hxxps://mega[.]nz/file/IP82RRiS

Analysis

max time kernel
86s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/IP82RRiS

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
3740	msedge.exe
3740	msedge.exe
1412	identity_helper.exe
1412	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2236	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2236	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 4556	3740	msedge.exe	84
PID 3740 wrote to memory of 4556	3740	msedge.exe	84
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 60	3740	msedge.exe	85
PID 3740 wrote to memory of 5020	3740	msedge.exe	86
PID 3740 wrote to memory of 5020	3740	msedge.exe	86
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87
PID 3740 wrote to memory of 1472	3740	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/IP82RRiS
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff540d46f8,0x7fff540d4708,0x7fff540d4718
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7060805437165172366,715640967933513845,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
399KB

MD5
29b46ef2228d7d0ff5538a6042f88903

SHA1
85fcbb20e56c8c2ebcaf9d5ee3a442e449194601

SHA256
ed4d09c067524631ba4f93c8318fada5e09c4c099d49a88781733821edfe8e48

SHA512
2b20d919b16ba74a8415a64be12fbfeb79a8da66967b853c26ef9e6ca0fa103544273366d86e0587e9687796cd49352139bb29ea673f1d8afe973876d232b387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
366KB

MD5
4cf288143df40f59ad1683ce7ae44987

SHA1
60d4685f747c099c99fabc4c1f8c39032f984ca1

SHA256
658212b91e070be8ab9ebd0c92b1d26736a94701312baef5a66743542e2307fc

SHA512
ec8a55341bb32f80e7f2db5302f6c26a5abb4e7eb553a77938a24cfab01f1b926b0c8f26ae16bcf13b8e81e040dae63bd6813f32c0cb780167173bc41f86808e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
497KB

MD5
6a13884b18cabbf78b0dc2fdb195e9f5

SHA1
abca68e077dc582a30f50a9edd7a42d01bce2bb6

SHA256
d4751f46fd7156b0eed6b9e753db3df136f621e7ab2fd8dceade57242c814d33

SHA512
15b2509942a88b87f8728b76a6724424e013029849399ddc04dd19278c0064b0d961e7a33d106b2ac0423b893a37d393663d0e756b6ef11dfe26ae12a9d51f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
508KB

MD5
8963553d0141ada8105649a9cf91e674

SHA1
e3f82a2ef17ea92a2632b3a63147ca06ee434e75

SHA256
1437b41393ef2feb26a30ee4f7976119f86f18e6d53972e47895b7e9b6730410

SHA512
acd90d2bb232e90e05136d7cb960112df65b2a8767081b54e17170893301dfc4abc1ec223e6dd40a71d93c5d5b2fddd55bd91a82a1a32de7413be728115ade73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
473KB

MD5
b7b0a5c8a253b87559ed9295e45960b8

SHA1
7c4e02218ed280438be6f339765a8d74d37669c4

SHA256
6450a54915a1302d551267a155725ccca1f1e5f1072cf3313071cdcc366b5d55

SHA512
84a401572b2c9fa78b99e8aebfb55331b99ff38919a0a88342f799f57c073722b249e8015d5c7c4fe7634a1d9e19fce85fdad4cea94c49c2c35f9c2b3597724e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
467KB

MD5
1fc01f0f260606e86c2ea76517feecf5

SHA1
b90564929342dd726f5d6964d917e7953d643b78

SHA256
1e8d55392e39879ae4e19bb42ed78be4b866cb976bf9818abb75572e4bf9575b

SHA512
cf722f927c001a2bc7e184e23d3c811fad3d8503338d37d402da8c8c59f564bb8b0738bb579e34b93e354c55d544846de961999c8127eff4d717a9beb1bb34b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
508KB

MD5
e18fafb482573544d8b6c4e2a3a88e0d

SHA1
d4426603fbc0126b3e9e75101f3e66615e4f4cd5

SHA256
ec1c655986c834103452c3cf52fc5a8cea967ab8b9170dfae9d1e42959ed1394

SHA512
616fada868bca8b0885bf03610306aa7e8d48f31e2392aee1c0ff0f30707851f17889b4e7cd0a8344e4d871067dee83cbe705b1e6cb9bb3759bbd1d2e0476607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
469KB

MD5
184008aa58532dc330bbb67885cba62d

SHA1
7abb1b81031fb7b6727778860ab073905bcabdee

SHA256
07d7f1cae5f34137fc1b4cca77ca88bebb96f2ee241b4d8de4a1cb1c347628bd

SHA512
c58523981f0b67ec0e3838b2b68de7fcd02c42a2e50f6c90c3fd48a3aad955fad78dfa0d844564ce8c3164c43220008c03fb32ba9e09a60306ab351dec1f67ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
744KB

