hxxps://mega[.]nz/folder/K3Rl2RJI#l5sxtRT6IfvSSQ2sDRv5dg

Analysis

max time kernel
200s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 03:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/K3Rl2RJI#l5sxtRT6IfvSSQ2sDRv5dg

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
285	discord.com
262	discord.com
263	discord.com
265	discord.com
282	discord.com
283	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133721414002327852"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{015D10F4-3B92-422A-A336-A5BAF5F41C7B}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{65DC116D-E864-4256-A93A-6DB56481EBFF}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{B695E89E-7FF3-4FEB-B4E8-B3634546AF43}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{7F31A705-FC55-4A0B-B316-A966BFE804F0}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
6080	msedge.exe
6080	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	348	firefox.exe
Token: SeDebugPrivilege	348	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
348	firefox.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
348	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 864	4836	msedge.exe	114
PID 4836 wrote to memory of 864	4836	msedge.exe	114
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 2364	4836	msedge.exe	115
PID 4836 wrote to memory of 3644	4836	msedge.exe	116
PID 4836 wrote to memory of 3644	4836	msedge.exe	116
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117
PID 4836 wrote to memory of 1640	4836	msedge.exe	117

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/K3Rl2RJI#l5sxtRT6IfvSSQ2sDRv5dg
1⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3816,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1
1⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3924,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=1044 /prefetch:1
1⤵
PID:596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5444,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
1⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5456,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:8
1⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5824,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
1⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6132,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
1⤵
PID:3560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x2f8
1⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6488,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:8
1⤵
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6552,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:1
1⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=6908,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:8
1⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=7052,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:1
1⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7568,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=7580 /prefetch:8
1⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=7552,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=7540 /prefetch:8
1⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=4980,i,2727319350781907497,7925939240893079607,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:8
1⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffd9d10d198,0x7ffd9d10d1a4,0x7ffd9d10d1b0
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2628,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1912,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=2660 /prefetch:3
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2164,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4500,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4500,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=564,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4516,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=2972,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4864,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4840,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=2960,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5696,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5664,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=6176,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6184,i,12376983291339118602,9019492870558421204,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x260,0x7ffd9d10d198,0x7ffd9d10d1a4,0x7ffd9d10d1b0
    3⤵
    PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2160,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1980,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:3
    3⤵
    PID:5588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2516,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:8
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4476,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
    3⤵
    PID:724
- - C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4476,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:8
    3⤵
    PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=5032,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=5024,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --field-trial-handle=5604,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
    3⤵
    PID:1400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --field-trial-handle=5628,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5676,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:8
    3⤵
    PID:3888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5684,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=3328,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8
    3⤵
    PID:5480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --field-trial-handle=3332,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:8
    3⤵
    PID:2596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=6064,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
    3⤵
    - Modifies registry class
    PID:1512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=6528,i,15367394107889453733,4793779384505104259,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:8
    3⤵
    PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:2548

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4184

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BAT TWEAK BY SLYZZ\BAT TWEAK BY SLYZZ\BEST TWEAK V1.7.bat
1⤵
PID:3984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:844
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d548a6-1de8-4ec7-9e3b-eb0ff0ef461a} 348 "\\.\pipe\gecko-crash-server-pipe.348" gpu
    3⤵
    PID:1464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0663543-3e1d-4cd0-b96e-d8385617a37b} 348 "\\.\pipe\gecko-crash-server-pipe.348" socket
    3⤵
    - Checks processor information in registry
    PID:4376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2976 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4703e851-d95b-4273-9c56-7283efd6e9db} 348 "\\.\pipe\gecko-crash-server-pipe.348" tab
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4188 -childID 2 -isForBrowser -prefsHandle 4176 -prefMapHandle 4164 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f62d986-5be2-4b7a-8951-32c718e031fd} 348 "\\.\pipe\gecko-crash-server-pipe.348" tab
    3⤵
    PID:3988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52b3923c-8ced-48bb-b582-5b0aa4061d44} 348 "\\.\pipe\gecko-crash-server-pipe.348" utility
    3⤵
    - Checks processor information in registry
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3988 -childID 3 -isForBrowser -prefsHandle 5252 -prefMapHandle 5236 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9024b2c0-b007-4691-9843-eb90011dd96c} 348 "\\.\pipe\gecko-crash-server-pipe.348" tab
    3⤵
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5472 -childID 4 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f015fd-b191-495a-a6a3-c42e787bea9f} 348 "\\.\pipe\gecko-crash-server-pipe.348" tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0982dbe9-a189-49ca-bd0c-4784354d60f2} 348 "\\.\pipe\gecko-crash-server-pipe.348" tab
    3⤵
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5928 -childID 6 -isForBrowser -prefsHandle 5936 -prefMapHandle 6072 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2b9c606-2a23-4e52-a29f-f8d5d62553f6} 348 "\\.\pipe\gecko-crash-server-pipe.348" tab
    3⤵
    PID:5804

