Analysis Overview
Threat Level: Known bad
The file https://www.deushack.site/ was found to be: Known bad.
Malicious Activity Summary
RedLine
Redline family
Xmrig family
RedLine payload
xmrig
XMRig Miner payload
Command and Scripting Interpreter: PowerShell
Drops file in Drivers directory
Stops running service(s)
Creates new service(s)
Reads user/profile data of web browsers
Executes dropped EXE
Power Settings
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in System32 directory
Suspicious use of SetThreadContext
UPX packed file
Drops file in Program Files directory
Launches sc.exe
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Uses Volume Shadow Copy WMI provider
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Volume Shadow Copy service COM API
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-25 21:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-25 21:57
Reported
2024-10-25 21:59
Platform
win10ltsc2021-20241023-en
Max time kernel
105s
Max time network
106s
Command Line
Signatures
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Redline family
Xmrig family
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Creates new service(s)
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Roaming\7y8.exe | N/A |
| File created | C:\Windows\system32\drivers\etc\hosts | C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe | N/A |
Stops running service(s)
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Deushack.exe | N/A |
| N/A | N/A | C:\GoogleUpdater\downloadedFile.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\7y8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\loasder.exe | N/A |
| N/A | N/A | C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Power Settings
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
| N/A | N/A | C:\Windows\system32\powercfg.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\Users\Admin\AppData\Roaming\7y8.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\MRT.exe | C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1848 set thread context of 2184 | N/A | C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe | C:\Windows\system32\conhost.exe |
| PID 1848 set thread context of 652 | N/A | C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe | C:\Windows\system32\conhost.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1d77e301-947f-4338-99af-ff782a6cb2cf.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241025215804.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\GoogleUpdater\downloadedFile.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\loasder.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Windows\system32\conhost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\conhost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\conhost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\conhost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-641261377-2215826147-608237349-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.deushack.site/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffea25346f8,0x7ffea2534708,0x7ffea2534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff70d655460,0x7ff70d655470,0x7ff70d655480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Deushаck.rar"
C:\Users\Admin\Desktop\Deushack.exe
"C:\Users\Admin\Desktop\Deushack.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "C:\GoogleUpdater\downloadedFile.exe"
C:\GoogleUpdater\downloadedFile.exe
C:\GoogleUpdater\downloadedFile.exe
C:\Users\Admin\AppData\Roaming\7y8.exe
C:\Users\Admin\AppData\Roaming\7y8.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Users\Admin\AppData\Roaming\loasder.exe
C:\Users\Admin\AppData\Roaming\loasder.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5816881355852410639,8203205002604771671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe delete "PRLFGWLL"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe create "PRLFGWLL" binpath= "C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe" start= "auto"
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop eventlog
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe start "PRLFGWLL"
C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe
C:\ProgramData\rueaofxgkvha\mrsokkcqisuu.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop UsoSvc
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop WaaSMedicSvc
C:\Windows\system32\wusa.exe
wusa /uninstall /kb:890830 /quiet /norestart
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop wuauserv
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop bits
C:\Windows\system32\sc.exe
C:\Windows\system32\sc.exe stop dosvc
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
C:\Windows\system32\powercfg.exe
C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
conhost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffea25346f8,0x7ffea2534708,0x7ffea2534718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1334066609397228759,14514991188139983103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.deushack.site | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| RU | 185.22.155.72:443 | www.deushack.site | tcp |