MD5
c25394ff13b9914ca7175a17fd3edaa1

SHA1
689c57fa30ebd5e915b5c9477a27279866cb99ff

SHA256
81f7408a142f327272609463c5fe63b505fb00db689e31cfcc48e5c254831942

SHA512
12ffebe14e8f6d33bf00d4548819c51472480e6778a1264ae36d846ddbbe855350416df6f41d73ed06ee66523b4f11c830b624e39136704038c83193fa810b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
302KB

MD5
d0179bd249c07b0cf46de38d32deddb2

SHA1
dc5f7e83360b6386be92c0bc5eda129fac899f8f

SHA256
ef8755958dc3ed928da3382a69c36cf6ec2bfb1a98f1d9e71165ab81fe735e6a

SHA512
c411e395acdd612519623638377840a7908c6cd5895c8c77446266f6e7114f2275d3da1f16197cd16dd98fd8ac58b06361ab3d50cd17e433cc38dc56864defbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
436KB

MD5
a649e3d93d242cfd1884f93b7baf18d9

SHA1
4739ba9d25d7b894cf9ebcdec72a1f25a6728c7c

SHA256
bed7898049a8fcc7f611383d60758510c4bb38bbcf218d3011c7fb2426a67461

SHA512
b2d9d4c935e9dc83d7dffbd38369f5f84e277b3cef9dc10b77256e0990760cada35be5d20afba0f27366f9cfc7c4239c237760c13985bc6298deee0faa399e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
500KB

MD5
8da71420c5c9639e04dbb79e7dcfea1a

SHA1
aef32b04b7fadc30f54e94f388a39701af1b6ac2

SHA256
04ab5afde4357c1aaa61284f7349461ff843276ab4d9159e2c622758fc783fcb

SHA512
444d5e5e33cb69f521889e4c0a3bfc291c9e3a5b3e349d49ecfdaed9db7118ce5b5c245eb145c016753a899b0b397debd12e52509b1a8a5c862fc3dbdfe08199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
244KB

MD5
e879c3ae7aafa8ba89bcd3603214d6cb

SHA1
0805a9cc74841bb8a8e068688a46139549e0979b

SHA256
fa9e1dd82c98301f7df56c2fa47f9ebf5155ecdd758a4566f653e2289e517ac5

SHA512
0a33c8c06d1901ba0e819c3d8f064645de4bedab3ed57a18eb7fbaf45eb843c9e1a07ef0df6c436b4040beefc81687220bfab0628f515feb12de7dd68d0408d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
489KB

MD5
b7dcbff2ba9e18098af3898797566f4f

SHA1
c44a8961721a9743d974c1168377f649f249eec6

SHA256
5e906d738618166f0b8c675399da6209f4aa8e39ffeb5e6028fe632bcf14a2f1

SHA512
6b8723c1a145500e14661ed53c69313b704f385dff8471bc8dce42fa394ba234faa579cd32c0a9668de597a7a342db0d8a4519bd6b042710c82d291a1951f428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
446KB

MD5
08ecacc180498406e3bc21de2f570127

SHA1
4cb64139aaee13a08834e880b5c64b8b33e89769

SHA256
5196455d37799a20710fb695c43f9383288bdf5a689ae84b222565a66f384802

SHA512
0e4e106341077c391c741ad99b10c96d56bdb498580414f4e6df8b4a27f77f8b5be95012e28e58c6f275a61a17dec0e1be378e20619544baa2987c75acddecdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
712KB

MD5
29ed3d2ad80c070bb8d732b41599b506

SHA1
e861ce37801dd41eacea23176cc0cf85791be413

SHA256
76baa70cab8f72e9ac1492f620725195a4f022d820d1db592c4992d62eaeade2

SHA512
1ba7a9bed82ca98e22ec8ba4152725b733e02a729ade927000d3eecebbbd429159151c52dacda4e971020b057b329bf08e688c4c929db37a781e5041ccf2d54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
496KB

MD5
070e4a70b0608b6eb0efd08951d339dd

SHA1
bd98cc13f263a5f03f03feda170ca5df4180767e

SHA256
c2de9651fe3a092706e1d9fc4e513eaa9547eb5c3ecb7126a7b7812d46384661

SHA512
cc6b545f20a24b71fcaf806aafa813228f1928394f17495f4ba9c58afd0933ac3345048c1759bbbe12abc050188f0a0ebbdc41f8d35164884645f63de2057f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
501KB

MD5
3dd44c963fc42abfbd1c1f90e2218778

SHA1
8f400ca60cf9220c4442ebbc4908c171c128d5ae

SHA256
d47e9fa83de45ec46a76313173c12fd9de29289fe47f90de646a35f9e15c049d

SHA512
eb0ae05f5b281f1352ddcf8ea613023f78cc825ce0e2a523725f85977939daa5932c52716ba7a8fad90aa076f04a3b14baa4ae5fa89cf0ebc2941ce88a279041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
474KB