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\BAT TWEAK BY SLYZZ\BAT TWEAK BY SLYZZ\BEST TWEAK V1.7.bat" "
1⤵
PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/invite/slyzz
  2⤵
  PID:4884
- C:\Windows\system32\mode.com
  mode 78,28
  2⤵
  PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
PID:2832

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\BAT TWEAK BY SLYZZ\BAT TWEAK BY SLYZZ\BEST TWEAK V1.7.bat" "
1⤵
PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/invite/slyzz
  2⤵
  PID:5448
- C:\Windows\system32\mode.com
  mode 78,28
  2⤵
  PID:992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b8786489069eae88c34af6e770277f1

SHA1
deaf08b8ee388bc93fbe0e6970ea6d8be06177b2

SHA256
f537489bae60977f3f795760eaed21c55d5424824376db583a6d2a221eed21a0

SHA512
3f1b955f7782a60d08ed927002bc49a5cd93f346a47fdc5ca1856aa5178f442ed156ffc6646eb96de41d4964900673fa931ca9c2c4055d89c15ae3116fc13c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
111591292929b6dc310077b98abe7ed7

SHA1
d697f7d20882f47c2bccba7f54237e4171f4c491

SHA256
642630036e5118e458c514fbe3ed4695ff068850d0b702b8f69144405210d487

SHA512
eecaebbb85bcc911fe2c558fc6e1a1ee641878ea1eed8dade3169d8271af9494aaf3b5e80f3b2905c625cf99c2eadc8d2a9d2df3a63eae9b40ebb9133d968562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b71d6d3727f420887ef9b9036f0edde2

SHA1
d03865c54a1e129ac2fe441ce99ee3f8b091ae48

SHA256
ab49f1216603e7fe1478b8f6ce6f81ea87d6d6183bce0377f7839e92ec64a723

SHA512
2b2fe7c9d3a8638a5c3a122eb5ef79b03c5de0a426efef6799764c08c5ab5657a4961fac5c0b97a67630e5883247338eee7ac53ee0e622ef2ecb97f1ed8cc8d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
0efaaeb615b4de56705296fe4358a4c7

SHA1
a0c05536532c9243035d835821a496000c8435e0

SHA256
06d25960a1139d2cd80890b05153a7e588e24dfb99a88798bc4ef90383ebf69e

SHA512
242d29051a8b83423815dae636b5331996f9660002d567a1eb912da3b893dca7cd38263bb896d594063dd415bfac891989361f3891488d706b71c1e4d0a1212a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
e155d0008456242f38cae842d1b1f215

SHA1
03ab1e2b565446761f143e19dd59652b946e5efe

SHA256
6a774cd75b976176dfa8f1f05f627fc4fa7e680d9dd350376e4e92ae9a6091b5

SHA512
d100ec0cf67bd5d567f50a6adf46372bd954cd349af07b6562c33beae9d7bfed237c415abfafd88d6f1591703c1bee1ce0138c1d09d8b4ce48e25310a295bc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
598c47611972d07279b929d627fe2166

SHA1
4c85154015821a03e7b3d4d8c2f1e74faa8208f6

SHA256
299e91e13118f426fedabad170a7e53f2a33075c160b68eec122019bc6655650

SHA512
56000441c41dbb0d649fd61d1adf036c18c6166ce0b4109141c68f32dc258b1dfb10f2bf6e9bafef13c0e35d7c1923224f9ad88c923584a51a848c7535503146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000026

Filesize
182KB

MD5
5259951efcd63026d444fb1c1862b88c

SHA1
9c3880830ba31bcd5be61556a4fc7d73984b645e

SHA256
e1ef8b34e202ae156b927b75534cff42dba86f7267a7323e1856cf45e931f3f7

SHA512
87b5987d1b94c62bbc1a7b4c6cd41ed17d8ee0e513e0bbfb17e30da0b3c039c6432916235e131b1cab6437a4dae07e0626530d175a6e0cee4b762ddd4f4491ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000027

Filesize
4.0MB

MD5
3a06f0349c0980249d0cc3eaab600d06

SHA1
d1abb461f14722138cd113ee0bd7fe3118191871

SHA256
1614481f187c7c4d5975c7f8eb8d777bbd1ce327d3128fb4eeb47ec90fbd1502

SHA512
3715c8824ea78829e6e5eb9cd4e22a8789ac7566a8a38dd7a4c7ea3d7ce57828628758b6bc4b13f184b844836c280c9cbf02c1fc8104d8d0342e11f1895f3298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000028

Filesize
261KB

MD5
5882d919d4595f10a61ed6a5996cc33e

SHA1
ad4f7cccce2397ae7844501d07d99eb51c1c4370

SHA256
5049796f3b17876e1ce7a74ca6b20a671083bdff834210f178aaa984a628840b

SHA512
ef6cf40b92e4ddb8a11ee637e50dfeeb1eaf66198a7ad6bfcd8b2cf671ce35215f924087627d687343323fa385a450861c56cbbebae45727ffdc758011dcb47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000029