| RU | 185.22.155.72:443 | www.deushack.site | tcp |
| GB | 51.140.244.186:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | data-edge.smartscreen.microsoft.com | tcp |
| RU | 185.22.155.72:443 | www.deushack.site | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.155.22.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rivalsoftware.xyz | udp |
| US | 103.224.212.215:443 | rivalsoftware.xyz | tcp |
| US | 103.224.212.215:443 | rivalsoftware.xyz | tcp |
| US | 103.224.212.215:443 | rivalsoftware.xyz | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.212.224.103.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| GB | 142.250.178.14:443 | translate.google.com | tcp |
| GB | 13.224.81.82:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 104.19.208.227:443 | cdn.otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| GB | 216.58.212.202:443 | translate.googleapis.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.170.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.208.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 34.223.75.208:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| GB | 142.250.187.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | download2262.mediafire.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 199.91.155.3:443 | download2262.mediafire.com | tcp |
| US | 199.91.155.3:443 | download2262.mediafire.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| GB | 13.224.81.88:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.75.223.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 52.50.157.229:443 | bcp.crwdcntrl.net | tcp |
| IE | 99.80.212.73:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 88.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.157.50.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.212.80.99.in-addr.arpa | udp |
| GB | 3.162.20.129:80 | crt.rootg2.amazontrust.com | tcp |
| GB | 3.162.20.129:80 | crt.rootg2.amazontrust.com | tcp |
| US | 104.18.159.164:80 | otnolatrnup.com | tcp |
| US | 104.18.159.164:80 | otnolatrnup.com | tcp |
| GB | 142.250.178.14:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 129.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.159.18.104.in-addr.arpa | udp |
| GB | 216.58.212.202:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | deushack.site | udp |
| RU | 185.22.155.72:443 | deushack.site | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.27.18.2.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | tcp |
| RU | 31.177.108.43:81 | tcp | |
| US | 8.8.8.8:53 | 43.108.177.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | de.zephyr.herominers.com | udp |
| DE | 167.235.223.40:1123 | de.zephyr.herominers.com | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.4.235:443 | pastebin.com | tcp |
| RU | 31.177.110.65:187 | tcp | |
| US | 8.8.8.8:53 | 40.223.235.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.4.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.110.177.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.82:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.134:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.deushack.site | udp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | 117.150.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| GB | 142.250.178.14:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f5391bd7b113cd90892553d8e903382f |
| SHA1 | 2a164e328c5ce2fc41f3225c65ec7e88c8be68a5 |
| SHA256 | fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79 |
| SHA512 | 41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825 |
\??\pipe\LOCAL\crashpad_236_OCQUPVXAIRLUZZXF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2905b2a304443857a2afa4fc0b12fa24 |
| SHA1 | 6266f131d70f5555e996420f20fa99c425074ec3 |
| SHA256 | 5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3 |
| SHA512 | df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7ad9709100fb43b77314ee7765b27828 |
| SHA1 | 5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98 |
| SHA256 | 04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9 |
| SHA512 | fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e80df8e8021093a289dfece83ae6034 |
| SHA1 | 16046f8354383c5494b3d12aa1f3ffae3784f440 |
| SHA256 | b51a7226ea45916ced2c52ed8d845db8cb28523e6f590857bf07d58f4604607b |
| SHA512 | 61de9d19a82b398bec60c291ff989806707f8140579eafa9feb501c31b8a920a1a179aae19fde90b9a3c17b961dc8acf5af97fac426c3b6924ddf548f59c82e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 8337e1df3bc7e8333bc3a4d0f551efe3 |
| SHA1 | 51abd2a2f21615e4c676d9e541750faa292c2af5 |
| SHA256 | 2b16b9a6eaeff48cc9b004b825a1334796d3e742514a2358c3ad8a545483803b |
| SHA512 | 5141f32f46f711f40356f197e9a812e70595a430ca40299c19b230f048d158fa10f5e9f535fcf618c1029b0f349118dfd67fdeb434e8efbcb7565fb0d4b50aa8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 5d468a3c2d89045a6d3f228e7345c191 |
| SHA1 | f76b3db110836c48f1866ba591dd7bf67de70bf6 |
| SHA256 | 8432c5dc2c5d01b661fdb532340c42bc0d254ecaab9d3f710e31a8579a359534 |
| SHA512 | 84b58cefc37a139606db9f266c0b3ec0b3d97aea2c375e5287744f393f7a51ef90701c7866e08fcdadc2fff0004b105c29cfc5edd4a2f1481834aa63a71abcca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64c07c2a1a48c105a51c05b021f8e0d5 |
