hxxps://mega[.]nz/file/2zxT1KBL#CT8AZsI6fZU-PQoyyHL9oEUzaBlOlMLcLWoyPddlJdM

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 06:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/2zxT1KBL#CT8AZsI6fZU-PQoyyHL9oEUzaBlOlMLcLWoyPddlJdM

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
54	discord.com
57	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{CF917119-9384-4855-8007-73844B353789}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4480	msedge.exe
4480	msedge.exe
3764	msedge.exe
3764	msedge.exe
3112	identity_helper.exe
3112	identity_helper.exe
5636	msedge.exe
5636	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	944	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	944	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 1084	3764	msedge.exe	85
PID 3764 wrote to memory of 1084	3764	msedge.exe	85
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 2556	3764	msedge.exe	86
PID 3764 wrote to memory of 4480	3764	msedge.exe	87
PID 3764 wrote to memory of 4480	3764	msedge.exe	87
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88
PID 3764 wrote to memory of 996	3764	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/2zxT1KBL#CT8AZsI6fZU-PQoyyHL9oEUzaBlOlMLcLWoyPddlJdM
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2a9f46f8,0x7ffd2a9f4708,0x7ffd2a9f4718
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,299696611181075282,8614040606379689785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6560 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
149421d3bd4069ae7619c64489ce280c

SHA1
be6fa179fb031d66a634dfe7f1da9c61da3484eb

SHA256
066d5a8692896f9ec0f997a0c73044fa5b64b6dda6ebdc0db3155808a7b3a02c

SHA512
c9e227aa16318fdc7fe44037b23025de4d8f6ff518f00b2ff336055e0edc6f58fb616796164424b2186e9be1be409550ef52056970c912f780bddbb83c457d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
883065573653a7df3eb17210f1bad965

SHA1
d23d52f7bd1873d0cbdc3c73a363ecdc8fdf9c19

SHA256
7c774431e26869b901d05f6a15001049f7852456abf81bd494770df4ffbbf4b8

SHA512
fbff7f755820707c0b35b326ee5567e3ec6844a7d5bbe0a3ef2efda2b42afa4b044d48bd7676a0f8743bafb7b48d8352e358a8a303efb36b2c6e7e17e0b03052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
378B

MD5
56bf29e87bda4e92613be8fe1f00e915

SHA1
af54fec43cad9ae73567a424522f7e529cd61688

SHA256
10a4710a45d71b904fc78830b4852936f8f7c4a0616f92a961c0313350e98a32

SHA512
6ac432a5637a249209ef82cb1130f1fcc925d2cb7441b812418e37a12ea4c360633dfac1e5c06264f5c576a3108e926ed020b7108f78c20d4b35cbbb62d9d66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe594f7e.TMP

Filesize
337B

MD5
0cdc692009d5090817caf1654456834c

SHA1
44c6a36535a1f32b4ec4b9413188b70287680f01

SHA256
0f9d2ad7201947010220ebc2b12e1f743e99361f707c108c2c9e1fd91bab1709

SHA512
bf92e3aae46ac5210d6ec95ee22341a4acd128fd95e36c1b84f33d2c47e2aa1956332e935f08f98d3420eef575fcad3817f08bdfcd139ae4a234e8c5a2afa66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
564b20c346ba3d07be09f060f18896fa

SHA1
c1ed58e2a78ee18380a61511c6b7c4252ffef0ea

SHA256
7064f3c57fac1a2b6dee7d54681d9227e034768121e933efefe7eba6aab86aea

SHA512
f0d79073acc402a32f953aa35c18075ce704736bc08ce64c5bfb2500acabc7baac5cb131bb307b3691ae866722131c00a16851d28e0fcfec5142b491cd3ad405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a4b73a460e78236da3dab71e4bb5069b

SHA1
22197c0c5d4945b982e42ea6a8617869f25a6039

SHA256
43aeb5574d93f47940db7d0db5c1722489c4a34f113bfaddc938161b66312cde

SHA512
fcb83873973b333d6105940023d8ef4ae2293a07761b5f0b16d38a293734a0e3a95155c415dac2e798a854de5033a666bc179836fcf313b729ef26fbdda64c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d25136298539751fc7b478d4d826c564

SHA1
6a4c8fd18589bf6b7b915080f591486c4ce32a4f

SHA256
3723e7a5a899eb9b125eb0e7f4356585a41a3a43fa0cd3dd2559e3cc75ddd1e5

SHA512
1c0c7748a70bb1c9e84c1eef5012d4638f0dd2a381b1263624b3222f2c7fabffbe4ce39180686771a0ef41f5b4a5e4cbe885eb5a412e737791b7bdd75306fe6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e61e5f008b377a3b14f6e2bf8972dea1

SHA1
eeaf5944c7b8e552b019a5a2f28d02fab5c7d48c

SHA256
4f4ad74cae3a748ea99ad0f41ab05c4c96d86954638f075d8dd50ea7f4eccd0e

SHA512
6699112802d199665ea51ab9f68ad4007281b039075aa20c0fc11099afc27d5aef66895c1c0e1630334caa84fb3e16ef967f45d0a8f7b7ff3a98ce239e3913f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95d92613411b3b954b3339af4fc22d0b