Filesize
42KB

MD5
281bba49537cf936d1a0df10fb719f63

SHA1
4085ad185c5902afd273e3e92296a4de3dc19edd

SHA256
b78fb569265b01789e7edd88cfe02ecb2c3fee5e1999678255f9b78a3b2cc4e8

SHA512
af988371db77831f76edf95a50b9ddf1e957f0230404c8307914f11211e01cc95c61e0768d55aa4347f24e856d226f7e07ac21c09880e49dbd6346d1760b8bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
44KB

MD5
d295c40af6fca08f8e0eb5425351f431

SHA1
1d246a1e54b3a1f2428883d8c911af73eddffca6

SHA256
5d225b25d66b30563a00f395476ed701130d3f749620a63531cea09fc537164e

SHA512
9c9f23cb775244eb10f83f964b36224ad2cd5152cfa5ab82928f68ed1cb49be4156f887cc40a857b72efd0833014e4366bf136689a717dd58828a1b195ed486e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
136KB

MD5
db985aaa3c64f10506d96d876e350d47

SHA1
aad4a93575e59643fed7617e2feb893dd763d801

SHA256
234feb9a8a2c759d00a4959506a3b9cb94c772186a2d117aed973347c7ef1891

SHA512
300d0d35ebb9e27d66489ffb3e5502a4dcd3af032fb0f672d4f004e3846fb795772b6938c99dafed6fad0c25da8412d6f6a7b0221eb2540e84527703db5b7073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
175KB

MD5
7cf1be7696bf689b97230262eade8ad8

SHA1
8eb128f9e3cf364c2fd380eefaa6397f245a1c82

SHA256
a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba

SHA512
7d7c7dc08001079d93ef447122dee49abd2b7a84d1619a055ff3e7ec0009261ab6add018560bfd82ed22b29c1915bfd059f02cd83fed2e15e9af05a5d0654e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
133KB

MD5
f9bf0f65660d23c6f359d22720fc55ae

SHA1
9fa19ab7ea56165e2138c443816c278d5752dd08

SHA256
426ae06cd942849ab48b84c287c760f3701b603ebcc5c9aaa4a89923ef5f058e

SHA512
436019a96e47848533684a34e3c360f516c29b2aa2473d0a05d50c0fd3ad19eac39df2de12b6ec1c6760493efb5abf58e6a54d32080226fa1765983435634d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
ae7b92776071cf16a42f37fe79760269

SHA1
0a52bc7ad8106b47b5d97211f5ac63e3c674b494

SHA256
572172e20883e412cb1df24b2fb3e1a4421253afac943a9427e213384d74309b

SHA512
d25f26792b6eaead38c63ae2fb55de9bd36166ac86978b2af88eb3c52e09ec8afbe0836702bd2a2b105c116b309b3ef79c8ae67a9ea39fc26cb20332663ded15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
2733c0c82bfb2d4ae8878c818a3aa7df

SHA1
56283cafc96ae7b5c3a6079808e1e1edd79c6246

SHA256
852acbc45b534cc798975887323b55a949c2bd9aff09815d77d9153050538a1b

SHA512
c0d4944eefe87f7444e1b0bb2b35dcac5b4b30353721ea397a743de88597a109f8d3c0ca1e985edcbd33286c8f989ece8901d255da3d7660956c6e5465c84f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
7231ce44dcc25900327723213ba289bc

SHA1
69486ed03f8bd2124a535b6ce95839499c0aa0f3

SHA256
7e0456783eefc7e4f8120b030cd22e0b080c447e03d5804ff3a2bc07544271e5

SHA512
81e9f4e1b565aad11c9d119b443cbcee6fc207a33a0b069b7553f3ac8f05a26699af5138460563fadc4901487327e9acdd8a39376c8c00cfbda848ca85ea51f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b58754c8a65dcfb44f0dff08d886d600

SHA1
bc2986a99796ecc74d907ff184c47a50b1120811

SHA256
e6103a5ced366b903945ace20c4b9afafb5d9d46dd4f797cca6f2308bdbd7fe2

SHA512
7e30f6a94303e4985e1342a844ef588c27917fad0f5bee32c83f9d6eb3a9f1d620fcedcf4d29f5ff42f826d729da16cf5728429e5abde85757515722ccaf03f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
e84efaf593a388196a66177eaee77946

SHA1
8ccf012112baedd1024ecf09e49bc780f4b6f8da

SHA256
6d68c7709788754cc4ab9112a0c4d3e54edd259b689fadd568b33199e0ec2418

SHA512
4cc08f1370368d6fa66057c58800827d418014ab469a6bad1a944fb506a6f6015b972d3bad9a85f58ca2c9e0b1998407eb5856c669a681277c28014a6f01e00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dfc10430e5b0d25509924acfd0817491

