eternity | hxxps://mega[.]nz/file/Q39H0BwJ#A2erD1dC67pS2wK-D0PR2UkrWv4amcUWLPyzLRCVobI

Analysis

max time kernel
61s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2025, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/Q39H0BwJ#A2erD1dC67pS2wK-D0PR2UkrWv4amcUWLPyzLRCVobI

Score

10^/10

eternity discovery stealer

Malware Config

Signatures

Detects Eternity stealer 2 IoCs

stealer

resource	yara_rule
behavioral1/files/0x0008000000023cee-333.dat	eternity_stealer
behavioral1/memory/1284-347-0x0000000000C00000-0x0000000000CE6000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Eternity family
eternity

Executes dropped EXE 10 IoCs

pid	Process
1284	Mod Menu.exe
4576	dcd.exe
2356	Mod Menu.exe
980	dcd.exe
736	Mod Menu.exe
3228	dcd.exe
3148	Mod Menu.exe
2176	dcd.exe
632	Mod Menu.exe
1236	dcd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dcd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 587080.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
2268	msedge.exe
2268	msedge.exe
1220	identity_helper.exe
1220	identity_helper.exe
1160	msedge.exe
1160	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: 33	3640	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3640	AUDIODG.EXE
Token: SeDebugPrivilege	1284	Mod Menu.exe
Token: SeDebugPrivilege	2356	Mod Menu.exe
Token: SeDebugPrivilege	736	Mod Menu.exe
Token: SeDebugPrivilege	3148	Mod Menu.exe
Token: SeDebugPrivilege	632	Mod Menu.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 988	2268	msedge.exe	82
PID 2268 wrote to memory of 988	2268	msedge.exe	82
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 412	2268	msedge.exe	83
PID 2268 wrote to memory of 1384	2268	msedge.exe	84
PID 2268 wrote to memory of 1384	2268	msedge.exe	84
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85
PID 2268 wrote to memory of 2300	2268	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/file/Q39H0BwJ#A2erD1dC67pS2wK-D0PR2UkrWv4amcUWLPyzLRCVobI
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,16957372648014518396,4014155928581942402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Users\Admin\Downloads\Mod Menu.exe
  "C:\Users\Admin\Downloads\Mod Menu.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1284
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4576
- C:\Users\Admin\Downloads\Mod Menu.exe
  "C:\Users\Admin\Downloads\Mod Menu.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\dcd.exe
    "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
    3⤵
    - Executes dropped EXE
    PID:980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3980

C:\Users\Admin\Downloads\Mod Menu.exe
"C:\Users\Admin\Downloads\Mod Menu.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:736
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:3228

C:\Users\Admin\Downloads\Mod Menu.exe
"C:\Users\Admin\Downloads\Mod Menu.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3148
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:2176

C:\Users\Admin\Downloads\Mod Menu.exe
"C:\Users\Admin\Downloads\Mod Menu.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:632
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e9fa79bc57bfd23d3f2f75a36505e9cc

SHA1
09703cd91ba457990ee9b657b8669d257c767096

SHA256
be4e4f8bb0b64c0a5915ad1b4b1ec06a98311cbbb11a81852f24c04f2fa7aa81

SHA512
8d0f55da708851d334a39cd27c67eaeef0975ed04a7c0d9781790d7d1370399b1a6b1375205682eb4ea4dacffeb86f2fdf7b2794c237bb817fa0d4bdcde5bdbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1ca610e7856d727e570e22da3a27b8ff

SHA1
53c185155f93766167002559c89818d51f2aadbc

SHA256
bb36e4bc18e8276ac5907013d74b4b660a0c7c79e96dc6569625db2fe49ae0de

SHA512
a305c2a9fac17a519762ef7f482618ceb1c90396e3bba63bb642b371121e634f7f88c2c5a2a5aae5aad3115e32322771c846ca43763cda8f5a8d27c718d8c51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a74462beca6ffa6c6c73a80ddc1df1e

SHA1
2fea07ae2fb6bebfbcd3462852b88d53dd4a0f89

SHA256
73492a17ad9a066e6225d3f38727745f34dab700b2a718009e6b34148196033a

SHA512
1aa38e44cafafc8049d39ae1c4ac105572728c46b023f00f500f397be7b842312efb2c6655bb41cbeed07cd5566e2a0ad191b440cead1af0b6644881d529ec10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a2a95a003697ec6c30746d1a8eb8d99