SHA1
c89d65833a66002621350cff31c82159d2917144

SHA256
59160a37e835e08eac9f41c1019c7923bd5f76582dcbad6a48297be6d38b1e24

SHA512
d002da4fda463d59df0cc5bb65e21a8d8f8ff5168b6ad8cbcbe1a7cfd4d76118733c02a9646939e363201494a40c12650fb71c997cc2b17c7a83583c54683b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0ec7e2c911dca351249ecc82b0a69f85

SHA1
b20418b84bfedbd021979c1e861c895959a50647

SHA256
dfcc1afc0e2828d3b2fea218852d7593736fbd30f0d7ab06ee2af6e6207eec28

SHA512
5fdc084a3f39c22382f688f1b34b16d7779d33816b4f5add927b364b955610a542e7a684cdccfa850d41551220e056e4c73b039d5274c162081d4859e8bfb233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5fce419c10316dde9717543ce5b360a3

SHA1
769c517e9388d0fb180a920bdb0e2f1a26efa428

SHA256
802ac37dad934976b62cb65eae10cbca5d838a0c20375e6665d8fc7b8292609c

SHA512
7518e41ef386b921dd982cefc9f3f2d4ca9aef5a459be9f3bcc9d36e359fe4a251e14d8df4a2d31ac9918b90630d281645c51c5184be5621c52ce63f763066a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bedb.TMP

Filesize
48B

MD5
be4afd2147f3570a344711ddfb1bc077

SHA1
2d3c8445fcd2b16c026af3b4a7de72cd3be7e640

SHA256
852a13165214cfa1737eee6e2a3ba7ac101cf6b1b4b226f827442e56816e87c6

SHA512
584d51b5e355bfe22329db8ff091d1f30afc9c84ace71ad5dc47c61b3231b05cd469ec4f30fc111eeba8343097cc6b880163cd4c54542916329de3722cafed65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d360d42671a3271eb828f6c841031a7

SHA1
87badc347e248d15e649e4ae0fbc9b0d62909aa4

SHA256
479e70de443f4ce53e14e2c69e16873f66e52058c12aaa4b4b8be746c139e957

SHA512
7f43abe88f63b808f2e4d1b8af86154a2128b836da5e14c69c5ab9ed3aa7380d1f64d7ab9e005e0203531c649c377c7df03a50deca8810799c3b98336be5e0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
265a1e7c276b5087c232c1ddd67c7c4c

SHA1
4b86e2297edccb0ceb18e35165a8c13f1edc886c

SHA256
4e593a1c2c770f67cf09afee273d91cff0b13c451b6d51d509a963c4a96bff44

SHA512
a89b95c9d5d7ad5e27afdd1c6cb427e7e886e2e62d6bba2b321fd747e447a1c085e1cfc2c711295cd5adccfcdafb4d5ecd5bbd31b58d720699030e5d111a1369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e86b5b7839d83af98f758973a1e5a7d

SHA1
fcaff566209bbf6952f89cf7e5649e606077a671

SHA256
eab88ba4d3b545b482bc23d282282386470f1cbe0e1474072d4b3b3f21301ecc

SHA512
95b58deda174702f35fc8b85985dd243276d6aeac0a3f2916b6502ff15286cfde42f63e645aaab7e73d04d29b70c366aaf47be6b77bcf18a914f4c1c76ecb158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5450d95b54188db4024b8a02ca685e4

SHA1
b10ce0659fbc429fa8865bc2edf14d0fbe67bdde

SHA256
67e1d5b53e1a59fd708868b99a794328145b33c6ad73f47444dca11281c279a0

SHA512
cd8cc6b72cb2d450bdfd2c9a9a79b28ecf4eea5f426ae9907e39bbed59913caea07ac965b2b53e027980398f8a267bccf4ee6f396725503d26833274b7836eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f6c69d3a2a6ccc5d9e4943f00013666

SHA1
c11b579e17a2a73c6d7afed03257cd21d30cb180

SHA256
7b8fe6e4099dce86b7db61c44f719541d180e11195d1248a414357ebb2303f63

SHA512
d9ffa33b63cefe42f0586233c605ad0754ea01b86e676ba37836c7fcb8c6645d16a435c884f4383b99d4b9378ab0af9b8d7954c2c2e6516159a8f7179ce23803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58aa54.TMP

Filesize
1KB

MD5
5fa30fa807ed5496a618b585fef718ce

SHA1
4a0ee462834cab30517273bdebe9758730681039

SHA256
cd9e80bdfc99d887107340a9b713f7ef1cf642a76309d0a82c72c4e19481d9dc

SHA512
b3009507f9dcef48c64732fc0cfab2c270d80f651e8fada75e4056c4c58484596546cff6eaac4793f405036fbce868ecc1fc8f0c5d266bf3234eb72d74488275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89b89dc7302cd569fa57d8914bcb85ad

SHA1
b2397999632274cbdea1e997bf8dfded4a02d2ea

SHA256
5dcb7fea341c37e1fda4322b37797a08956d9395e2215af569665356e03d60fc

SHA512
b4c72f4ffc3296b3c16da37a219da75f625018ad907e99a4ca3a944f77bb11659327b6b7aca25ab39d7e91b3074e0e161388a135741131a9bc53ed93e943c3ab

Download Submit