SHA1
baa85b6a9e5b1214fa552657e7e2ecbbe9758fd8

SHA256
71e3fb8ae8874e1a7265498db188b321f48f13987d8c633040b56f5af70445dd

SHA512
ec44ac7866e32098d668f5db859b9b1165ac46dff44f20f8efaadcbe901feaf3aef46a28d577a4ed7e6fda8a809e19291edbe1e6be33969f4c24e271cf9c0b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5aa84cfe3ac6c37baa43dabb4c6bb261

SHA1
b3901657c08355d64b7aca447741c7904bf5d0c2

SHA256
726b355faf8a8eb9248dc4d25d77a6d1083d6c79d1c566ce08760afcae0af602

SHA512
ebce9f658872c9e1d07895f95797d501f2d86baf0e4bb6c98115963c476a43182979e800b4089e9f3fbb968fc0a5ea11e2f6a2ad7ebc1f2b195549727e55f96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
37670248e2d2dda040bdf15458655c3c

SHA1
0801958f895cacc07c13037ad0941fc68055855f

SHA256
e4bbc8336ccdabdc2a48dce1f1751dbe465e6a142e3b466a6ff41dd1bea8226b

SHA512
37410d67317533ebf7c025e24984785fd9c0610d914381ef92be6d4b907e38683957eca574f51ac674afb16bd27bc3dda42739dd34390a37f10ffa70cb8079a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
7b62a6bb42abeed0b6c9bbcddc9e0787

SHA1
3b37d48c36a804da8c3b50ac7fce1e338c4be98e

SHA256
7222574fa2c54e652a8c9d18933dcd42c62af1bde9be62d4612bda84c83ca356

SHA512
2c58846c56307783957b832beaf13ebc67b787f422e2eea0203db5dd975b876c62ec3c538c4800febfa2206aa2a9c72e3096f492c9bc050dacc8a3ac946f0925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
e601dcf4b461017510321e7dcd0a5bec

SHA1
df2ff9beaa4462ff37b7368c4b6b7a8c070775d8

SHA256
4dd4d6f5d9d006ac57c1a3f0842d43e28bb709981bbc566e1b118470cbe8473d

SHA512
1af24d36a82eefdb0692d9269a10a15933af27cd690407b4fb18075811443aeb785c5bb71a434e37648d428305900d9cbc73c5439b454f8536ba18a5efac116c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
9a79c962620211f8b66517c6e313b60d

SHA1
7c4fabf55cdfe7e2e7e3057686ea6c432b9aee04

SHA256
d6097d92931a5520ef64ebca7b44fecf5186b7d1f458fb9154739255e78e38eb

SHA512
dcdb31f07c7a15c69adced9a5e86198f382964e64aa7a243baee9fa0472cde0e2b7d0a5b2ad01e67081af3d81bc7ff076eb430a24d9cd5f58180225b048baa17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
095fcb41fd36bfc3fe7be7f331a1d1d2

SHA1
b22d2a4ef7c8813770c23a81ef1fed2a452b05cb

SHA256
c992ed816bb397a959222d969c7e073d980084864e500366c7a15e4aeadcb3e4

SHA512
766b82cf9039f35dea5e7159741c18aa56eb291ab6665832b799e61fc9770f0474cedbe5072546b555f1c0229587567230dc740ce9015b176585ea69ecb923ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7b5dfddccb958907370e853e31a4013f

SHA1
b8b058179e7db3e45345c83947709ae9f810243b

SHA256
10d242409cc1e3ff484fbb7cb3ba069d7d9902e65d84abeec5e0a3a56032800e

SHA512
aff02cfcc6cea6925d0c00c930821097a4f5b32aab2fe909f7a463b4053bf8f7d3275f0f22824d0a7bb44297c9198897145fcd4116bfb82e2160ff8a570d0b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
fb8be08ee877413970c9205bc20c8cf5

SHA1
8b0739914d50546ce6a50140b04b45a4030c4a67

SHA256
855b4543a93766f40f2f45117d7dc0fe1902dcdf3e62aa3ebbb64e683b51ef44

SHA512
bcd5a26c4469b2f6565bc7778fd73ff481425e827d9e8448d2330905423cb5972e62d4c8738dc1664c2261c18a6f2892f67ffe01c5e933d096aff0d1527b479a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
1a97c02051a784c175c13fc536895884

SHA1
2b05c8a9fef786d0c0155fd8d9e9fd69a38dca2f

SHA256
7cba4e10d0eae5a4c1f98458698cb8c103eced71932ecfc8907714edefab50fd

SHA512
965eee215b94b8d44ae61bf14680cd9916088a3b15678a4cd3c857c355d1866c37b6f6bb1f272dfeabbde1c460e0a1b5067a1b61a1fc6e2b5442b09a173190f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
968b2f5cc40c0bb164f254c9a2fd09c2

