hxxp://mega[.]nz/file/1iNShCCC#aNETgbLifSzjraFPtIxMT2WQvRWASgrYw74z3KfsHrA

Resubmissions

30-08-2024 07:22

240830-h7e6ssscqc 3

21-08-2024 12:49

240821-p2r2qsyhjd 4

21-08-2024 12:46

240821-pzt4basdqp 4

21-08-2024 12:42

240821-pxg1zayfmf 8

Analysis

max time kernel
23s
max time network
26s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-08-2024 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mega.nz/file/1iNShCCC#aNETgbLifSzjraFPtIxMT2WQvRWASgrYw74z3KfsHrA

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
2864	msedge.exe
2864	msedge.exe
4624	msedge.exe
4624	msedge.exe
3140	identity_helper.exe
3140	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1984	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1984	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe
2864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 3296	2864	msedge.exe	81
PID 2864 wrote to memory of 3296	2864	msedge.exe	81
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 2708	2864	msedge.exe	82
PID 2864 wrote to memory of 4216	2864	msedge.exe	83
PID 2864 wrote to memory of 4216	2864	msedge.exe	83
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84
PID 2864 wrote to memory of 224	2864	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mega.nz/file/1iNShCCC#aNETgbLifSzjraFPtIxMT2WQvRWASgrYw74z3KfsHrA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb8f9a3cb8,0x7ffb8f9a3cc8,0x7ffb8f9a3cd8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7095309357478725125,832114135195918235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
94KB

MD5
951533c7cfed8f96238732a137a80eaf

SHA1
acc7c8608a6fdee4eb53bfd02d58621cf3ba9e6d

SHA256
eb358f3c47c24439b77df408cfc0ad5c7649589811c8590f4c5c941a52c3cf3c

SHA512
d961adbf6ede235e7294be9051a1b5042df98253b9fec5254aec1e07f8f21622741809c287ffdffe04c3725f245cfb6580c52197bd9638b2c0b57059e1fb40d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
112KB

MD5
e3280e687ddbde57ca1cc07a5d26908a

SHA1
67eb644bbb09f272eae72c6fa4e6772ffa66b175

SHA256
ccf160bd42a057dc544fd0f817c0ac91269ca878c11704d915740a6aaf2b164f

SHA512
d430c6fa4405969a6defb70d16574f5323073bc4174ed0d6f8305ed617f6c179b32e158ac116e44f199f0aafc641883f86f1d45362605f8cfe5ca34b6afb0dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
120KB

MD5
0476a63552b5bb89c3ae7ab7233865a7

SHA1
dd94e11fb1142c9393a1d1a7b9dd24d12e8eeded

SHA256
ba7b1d49800c623fa8b95962ed031bf64427aff4ddf8eebb8ec4b50591d70a91

SHA512
2de722bd2d4a0e09a6d1fcf19248e2f754fac7ee7ced774c90da05c7cb9b66e0cc91bc605e368ab90e8cc7c9ae31e565fadbfea40b224754108b024f5b80730a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
111KB

MD5
f71b8977fdf6b5f796161dcd96496ffc

SHA1
a11666eaa603ed1dbd3ee57c040fa12a638eb16a

SHA256
079364d77cefcaeaf9873958bf7b78cde924ab80f53e5467700ca4cb6afc4e77

SHA512
974f709d4fc3857fc45fa438dc2130942ae3c29c1e63cfef60c8ef19ba59f4ff66a117ec77d26ecd7c6ed08931c2eb8705acbbb19d6c8a3a331feb197fb4768c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
111KB

MD5
9474b9e04e35bb4b785a21a85716e250

SHA1
647a4bb54f12546c7b58a3bf075af38b82c33a80

SHA256
f23c6847b9fadcfa11dde9d9dff5396deb6f67dd9f126a892ecae8b86e0ef348

SHA512
03cd6d8ec69fc7bb3de87221902cb526c1f48fbd927fa889fb26fb04d10f1fa335ab92f1d98b4c7db82deeb49c4a0bc57a508c8b9834b1ccc6eca6e2dc0d524c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
107KB

MD5
1d9728725ce5efb1431f9e34fd892aba

SHA1
66a1654bd90939bbf4524c5ad531b0f34fbb9e26

SHA256
52cddf08a03261b3a410a8157221c9f3f820a68d6415134f90a938a52da83b7b

SHA512
3f0ce092a6230177bf6e450779733a6dc064464b12918246239b6b6fee168be4b4a5f8c8ab42d2047ff259d0b3243249808bfc703bf4ee4ff7438f92768145d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
113KB