MD5
42d5b1a20b3dad1d4c61540c2f37a514

SHA1
a5bc31e8926425e02c90c746619657b039a582c2

SHA256
6d5e4e88b66a2e3eb602bfafcfb16dffb512733daba0da7510e08e516c4b648c

SHA512
122df31a9436ebbec9c5b634c6a99a6d3038ea56f4a833470b953bca3776feb38828171e353d9e04c2861cf3ce178c243dedd30f3129a99c274ff7a75c09028e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
297KB

MD5
dcc48333913009fa4202a5f14fe2a626

SHA1
afedc12791979e23889df2a6964f51645bdab46e

SHA256
b84ca82038b6ec60a770099c31637fcadc63a2cf7bc10e2de49db3ba0995ff31

SHA512
4263112ac592590f6b6b20330a4a28607187b56043eef14b41a26528a76f60834eb91f0db83ca668583cd203f8fe6e42ab561185f9cfd620591be01b434b2a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
391KB

MD5
c5ba6d6664cf5b86ce2bfb81c7a89d7c

SHA1
b29556ae5934cc3ae45a2eccf8179ca354e32542

SHA256
f3399c822817498b12ebba41ea49e76e7f6d23dabfb5ae97e55c183d7f7e2ee3

SHA512
a76e8d69cb2b1bf8021aef63af0370d71734c617ef0856ee61733bb8bc44c654b45dad9a4d7d94a43982db889a1f41a6837c4638874b3b675839939957becde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
452KB

MD5
81e17fd1825ca42e110f251d4487d670

SHA1
5abe5eb2d1bb7b3b6e6e78523046d212f1cee4d6

SHA256
e87b6936b3e0df4cc2e63d7904e9d9491c5f434ed4ad2ded3479aead0ce667c9

SHA512
ea9393877a147617cf801cf382b02686c3990bb59ec014d897d34fdabe6f04522e32b936d103435727c69b7f221a98bdd1e34afc06ff119fa0b0a50d2ff225cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
40KB

MD5
71d77607b323bc20be32a02fce4cadfd

SHA1
2a18236090f47a4e1f0ebd2b9f1e4b0bc0053573

SHA256
58c04ac027b15931acfb17be4a134e35c8bdd3b99109e617895713a42f32d84a

SHA512
01e141b3c6ca46a83626f19e35a8e8ed613e2dc90fb42977752632c9818ea93f9b8f06e1a47417fe5cb8ed8a3bba3fbf62bf28da3f15c6200a6b8ccec72c4005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
432KB

MD5
057852173e958810f1de0e8adbc9d462

SHA1
bd05e51244966615a9dc2b0119f7e8cfa64f22b5

SHA256
9c90f27443fbdb85519985333a8b00c3cff0e10a2753955f41890342d64362f7

SHA512
230ec42dfcea740b4fb37e3c7559da2289b7bf2025c465bf055db75659c7f9f05ede374792b046ffb3365f8fa5dc34e23f1312984c195c32a6d42147959efc86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
301a9cc6de3df6688724af0c6fcf72c6

SHA1
4f26f993b15892c42a73307601076c7490f1cb15

SHA256
92b8f036a4fd8ca2ee30f62a0ae868a240d4245792bedea4a3a1ba7a7be2ddb3

SHA512
464a790ba37165a04f2b5ee09ab0445df60600f1c35a733cff1d40157664ad21a41144b8ca9f47d44bb50bf05bf5402db6a47a582cc458b024043e0777e1547d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
19fc8507f8caf3a120546800f2a3f575

SHA1
13484ec74b98c4e2294f147987e03b858fe75b5e

SHA256
6e49d22edf6bb0a128ce381d83b5ccc58536060f14a1e902b292cdb9a1d90efc

SHA512
2b736f30e9bffe9cab59fcd9d662e5852344946063825813fa2caa6eb68bef166dd2b16b92db29db762d5893fba06dfd1c1ec878482e18da50a80b6adeeb223b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old

Filesize
375B

MD5
36874a5468caa9d4235df9a89d733ae7

SHA1
dd6fd69ae6981c4b43d1fdddd74bbc0698265a35

SHA256
196aba8ae43ef62b3b35572ca9ea9d8fa8e24594a9b8cc184d498e51110b911b

SHA512
34df204420021f6a4516ee3b6f1ca668107ac0ec8ca8eefda5b361729e19171ddfe257bda58447cab15479b70c2a77e44e66869dc079f02a14a8a35966cf33ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe582f97.TMP