SHA1
525e367e5f32ef75d795b9a1ddca81c51151d9a1

SHA256
7c7396e86e5376ad7f53f77feb7b01460ec389b855189aed19e30f6f84808cb0

SHA512
e80e8adaa5238101326fe86c7800aca4034a83d876966093aa3b4a62145b35d72bb20ef1aa1f49fa226cb1138f87c1f82a8b48e455deac21c0e0c00e4070be04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
8977e41b8cfa57447e3189e938ba609d

SHA1
d0d1f5906c3eeb795a72f264e8b43830f85f61d3

SHA256
df9368d8ee2ff611a4fa3fda34f01b7cb5e10ec3225f49e2e0225fd0ab06c4a0

SHA512
a345dfd1b97375d0599bfd0693b55ed08c82406c20345c487492089839d6ca24f979650be3d1b35d5d6be95c51cedf830a63a6c0bd2ece8a455cc09940f2d02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
692feaf262e7a585c822263e8527aab4

SHA1
356a5e7e7252e7b45c32ebb07ecaab85174f4b89

SHA256
d9a6e2894e7c4e59ca5d8542c8a860a4df790f4e96972bc0e337fdd4584697c5

SHA512
0f42eaadb1e628059a12ad92aaccdd01671442704b1f64f11cb19c78e9541221f602ced098d68eea4a0d20be42cc5b4acd813ee65b1030d67628e3f86609dca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Vpn Tokens

Filesize
28KB

MD5
2ab963a9d95973b9b2a2726616127e17

SHA1
8da5503720ffe3f1a928ed13ced1deafc4940388

SHA256
be64bb3000369aae846965ee2ee80b8a6bd1067137434daab66ac5caebf86413

SHA512
0f8b03998abce721d8baf0a3a6e02e1fad2dc0b6b5647f32d0d3a8e2ae64fd69279638eed892574fe7d0eccf9fe094772fce494b9203871c3b300e1793a2d7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
232KB

MD5
6e8fc20c7ef46f4100da33027c4b5b5f

SHA1
72c394bd41d54e21f3ceb608a41a49744c5e1770

SHA256
f8e6d429b42ac401595fa23b6316f4c056fcb8f6c7a6d52d72df99a1f3e71c05

SHA512
03b52f6a1b068a8329a2ff769cabb93660eef4ac28ae7373a195dfcf3d3027d0e388840ed1f2544fd0bc8b22d610172c7a1d4a17023ec679cfe3638ee7afb67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aa56e8ed-f28f-4fb0-9287-08d1ff24f741.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
11KB

MD5
f3af7ee401aa188845d8ec1d0f9148fa

SHA1
f20055739417acee3b78176c0b2d031b649a5b79

SHA256
7a26dc57f2b35c4480c8f0b83baaf5d407e96ee94b1d1d151f4d961bbc47fa3a

SHA512
891946ec760acf31c1cf4157b371b22bc7de92ff1d46c8a047fbc5c32c3ea956f4cac714c3a65661d677efca8b474ec73d38691f72352669d5832b2d942eaf9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
9KB

MD5
40bddfeb138e59dfb83a5e5f83e33631

SHA1
c0db948bab97471a3ad901532de8487abde925f4

SHA256
740f9f07ec8e88ad14396949a7cc4e1d3d087c3398b050697b67bd1bc25d09f8

SHA512
e9d1cf1d0e7874ee7cb8da32d950ca13bbe397081f14234c5afe18e1309eefafa9bb9fbd5c2933085bcbe207fa94c6e42c7c85685e21b29500b192ae0482c729

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
7daf93b136aa3906ba2642fed0cddb43

SHA1
11270fe0e98fccded748cd97b66ce8ede39f35c1

SHA256
703b749896813b261024a979e345bfd70699701cc519467aca26af1370e4d10b

SHA512
0c792b042e4e6525ebc86112010bb69056d906ecb8a6f95706ccbe63ab374cc6d953607d61e72cbbddab81a688e47de1eab233ae8dd6e96b19890310e54b932d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
922B

MD5
de39b697db2f5a674a7bda4ee374ec90

SHA1
e3d5ac5bc1d858f6d38e9b4d9c1ed02e28baa52d

SHA256
1fac8c5df866a2b53dbc812597545744ed9e0a695a9a52d57b0aa0ae980c21be

SHA512
3c94448b27d5c380659b67eaaa65b377d72f3a080cf077c0405a434e99263c6f1e077d67614352e3de53436a339ebce1c1a7692f6c6f1db386b5ae89e9fef0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
6430b3ace209f573909fb9a77249d165

SHA1
505327967470d667d839953fe1814fa5f64357c0

SHA256
3b47dfa62a6e73469577daee7db0b36d7a340107e36949f4f376562737ae4254

SHA512
eaa7323a46d34a97fdff572cdc564a7ff503b5042c2f9cd94a7f7f4db7d304aee9cdf8449b09d7d98ce49b913640817e1f8f34238de60778b168f54ff26b3f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
0bf2f90523413ca5d180dabd5c39f92e