MD5
0642aa941190f4a093f4b8d68d5e670d

SHA1
0487e47a6f1b8bba35bcc49ca435315f969ea356

SHA256
a705a89c6519af808fbe00205d4ec611b0444cc90bf0f70c0d8e49123241e546

SHA512
4da9773c49b24c214c9dc02fb2c6fdf23506493f240517a6876f236b8f11059eb645aeeb64e6abcbb0e833efaa587733c3d4fb55f9a3d6e18cb0b90c691f6e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
75KB

MD5
a0f0987afd505d91f3ce4a8dffa10af7

SHA1
ddbcf88e0566f03bf23a2ae287c8eb6eba2ab29e

SHA256
1d9dbe53594f1c2306a2008206600782f9c7249f4da179bccaf9d9665b05b004

SHA512
08f616d99f5d603b584d7593c92c5dbb36eed68f85c211e96ccf0d702103de2a0510a9d17a86e6b4ad944e92d08fc49510643b6c03ca5e54dd3f78ef765a629b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
106KB

MD5
10f764dd0a9bc89176d80502eadc1178

SHA1
751fb5531b74f7a30128c87d4e444c7bf778d586

SHA256
51115ed2206102d5e0f9ebabb26f6a6a4d1493f1cadfb9cf8066c0b708c2bcf4

SHA512
93851a5e2c549ae352d142ef2763cd4545453b5ac8971f575d3b9a220219527fd5d270bbd351d7b7c56f4816c920f9d06a7aea32d0339727e08f9282331b2a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
68KB

MD5
0722cbddc151cb258a212b676630cc7b

SHA1
b35ffedce82f65c0faf3dab2df58082b66919d2c

SHA256
920ec29678c6b4005e333a3dd38a1feb029d2f971f45897c91cc8b5b46edf0c6

SHA512
66233910b566e1619b0ed0551e1c9bdd590231b7020714c8bc9e3d7a1b2dcc99451d784808572b62c70504a2fa8b569c55c3c413dad972aa0cd7b083b8769547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
85KB

MD5
72f90c07cb970a8392fffb237fc2fe55

SHA1
dea3a6aedfc97b8e2c566e7e69348d1ff85ea50c

SHA256
24b292b81a534282effd164484ca43a4eb9da02c3a379fe74400a393c63a6737

SHA512
0d7118b7570bf27e9a845211ed886189f3de35ac4963005c46bf48aab347bb84064cdf5137491dd15685243dc1980261acc4a6c571e2c6e34e3045f22b181f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
115KB

MD5
b1027dd8e46812af3256a60f1848f6d9

SHA1
615b659115111991d87c0ce055e7b9b81eed6df1

SHA256
dcce7d12eb0a729c3e02deb16bc066ddc551a54f3a4e8d28061ee474a9c1d235

SHA512
e833f41ccc9a20631d8834ed847844f1ee90d9b56895a7a32d7bc35c8e4b5bed7c7088ae533f52d7a7cff66f21a237a5cbcea434087c8386c0849f06bbc4a45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
29KB

MD5
19322b8d6faeb55d56ae4014475dc22e

SHA1
386506775d5d5a101e590b161334d4974156ae8b

SHA256
22fbe3fedce0c2551ab0243fc1f19a7d0e9c359164b0db38f9c66ba870d52bd7

SHA512
c174932fb311e5eadd99147c71222d206185a9db15789b3a5538535d460d3157ec4e6138152367b66c19cc3cda258d408df295cb8a47f378f6aa544275f728f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
101KB

MD5
d78377259cdff96b2245c9ad9749fa97

SHA1
d479ec479e978ce1a7e484b5c12855ff77106f10

SHA256
f66ac346d906af534ed582c9f604ae7768c8b5ecf3bc466a9d4f080440b9e0b2

SHA512
4bb11d8807aad923abccc2f7a1fd226c9c2f7d9e47e1131f4ff2e12eaea1c9ed457ea90e2d329dc29f45b9678da714e55e28b94dc0eb0c6f219f874604854dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
82KB

MD5
c19ff819f3d1d1edb825ee63a8905bcc

SHA1
9079d2dad156e85a0dca1818566a67f2bf0a2b91

SHA256
4512a808a789db355ca242362f58ded7f6743b2c7e080d22d88b015e543f51cc

SHA512
5630f9c3fe334231532072c7acecdecc3014baeeff1b17403a210c6006cc81097bf72be9f0c6f13ff0bba443b9f808f7bbbca92da981233049b071761006ad01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
114KB