Filesize
337B

MD5
c19f596b9b11c7c32c809c0469101d0a

SHA1
dff19ad947ce667782d86cf7006b795ef5bfbec2

SHA256
f4d75b710237e8fb0d85e3a281f5fb68e173bbe4f189fe27c226872aa7391ef5

SHA512
087066bf5708dd9e960096aaaf44b66d64150e715782b1c30e0758e99a1de1a9363c8f49e7888b1802f569a3504bc9f95b4b013bcd943e616f595a098072fcf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b57daee2a1ffccc1e143e6adcfa96ea6

SHA1
e7339a88c93140dba7be39119734e2b586082f63

SHA256
61271fbfc77cea282340d07476167b2c202e6bad103a9bbc4e01f285b9bfa2c8

SHA512
845a8028f5ef9915f26435686a29210267393434c063b9e479d8a03a1182fceb8dbd3a5eca7601a3a40e2d61b441808d33a731433dea1d22bbdf00ae78745031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8139032dd2936ac9559aba33beaf26f4

SHA1
742463c76f707eff73679f85d3b40018b54bd3f5

SHA256
0ae3535de3702fb48244ba90265db444181cfa65d8a1f3bcd97ab0af4342d953

SHA512
95b8e42721cee1c722eb1f4c2a29ba16ee46f547dd61b8e219312fe6cd965299a01e93bd515f644ec79eabcc53f9c8df536cc977b743a2cefd83ab3def7e93a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcdc708ecf3c1aced4cfeccb7dde93e2

SHA1
df500f029dcc270a1596e9854b60f8ba5243f2e0

SHA256
e10f3829a35842f5d7b1273707e968ec003b882160fd808d8816c2cfa951194f

SHA512
3a94837fbc1693d8acc40e136dae2cccb7da85352d28678a63f1cf5aa01980047b8f27266f5ba639f44c20447c59a03496a6373b22c652e70884f2cc942e655e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2603b36eab0798eba4757d5a1cc8889

SHA1
5f8af53bca52fc66ec4c25ade2b7b04f1546a243

SHA256
80465e0dfe0df58e31c7cb2f0aa458c1efa38d23fd2d3eb2615924583bb9ae2b

SHA512
2171d481a31d38e85b4942d2ec0d75459943dc87c55093257e2a243ab45b0774979ac22ce30edf617e73c976d43b0165135452d1fdde54754d1d625e9fd812bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6dc7fecf84f6fa97e6a106d505945914

SHA1
ccba953b7d175af89cff094e61834ee9bce27135

SHA256
b8688da3e616b6a940bdfffbdf919ce30284a351230971e754d97b63c8e1f947

SHA512
9062dd3e9d29e6d2b0b677d14d0ffa49c7ac801747861f3453361fac11794e91e237944abbf69999384f493113e8ea0dfd60a8c6b4a8b4c513fc86ed1cd403e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e714.TMP

Filesize
48B

MD5
fb0a0d560b0d724c85f94ad1ce746816

SHA1
9c644e56e4550f0dfe8531fb7bd372f07477e1e6

SHA256
7b81d33486c6d0777307ef38bbc082952eb09bb03d3e41d28a4d5cb0cddc9b4c

SHA512
f35ef8507be34ac47c89e5e153f016c5ac7bf6e523d7cc71e564271b2b2b7c79b14dd53e2baa3bb2d12a563bc7557d447e4106fb6e41644d24161609d4638d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
82427f9fbf8edb5b71d98878ab645861

SHA1
b36814507e31d0414cb63b57a2799a582dc09df7

SHA256
78a4e6bdf6dd7f0564e0dbaa35759af7d6f74b1c764b07387ba939c17dc37507

SHA512
23aa6270bf88d9ce25e717f7ebfb076d0e5038b920e7fa7b94c47254396af52bfc81bf8d485929686dfc638b78d565a3a7bf7a5ee4623dd9d0211563716f77ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584496.TMP

Filesize
203B

MD5
c53afd447fa6dcff0a3f4dced153959b

SHA1
0292583940b5116457cdc8621491b7a83c53a75d

SHA256
9d758731fe6eb216e4d5000fdfa48fc0ca244a914f6fa4713df23f8e10f69f72

SHA512
dc395e560e09fe9f92896c3af4b8f069777fce3f8b2da2d46db6cfaf82f0bf625f02a614cb05f5b56ff1519d5325b1b898da9d696e396d78a7966e3f87d5f3a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
92c66da995f4ec71f5493c10f856c042

SHA1
48449f1da20f9cf00c56b8ce86eee8ba0bbd32ae

SHA256
e743e5515b5b154ce34ae906bc328185e719a021fdf90abf31546bd969442ce7

SHA512
97d0a743df13a64d2f02bb915aaec81858169358d71330b95e2b3309f3ab646aa5c401026cd3c1c1c804fbb50b7656aa6cb05e6acc32a6c4dbd3d02c18cac053

Download Submit