fe5fbe5fc555453b744e8a8b64f5ace5a9fb3e1e2fa3b9221d3a236543591da62b4054397c21d4e08f3788cba481b534c7964b3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
9cc4d1e5501adc25142c8e3383b00d91

SHA1
566445c728e3912097b412041a5f4744b94ce8af

SHA256
88f43005522f1e1b4cfe9ed8f2158045836a6f7f35352afd0686895513c30832

SHA512
f951f9933f84337f86451e52f6fc7dac4a9a724c73682f6f7edcd24d91aa35f9cad5043c3998e4312bc1978b01fe58b95de226707df032039fa05e265a5f2cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
655aee4a7b68b10bfed9ec51877a3465

SHA1
488edb28271e98ff6a673b44a8661e11e6b47561

SHA256
c1a715b354d62b90c80b36f13c35820c277b5528503f29c4fa370617eed189bd

SHA512
d620cadb6c84ac60231dac74ed0aaf219fde8b10d98f2536d297f9379c36576e3c63b87cf9e6a2d2ee4e9aa58daf09ed9b5823276571b9a5232cd9c108d6d1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe5867ae.TMP

Filesize
335B

MD5
36ed3def795923c7520d4d79e7c9c542

SHA1
ecaf7c5a62f5bd5f80804505282d0a6261cfa29a

SHA256
8e3879ae262f06611eec492ce4c7bfa540d6579419818a4189bdfff6bb7d83da

SHA512
d85a9cb88f5a9b4992d700e45dc2c422b63ba86fc38bd3500c8390c5bbaaf680cf837448bc55392f795a6c578397bf1e60f9815955b70bad57075eba84c173b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
e08735d8d04f386ff229cfdd8a901096

SHA1
e90c5ea41031dec6fee120cc3dff12883d030394

SHA256
dc42a69331760dd72e43c530f6bfe4baeaf1e8ac68edd7e6ac80d131afe9c0d0

SHA512
a1459dfe83ad0ce30a3c50bd9de00e56a57f66b6b96eda248288d5de02cb0bc5c22797e0a33188bfc09a66a0695e6b3c57ba5f0d743abf2c6e5a4b66bfd75386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d22aff4cca928eaff3a0458fa58ae163

SHA1
d906a3c37563fcfa1e5caa8aea0be5195bb203b9

SHA256
d5875e96ca974ba263d77de71be78fb338ef4faf69e65644aa3e94a9037c59f2

SHA512
40c250f1db9d39d0175df894f1c20187ed92e941fe8409e88b6002e5c2cea3202f50449645f3d4b73c90dc77bfec39d45c5043628afcd175f9f2132feffd9262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2b6aa842cc4b387c5a34e635803e9c4

SHA1
b0cf8eb12b7077e64ef3d63d342b8103654f4541

SHA256
7c72fc432265007988b6ede224685700abff5c0c157ac3863bb384332b3c6aa3

SHA512
7f96d128392f8e36d912e5972ae9c6b3bda26db4bb0973b8a0f88547deaffba3049d3acab29f384c6f1714799de80ba25d8872abcc7f9e14513bf6843260dc41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89952f7fce3e96aefbaeeeec1f5ac577

SHA1
8c60bbb2c51787e0deccf3e3660b9aecd043ca4f

SHA256
d62112fc07c08b70da039c5de080ab530ecc2fb8c3b328e9f32e5cb3cc68de3e

SHA512
2bceb942a4938cd0d3b770abc2ebf4547fdcb7248a2477632394a888ef3be9974854031011f66a1eadf1e4bc64425b986e99e7ae02d3eec7bb908326819bb2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a38bd29331a8aa010fa9a64ac6eb2fdf

SHA1
0f952a5f58a1c72fc2bfa430ca07b27afdf76072

SHA256
f7e54d5e42b7377c1316a795230925bbeb24ece00788b67f5ecb2990d8672993

SHA512
c824eec2fdaa0fb0e620310ad0a3f7ec56433188ece2d5032e862ed668fa50ef8a9a702abe5584a68c093a42bcd4f10a3af41aa41ae537f4ec4a0a2d43fa35ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d81007c514f926a463630a37a2c807bb

SHA1
35b0b13edd834148284d761615050d3647a67d62

SHA256
24ce62e979cb1476ef14d96beaaa4d3a0b33ab8eb2b33e3502b9dad7085c4f8c

SHA512
be24c78320b51e813eb88ade56e16b48af47fc42735d5a24e6bdfea1753f1ed1dc5e34053cb02adb97070b30cf31d02964ea363d77b358ed79999eb5e01ba675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ec83.TMP

Filesize
48B

MD5
f78e2e5f26139098755de2a10f03c596

SHA1
ac1d147a0ffde254259d5da3bf9e4a145b4fc055

SHA256
b4a3dbf787da53718f48014a8e327c7927c545eb615a43941a0abfcb976599bf

SHA512
80992a6d8154d142835dadefd621c9c78ebe65e82fc89908f0571157f583d61add52b1d62b276a11ebad0101b894f29aeac6bc7ba79a6968b2865daec7fded62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
28924d8d847e0dd0e8802ab68af14b0d

SHA1
6e11f0ad0cd96a11217c7010fdb0095db867f928

SHA256
ead720a60cd13f0db904e8b43887e82b9caa49bd99c275d2b16a66a142f754f2

SHA512
75c5db92d2391a23f6de22efc5207d32d957c4b536dcffa6a072198ff52c63cdfef077c7e4db0401fe97e205b191131fb11fd1dffa7b9ae79baff335960f7c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
26887c0d9da55ae04f376f092d3d2d66

SHA1
b3efa83e5ad3ea8d3210617a08557f65c1a06754

SHA256
b51184a91ce1f1d13c4a05cdb1f35a9887c81dd7c15592e423225419896bc8d6

SHA512
387a169b2c8fb240264ea2c595a62551a20052063126efeefabc186bab8ed99d068c6ba1a4154881f9da2f191ee4189f60fc36356c3f8596e1c10a8a54e577e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1a33c5090e660b6fb074f03a538cadf2

SHA1
a46d2a53720570112cac4eab28345bac8d3c91f3

SHA256
9c323cfaabaa9bb072e68c54f507cce1d82cb77499fad02d8f3ffafe5f63fbe6

SHA512
9b1e42f6926ac29e8669b61b1608f17c5af020e8df39ffe9c3d8be9f1da1cdafe709ef3b1c92c2cdc47e32258eb8994ca99c18b143b9079139aafa297689b43f

Download Submit