MD5
9621eff1fe1bdf91bc52832ddacf6e10

SHA1
96230fdade1abc6e0ae598e57e1aff623423d874

SHA256
22c8e950749ce33163acbfa7c0ada4e0a8d65f4a0a4a455057abe693520dcd66

SHA512
99dbc427e2a6141aa1530d643116048dc22af569648d6bfcfdfab3bcfb216dd3b297fc0c2ffc2a4deaf114d7822d6101bc61afd679ae8ddd4eb9772059bba34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
102KB

MD5
4c3fe9e09d40c22551c2d2c7f90bc147

SHA1
1ce45115662e58b1ad0150bfa891d2441986f584

SHA256
6b1ecb32a6a47d6baef2f4e42e53cb66471c85ba393d5da09284ddeb02a03d1f

SHA512
07fdde2747beaf1265980bf61069b55645ece477f42859003acb31aedbe619a041f6070bd540f164e345e5b726260860d1410213b756131db25e3ffa629f94de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
94KB

MD5
d8cafe5d2171c16d2813f3537e96c2e9

SHA1
7fc2bc3059351882d1e8744c972dc083098080b2

SHA256
40b997bd13141cc96dd6d3de0d8b89b5f34a45c2af10431188dc44aa4da9a8c0

SHA512
7fedb38f4af23a85f8db48bb99474d05188c4b4fe679b735c231ff65b0aa9f8740dc3013a10310b3c8e8797930182bb795eea8dd8c3a9422adaadd3449db0564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
85KB

MD5
5c0c8e485dc0dba27e6c465f5535cb06

SHA1
f0838dfdfbff7c4619075ce670c2945747a4a1dd

SHA256
f861026477f80885c04e93bdd3d2d390c9fc58080e814a41c19e02c6ebf7b8af

SHA512
d321214711a49a397e54766731dfe3771f5c0074cf34d86879590a04f390408419e5800f8025321dfd66541aaf2a85d22ac03ed1f568485ed0549981566814b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
43KB

MD5
78d0ac6a195570e2319ca50a47f83792

SHA1
675c3053d38976c6d38c776ed80b2e9787a8b45f

SHA256
6d4a86af4ef8a94c8134e05b466dbfdfd7d74f72143d39e67ce099624a45fd8b

SHA512
e2d2b656a96861d7a450f9607a61148ae9fbbedd2ce17e5c823e54341f726d75b12609704cca3466e2911c1415a1c2e0cb471ef25a96e2bb8bb5f9e818432b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
87KB

MD5
e6a55722a1c21039bf6f00632d2dc3c8

SHA1
ae04b6fe8fe2356285b8bb813c0a1393954bc71e

SHA256
a4ed1a1dedaa71a6f332b19e19af3829c4946145f32cb42170b2124211f7704e

SHA512
d1bfa77fa601fccee95111a831eb26f52b3cde4062b14eca96a033611d4f7fb8bdc4f58815775d96565059b46f33843481651be2911b485c90e7c66d14bdda25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
99KB

MD5
e84ef1646825cfa23ce59a4878610286

SHA1
62b3ee78dc29d609077cd193b5943be6864f1468

SHA256
0f02de973cbd7056fe5336e94f0e559361428544187a7ac5cb4e57e5e5885c54

SHA512
25083143d1dc3dcff1f34f7ee61b244ef524a326f271b946f33051b801978adbe89c6d182b52b237e00da72e66a58875cf63a600a6c7fbcf60a4ca3ac13f2d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
48KB

MD5
aa82fc7241f57a1e3327d2381b748758

SHA1
02fb458b23e893bde880597c70e39984f8a340ff

SHA256
68ba830fa316b7ce8607353f984173baa766bb07e763be275228a6e9dc423e8e

SHA512
0742582d55edaf13320276ad0374ce0a925073e7c70749a49f5e4f5feb35c1678ead6da0355cc0cbe81774f18cec5edc8fda1daa8105b763b0e7087481b9d886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
87KB

MD5
a0be78e86424c26106ea2fa5c3264393

SHA1
32d0550421d434a4b61d8ae1e5ea2383ec403ce3

SHA256
571b4ac1212e81c7fbaebb13ebb8b12ce366a9b8728803a0167a7d5ad080c747

SHA512
a61e046bc07f45d392faf2e1a2e2a2e5014054cb76a2bda0560458e8a50f8fa3a75f75993f62874910f4c0157bf6f6e96eb58ab7b6a3e6f6860cadf97acaee63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f619a9373a84e61ac0bb5228382f5895