SHA1
9ee76f2225017491eaeb8d9403ca0d84d4b88708

SHA256
a47d9a2bc51e8a520f436cfd014ec729f8c4b347e052d97b465cee61b220b7b7

SHA512
d87cc6baa71de4685eb3ec968565c78c7a006295db74851685a6204e10bd87bc8b9fb27d35f1d91f7252b2e1b3e5616b88577ec39a27d223d4d7e4bc5b6d9b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77fb5bc6231a7272da1d225b030105ec

SHA1
32409279cc92d653f788ba680b65060ed91d79af

SHA256
fac48fde67b0d74d17862c6fad80c8eb0682ae6274b69220f94019722ff9c6ca

SHA512
c0aec786a10185e4698de826b1a227456c81965beb037f29b6be2d19d897d296ecc6b1c41724dc2ff02bd35a368e9b08380d938861c98f2dce79ca368ec5803f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6307adabc2a8fce01467c28bdbffa13f

SHA1
66e7c835c16cba921627e3cf929c0d040f3dd19f

SHA256
f21c66fdd0a62fd2f30e60655ac628ab27947b52348f887e3fa271e96f5b6590

SHA512
e4af714377d1b3c2c2a245ce272c5e15c59923e91cc6ee6a07cc5b1029b451dcfeee2821e7467fdb87e62c6797b8e66f7220c05b8f26e5b8e6a6b20cb25d5caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57db5c.TMP

Filesize
48B

MD5
548b1d3d8003b8f2fa57340503962b68

SHA1
08fe560ed89595972b0acbbf5e7ebb453f1c4b59

SHA256
867a9237b965f42cbc15e30d348a8f8a16bc761e10d7a073cce7d3f8108e08c7

SHA512
37f4389f5e2beedc2adedafccd911cb1f870a6656358be986d2b68ca49a5d0f1b73f8954a26c26128854784c68dc0a9bbdf255e434768a23f01bdd95881c9ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
6322cf31454672d1da97c8c5f1c4ce10

SHA1
47bbf643a9f7d43461141aade6bb87ac427646c7

SHA256
3241d33416640371530fe1a45805069cee4cd5a867a89edffc01c70091f8aa03

SHA512
d75dd32006b08b3cdc4fe199f74cad7f42a33419a8814702511c271f0329373f2947c7959a36b67cf5f10f81a88e137fe13d9fe44222cb3af3fb4a86a69846af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5819ec.TMP

Filesize
201B

MD5
7e89e443cef43a4b9beb2f2dc2901674

SHA1
c5c7ff43ccc84417aa1f8325d8cc49f74ee06c47

SHA256
b7cf195fc3f634545c4299b0dcc134c2addb51b25e8be246c74aa53a79ed829c

SHA512
3da5d015087061e80390fb3fb0915c5eebf616afbf268c8bfeb365d2597da0759f0e17a84ef5addee814630e5144debae0a2cee620d061316aaed4f5a45245e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f472dfdd9bfdfc24f39f8d93b6583be5

SHA1
e37432c1b608a9a0a7f6ec9da184f3ed91463f97

SHA256
888eff4c6916ef41b9801802eb893f8d88b90eb232f896e0dcda40eae997d742

SHA512
c39c68e36a2bc034d8c053306fb9c0aef924b47892bf68e1d08455101e0e0c0485c48d05c81453623636dfdd2e102d46ed3a1d3d224038ad9c7cb80035d8359b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0fca13b561d8583157b93381c6885d8e

SHA1
a1e72bf2d0dfd84267d887864437c14df1f12a4e

SHA256
dd7504711920dfe0025708afe244edc7b355957c64e0ea4a14dc938d9a5b7b93

SHA512
237507294fb11a2afaec9b259ca42c71c547bb911b951d7fddf8098f62283e7e091f784e275f3b64a1be8cf0bc13a8a205bbddaea43b7956dbbcbf27db659203

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\Downloads\Mod Menu.exe

Filesize
888KB

MD5
b7306bb23293f32c58e4f91e855f6f7c

SHA1
9cd2da67f41c6290a1962e750bf8e4b35c5cc33d

SHA256
4205effedccfa2cd4bc6316bb4ce367729b5ddafb79d72b429a8fb94f51ceaf3

SHA512
0a8e6a928efa150ae9a9e323c6c731839601a38d07e8c0952756a5088cc813ae61502f7a347ee11db78df635bc2727e975ba4bc5d4e07f5bedd10c8168fe27e6

Download Submit
memory/1284-349-0x0000000002D90000-0x0000000002DCE000-memory.dmp

Filesize
248KB

Download
memory/1284-348-0x0000000002DF0000-0x0000000002E40000-memory.dmp

Filesize
320KB

Download
memory/1284-347-0x0000000000C00000-0x0000000000CE6000-memory.dmp

Filesize
920KB

Download