SHA1
7d55fe14bc24d1b99e027e53285e9e7bde9d6822

SHA256
b5bd9dd1a8c8f96806c4cd51c9fa5e661d245603dc383d5cf2ad55f3815b57f2

SHA512
10e179c68968e85a3ceab2009d518c7c9d230ebbed909fb58892cfcc89ddfdbcae2781fe3a7be0759a7c0ee1768f685c70db6d6b7e2140a264618d353b72d54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
bccabd83b5aa10607be0cc3f3d537a72

SHA1
e63c8881a24f3eccd1a597c06a9546868b3e597e

SHA256
6e00028cfc707b6f49b1753b003b827367a20d8b6a0db305f0f7265590dc475b

SHA512
f9c8fcc0ca126311f79ad0c9870695ec444e8aa2ab9046fbdd9cfd2f180aab5c32688a5373bdf8a783afbb9bf03645781dd7e5b6d684dc56c96335ba1e523a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
1940daecdc0d10bfe9a32b0171118e2c

SHA1
10a721f605df5e77987109f31337556e348d81f9

SHA256
b8a8b5c4e110731f3a43e000c75b4ff93633d0f35d943af7914926660e2423a0

SHA512
39bd262c27c7ab0d7fd17d7f36ba128c1b7ac7ab7adca14b9cfd996a2ef97b6f18e00a8bb0dd78da8e1cdbd1628ad4515ab623a36d182643468d92eeae85f0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
24b0be4d24259cebf89fbcb5e04a1801

SHA1
a7972cacecd80349554a96fc2934df8cfdb10df0

SHA256
e5f7855122e3930dd145400f7e95285e91e5dd3fe046e90a6fb18924319a5c01

SHA512
498164245a0e029ab98c305cd6cfe486df47e327d25827f6eff135de247ae61a6f8c4292ac7a733c773977a049575a09f8cb745112ec278976e8ba694ba1bb2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
59301de32f7ccb0220d633d46c346851

SHA1
ed2d2493d7d9844b0c2a532aa0a6b0428be44f08

SHA256
abc326a89422e1d6888e30089fd40a3674af467393d0192ed9d9e65a5cf945af

SHA512
942a22181b4085a671c299d26a3f4900e718c40fd6c5bf497b391205f2cda14dd8bcdc415b6523e5d4464bec4fb10f82b1303d337fae232ff7cb8c36ccd2cb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
42KB

MD5
2f79d2c2f2cef51d1be4807c524f04f8

SHA1
e10d4bc564602b38793d29ae2df4254880b7587a

SHA256
bf0de3edaf2d45f71a7aa9d16251b3bcbf7564acbeffc2a315e16fa9f3814233

SHA512
57a462b8a76414933b9e10bbe54b908e65c83ad4539291e8eda3ade769c07587673d39f1b4df6537b1a5d4fd442d6a46542bd94bf9e435917e5e12db9266b55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
90b5c09df612dda3a1741c12e23814b0

SHA1
852c4680ee1534afc22f2798057aac2cb272ea4a

SHA256
6efb96c3f48ceea2f1373e87c263870b56c6c00efe7fddb29802e9030687561a

SHA512
62852f45169cafeddfc30c8a13dee03afc7c9f8d6683321410f8c9a938d7d1bfc93c06bc6def800841035a40b5babb6c14d6d07915564f83c8d2a4bb936f1e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
f0f06e100f4f43b08f83adb4d03a3bbc

SHA1
d2a346faa711e251301bf2a83a894ec00cc05122

SHA256
f8a067366bccfd65cdd273d1f84a95cee20fc741472228eb8dbbdf512748e411

SHA512
ef1ec413954622b5d778a67d5779ae34ce06235805341ffc238c36c7614775e30073571fc915e5e487a1ae1b721695a3035ca09d96c1eb87a2b00d0bb5402d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
60KB

MD5
9ab5e84888fe0743fd3bb30b5422921d

SHA1
be651eb653531d808c5ea1b32373882fd1cb7b77

SHA256
ca4f25218a40887a6d67afae4acebb40da21dca9a3c215d02c5ea1f4579e6b22

SHA512
b573b5c9a2e44d0fe987fca896d923c81f9b6c3780c50b26d0d5c8a3db9c770097349bb035496581d7ec1599233d02d4587e18103fa4fa9be8f8e74c567a6d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
64KB

MD5
a1f7e71d973b32584b90d6fa857d949d

SHA1
1f7008ee2812c14efbd54fcb0c41da1ce1c09dbf

SHA256
d9eb9c2ddf5b592d21af1dcbaf8130582f3b277ec3502ffcef11327f980e4752

SHA512
048e3c5881d291cc9ab062b4121e3a3d09707c8d798b0e9049fdc813e2e9f56281024e393b0c4200636caa6b6f4403eeb797fa49fb1c835fc2c2140d859807cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
59KB