SHA1
b7abf0b1de1e6d88ffcef868cfa0de836b359537

SHA256
87d6f076e40392b5c26716eefa8f66489ff1a341dc2ce96be9cf13f4f2cd0285

SHA512
4e9910a93d9f4ee989d4797b9fd30dd0b3e0fd52f81b9ae97f925bffbeccd2c06bdd8ae4b57627fdf7218d7388fe7e8088844f2a57d3b565167fcc0a38ee2bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d52011f0cf8de10255767656fc6fcc1e

SHA1
b2d7255e91b08858629ea1389829af93eb065a68

SHA256
3f6fdd08b26ce0f29470f3e710394a57b744f4718cb323ca4611f54225fd7e70

SHA512
12d86c25d4517e4febf2a863f6f2ca2daea769a13c49b0d7beda62842be9bde815af51a02dbb9469255056c6d99d21630f80171d51c1432d90910efc96a0d6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
812208b879a6aaa8e005a001e3a71c1b

SHA1
9122ec606791f15f83b1a05a7d8e27d309942131

SHA256
2b360c8c418149527cf6efe91d4c9312d5f4828d6ddcce55c1d02010eb0e0199

SHA512
41d636439c9b9ee8f9357892a42e163bbf34b31118f9ec3995a4f9d316b7ca13990b23fa59111be6c69fc19062b98c31a589d59f7117fa24f918f84bac504806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a2d872594266c6314aabb8fd35493a6e

SHA1
9f97eecb1521b633ccfbd85a45ac344629815a87

SHA256
94ca273f04dd8881ab2410514abc67368d2b7d4da405a30a51e7a1ed586f0f3f

SHA512
98da11b091518cd6bdd30db4d9e9aea9e91af6b488bd9d3d6cf73aa9ec790cd7aab6a69113c9afe46d7b49015527867c444ca2fed002aa31f519b6ab23e9ce9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580589.TMP

Filesize
48B

MD5
3bf18036f66686b3dca65bf8a384f6ba

SHA1
2442f19f5771c28be4221325b489bea91951fd73

SHA256
2046d6e454ebf72b5a74a4b5fb2389568ca5625d09a75b3052de3e1f386c8e99

SHA512
1bc8003b322977a3a367306a8e61ea57acc7ddafa7f2493bc4a9b4718ff077947843b1a76dc155cfdd63e8fe8a99a12d88db9765f15f1231d72eedb81213dc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3fe55e4aaac2e811d3e02b1bebb444de

SHA1
aae3ae2795e09bc2e31a55f9c61ba9d76fc61ed6

SHA256
0a6903c08a416f3faf7a3655ef9cf9cc301dc74e7d36951c4507d1a3fbd3a504

SHA512
d51af449e98202f7ce0373265f65401e5981d864bddf49bf98ed47c4ead21650bcbb30116c7a900e73b701ab23c04c0b81c9be76e67cb2181212ff15f82f3b57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe55.TMP

Filesize
203B

MD5
0d47d727a42f8aa23896ce5667a60cd3

SHA1
2375aa99fd397aff8578b09f9f716f795e46906f

SHA256
963186327d842c9240fcc1a5c974284ab33e987f4d21d97a8bdfedad4f56622f

SHA512
be08eb3f1c3562965ffe8caeb8a9576ed12d673e0f9ba7d9cbd3081f07c1a5224be6a920f659c65c836c1ec828d88cda4d1f02a45fcf1328f50d89686e98ef8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7dd99ddae81f6b9e213f9a77d0acf1c8

SHA1
40d708ddaace5779f90b7f3ecec63abc643d6dd3

SHA256
09858c1604e95d5e3ce614df9b501d68f32961ddc0cccef37b3d6dbf4fb3b709

SHA512
f3cf3e8d61892adc42e67a7d505a8e480db8123877c9d19b676b964aa617be098461a169a544d1285c085b631cfc45e1b752ac48e664dc0b3bd25c7bc9edecb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bf3b750d35e64222acc3711d75c40dcd

SHA1
01377c767618c91380d9650c06d39f0557e8c6ae

SHA256
e5d5002c2d84312156721cc1525cb7b6744fc6fa5566956c7df847adef6fd3e5

SHA512
72c5a87e6068a89ce0fbc60dd0564bf5b69744ef5fe78879ff2da84642ed2b6da8f789aee13b81093d6a101416382ce672d913d3a85604f432f0a6807200656d

Download Submit