MD5
0eda57a5c35f3e2037a666d4071144ba

SHA1
e410ec1b9f16649253a6d5256e7e6482d8aafdd5

SHA256
5f859d6a8bfb6880fa12fd7bcde539e848c74fd07c042b6e1d720deae6588d44

SHA512
fa9fed1acfce09ecb987c4a83e80d88a3f9a839e09dc33a0fc4f06e4229eb0671180c421659be1abd387846db154d28092f975a322bc231962446902ee94525c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
60KB

MD5
81cba74d50e28147896750689e6705fc

SHA1
3188ae73b03b6a4da0c57c5b31d92b8e8e628038

SHA256
3626343d1d90bc1ec372c545c8b98c485a4758f89c29292d20e4ff9f3ddfde56

SHA512
13f37570d71b96af33d33f04479f7bf8ccbebc8e3b45d6dfbc2c228bb0ba0ee2374e1f2a41cc84ba1ae6231ddd4ed8a15390d2252ebe42b7bca6cdb0bcef963b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6b36f5b6d88a080e99b8a30e54d85a96

SHA1
75b1c3cc04bcc3ee471282993f0a192ae1d616b1

SHA256
5e1898b74b03574527c57e9e30db945689d727279dd6b1fba6159cae247b9187

SHA512
9c65c1e198fc010fc6d2e2f6a07ec3558a3bd242ad6a8406a693299e69adfc4762d5086f30f80d9436ce8b74ee9cf9dd1fa0971a539ab1bdaf87e44d3e6922e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
8KB

MD5
3eda24a7299543c5cc0f94c1cb93dde7

SHA1
763f1dfbc325cca886ece486e67021f877c0238e

SHA256
91e2597f6c3e917ca05b4cd325313d5e0fb56ed8da9fd8dd90379585e500476a

SHA512
39fe105f871aabe7c9d3cf6354619d3daa583fc29d020959869493413b18c1ed06cc09ef9c3234ba072baac6569800aa6b02dfbb0ed30cb7493fd47a276abe75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
12KB

MD5
e3655bbe48433a42918cf3f0a2d8e335

SHA1
9c9e41804043826204f85fde7aef80b06fc062b0

SHA256
725e75ca87ad10739ac9cf0370e15a59e677795c8d24422330a2abfcfe189bb2

SHA512
a954645df51a8f65eafbbdf965680364f35627b83dd6b29edf52db329e24db867e1e2e441c7f9e9dc998573e1f39072c57d21c84258b8ed78eccf5a901779e75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
96a6475274c947c1a104f2ae04778d31

SHA1
e4fce7cfe7cad0eade0871976406738d063db07d

SHA256
03b112268ec2c3f5ddb1af42c0b47dd15322c6227ffd15020061d3faef5e1dd3

SHA512
fe0e3dc0086da5cc894bb8dc6319f53e056bc1f228032e37ccc730d3bc718828abc741ed39b923a728ffbd6a076bb1778c7c952d856b0994c3a22ce169920f29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
639dc95645f1ac55ecc7dddc6ad708ce

SHA1
de65aedb81ebc0f9da27124f1c5a9e00231e88d6

SHA256
0ec2886e716e9837ab4a7e031aacec52b5558bcb6fd5440d3c841ef9d084e7cd

SHA512
5a783899f4f4b9184f16d89d3ed5620fb284824740d4096254c8989513593cc6a8ac2f8cd3f203df1365df2321123e2fc954b73e93b715e8fe6abfe1491070f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
bcaf613bc1df6cd3714f1784aed44b47

SHA1
25fd06ef4767caa91ac712c99a3585ddbde748a5

SHA256
f749d4cce2fc65e26599711c0b30fbd9613be1ca8c9004b96abfcff0f7b77b48

SHA512
d55deb3168a1d04adb970785d9f950e75e151070e4876c7ec58a86e82eb879637680247b0053e1aafd1a13e2793bcceadc0acfa113e44d6d0d5524be69d65dec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
f95f3a46daeb8220a35c51ecd470f018

SHA1
83785c3db5bb3232c4713464d02e23a197e80301

SHA256
05b453e2bf6ba9551f182df6f67a0a6588708f3c961c376cea5c76c9f8ef33f6

SHA512
eecfb7b98304dc49384afbb9bf807c4f4249021b3b8688b0a95d864c641365a51d8c27ee15266c6bac230600672706e8823c00749e60f287dcb8ff66adf78422

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\267ab1b8-07f9-4fee-878a-e59ef603d76c

Filesize
982B

MD5
8fef607380d17787b2e17321f80a9115

SHA1
0cd22ae40ab310abfcdbf1dad505b06efcc383e9

SHA256
89765f837b2781eb1981463116544c8529b44da64531cbd508e65cd89f431a5c

SHA512
1528c42e7d66d74bae9496dfaddad49cb080fbed632007b0193260526d0b80acd7f72c6a5b6f0b1689f4aa9a3421980783cfa9bf16c802e480f8ad095c372b71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\a6f477cc-1e30-49b6-b075-0b748da1b171

Filesize
8KB

MD5
210087499af9d280e1218aec78503890

SHA1
07cb0968c17dd138bb17781c4f50e94afd752e93

SHA256
48acaef3db0078bfc0da0b51243a1524da1df789fe044f2bd503526fe525686f

SHA512
286fa5da9bd779571a09ca9328cb11171e3c5356a7c81c26640e692432fcecfe8536bcf4943007b55c987c54be449143c09d9b1b35f713c6cc4c7dfbc766155e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\cfb3ed33-1e1c-4b0d-9407-fd714050e6dc

Filesize
659B

MD5
0a9460764fe83022f69e70f0ba65a660

SHA1
466090fd016baf00d21b01bbf45a048042c83e29

SHA256
97396f1f3822afed615d5ec0f6f1beaeec1516dfac999e0385eb8a46cc1059a1

SHA512
dcaf713078f27c4ec931b4e11330407df1a115ff3aeb3dc511aef3d1081a74f205d9fe883c809c0a2c2e473925cc53e76b4c8b463dd8453ec36af6173ccda1e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
5d58a529726fae14bbf69f3868f762e4

SHA1
9ee743082fc9eeae01b465b3c1e47100ffa19cc9

SHA256
348d224a494805b5824cdf7342bbe51e6e014be2127bdfbbbe274aa1074e781a

SHA512
4cf71f68a08955ea0300ca5c47a28d25ff67ce7f6f33f35b883f56316c52e6f82688290fac96d71af6735a4f0e50676a6922b3536e2de54084ba840ba01fe65a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
f342f4ea79f75e5518bf7793b783cef7

SHA1
52b9b7cdb4cb099c01980995fea44ff129b6fda5

SHA256
ac8e72536b3536a866837ede391e00adfed8f483c82456ed08524a73a684ce20

SHA512
35833a414c89217c5fd309dea1cea7edb75fef0e01d232327a6972543917495cae00d9858edeafe799bcb56cf06fdecc82ab46953f1f31488ea4405e5f0f6848

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
b7ab7297345f235a0e6940cbd2746cb7

SHA1
e6d912f126055a688b4e42ee2e0745a85a53ee4e

SHA256
553c5f2aeddde3ace9413a34897eea72e4a5cbba06fe979002838d246686de46

SHA512
4ed2c71ec7cb104d7dd98daf35fdf81ed8c8d9af7a44b3ca6421cb5f7959cd53efa93589b21869a21491eb7bf5ff06a786f0e9c67c5b1bc8bf97e5e9bac77458

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
bcbf354e844e4388d1d5fdca910dc268

SHA1
36b8c2a041b243c949840468fd501cf9d8bf36f4

SHA256
86216ae29a5986768b69792577434336be7a6d82dd324c8c4abbce1611e73092

SHA512
5c2ecdc9cfc35c0a6edb61cfab5cad15ad60666e7427a9193548a4518a6822022ef5cc1606599a5e4659b59924c9f83bb778dc837f345e7d9d1307beccd695ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
dd641a7dab011235f05743ae0509a088

SHA1
ee8e80733a5eb780c2709a01651cce82ed020251

SHA256
9cb660b6e73012c1a82330c7db0e1698199ada870e89ca0ea9a4bac0fd08f68a

SHA512
5e75adbb9bd96b13d79ded0ac3b48daa506c56fb23873fe425b4129799b12f7b7d2f85c810ae1fc2a80f7e73d87cf44e3dce8b4ca22b4d721d3292407ec3947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
00635f19f1984f2c8d1de65c56132c80

SHA1
84ac74b17219ffe0e0e249762ceaf8e9ab2ba95c

SHA256
e1ece51688026528f991213086e46f8f7b210d5f87fcee8d2a356af5b268ad47

SHA512
77625b772244de555a369ae52ee2a3675d6191d86aadb62917b22fc304d88679e37462e293ec651dca4b36c5e43536b60adccad56772b6851e39cd85aa48f6bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
fb1c77d4df23d295a75ca53598d65870

SHA1
32d39997aba3cdd38f2554d1ba19c5311f57f2ec

SHA256
2ba1dae08968fdc5e08a42e2b0825facb24d807d4ea4391bcdd4854a622c00d0

SHA512
4420966733c91dc7bde17a798613ae7415ad0ac5efe9c4058e481012139498ce920cc4941910c2462b34915c4afceaa24fed1494742217236ac2123d792afb5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
5f86b0fd26c5450456ac5caea34ec0b8

SHA1
d0fdd9d7ad9eb319f2a26d459cf6bf0084c0399c

SHA256
7b83943bad4c4918adf0e9bb2c05884625a9516fbf8b9882dcfc79d3bdba97e0

SHA512
224d97c6a9a972eadfa9631a71c102eb21cad695af42f5fa7b764b375cb8450652eb01ab4fd8852d5e271ba2d99f2ed129deeaffa51f2cdfef00cf96cc0fba4c

Download Submit