| SHA1 | a49dd45160718118ae5017960084f3016e51bd95 |
| SHA256 | 55b862008d0fb995e09268f567c712fd3fda98b01608091193ea29d7d729a044 |
| SHA512 | f717f3fd461c5f11d10892fc40637a5bbec4c7eec640ede475850df6d23cc543f9a8ca81a01c9cee3ca6ce457f3d09b7cafa4771bb963c56ee437e4b6ce21950 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1c08a4c8ce0c3c620f422ea2d2f4359d |
| SHA1 | 14b03540b4a4894ac4a18aaa545eecab8eee1699 |
| SHA256 | feaea0b03d8f2aa582aac91a66dc8695f5fe5c6acb7c2540323824f2a9bc1bba |
| SHA512 | 07bdec38bfeee3ef35a483711fa86e4e5434d1fb8848a2b257c3a0ddcf48ab964ee083fc7d74af3346f97e2074e050a1f64869e1ba356df6ec02456259b3d71d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e122fc93c0ad25d45d09ba51a3e86421 |
| SHA1 | bb52a7be91075de9d85f4a4d7baeecc3167c871b |
| SHA256 | a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee |
| SHA512 | 12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3ee478f7c4d2926598847a63b220a6ef |
| SHA1 | fea53168560635616d2056895ee7425121fd0c46 |
| SHA256 | f2af168c642988d69fe11a5aa64ba9a926cf64abb7784d138f2b5611705eb64c |
| SHA512 | ee2de378f48994411795d4be064f1ecdace8d8fee9df49de89adc1bea70d0d2883bc599c60fe7af43c065aa7594242bd6ccbd8ad08748edb40fc370721547f28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 227e5ea46c2fd4c4bf52496a0d5d2049 |
| SHA1 | 10ee686362ca0861d594284188d43c4b69fab2c5 |
| SHA256 | a24a961864183c75ea26c5c5abe5be641a83afd3f91ae91be43e7bbf5b80666d |
| SHA512 | a71432145ab795cb3fb539b9ed6ff702f360574c09b22d3b5a9bb709e77ba45411df5f1c3f0f6aec525f6038516bb439cc5222562a424c19cc285c3eea0371b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0955a87569b75b50f045dc512fd9d8b |
| SHA1 | 0b63345ba311e6ca5dcb650999a1bb0e597adb37 |
| SHA256 | cc586ce72618287c63c8ca3c6ea0c61ee13e0581f44eab8e6aadca59453f8eef |
| SHA512 | 7eb57f274727e11459195c6486e1657b8fb55e024e8aaa0a511061646df2499c3d646c4beb6c6b1eae47a03795c849d40bb11548c5f1bad306f291f3bc9ebc88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 229cd7cba1ef3c782daa643d49158633 |
| SHA1 | 9f4b458faf24e24bbe346d2cdef5885b0831d3d0 |
| SHA256 | ab289d638af99727f5cc11b1c505c12110aeabaa6251bf6c5b4c2804b598c80e |
| SHA512 | 65a1497e94940404694332f162a3ae421cd9f17ca6d2becf3498cbfd1a77ecf808dc95f39b697fb7d021e9620f6cae61075c4eaa5f631cb2b9162a2c9674e664 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d741fa8623245d0fe5c6b027ce6936a6 |
| SHA1 | 7cb3979a948582ed7cfbce3cd61e8bde247644d6 |
| SHA256 | 055a2aa340f17ec59f0cd3ff0cad65c672de5a9794bcc4cffe324be611f3277c |
| SHA512 | bb287f975a5640aee2e2acb8dde9f87d3a7744e03eb286308033ab7fe1d0f13fae05e2a4f4b78d1bd94e47355d486ee55926b8a6cb783bef722f84fccff105d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d04bca040bfd5a50ac2e9e5877e0744f |
| SHA1 | 4fdacd37c60985cbdd20b57db31f8ddfedc93fe9 |
| SHA256 | 0e24ee7d8c6f3e98c460b2c3a8d806b00562df0224bc47fdb5e1c27e02582a77 |
| SHA512 | 008d656f179a0f8778fa0dd57ef1afee11088ef3579f2a9d31b71cb51d94b13df749a7aba090d021dd0d8db4d2be4e31e1156ffc6ee076141f98fa212025f8ea |
memory/3528-344-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-346-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-345-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-355-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-357-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-356-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-354-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-353-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-351-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
memory/3528-352-0x00000204E7B10000-0x00000204E7B11000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 56a81174a49144859d08c9a12a216aec |
| SHA1 | 7808fff5d748ceaf42ebe33be6c59c02cb36682b |
| SHA256 | d17981d037fa3ff9c16e0dd1d859991463236666c4d48ffc16b657803f80d48f |
| SHA512 | 8d9f589408a9c41b6d47b5ecb85db6d33fab05dba5273c697592959a2a506f918ac65ec09e8df4b6d7b8753d2be66e149c9f33529679db6e5a6a817261c52064 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c6b0f4badcc2d642724f76cc22b507d |
| SHA1 | 4bfc92a7c1d982a2fd4b12e1f85235e3007c1408 |
| SHA256 | 9db8377616ccae5865be13b05bef8e519a70a6d768b364216bfa03d5280b6fcf |
| SHA512 | 4e0146212d73f1026ef2765f823b8cb9a2546630c19e4d984ccde51a8df9c56402bb17392f7f42bcf34883e645c62625c37749b8762f0bfd4e4d8e7ae4dc6c8b |
C:\Users\Admin\Downloads\Deushаck.rar
| MD5 | 39dc8c924bb4f9d5b69629ef1289e0e3 |
| SHA1 | 2aed3f40c335aaf663f0f7eeb83322818e69fbc0 |
| SHA256 | d0d840228a4bd41d414084909c10a888be1a4571d206c72b60c93ef7fc559f51 |
| SHA512 | d6025e9b1f6e9caab561b71446bc2559e806e6fb4ed4d30f4d712ebc1386430006c3f6d42c8c3451ef43c5b0416922634817883d3483ad9b0a5f203705d17bd7 |
C:\Users\Admin\Desktop\Deushack.exe
| MD5 | c1e69734163765fda325daccd1739a98 |
| SHA1 | 3eca28110d3a3066b4b8eb6c4bf3a9db34d5c06c |
| SHA256 | 9ea04c533440e357e0502fb2de65317e40f09d597873ef5eb3066810dee1fa40 |
| SHA512 | d5982364a289023c4dec4ddac283a277048dea73b614287c2a16d3efb462b81f92daa88afc8ac7659b84808af2ecde215323b738beac791839b506a14723c895 |
C:\GoogleUpdater\downloadedFile.exe
| MD5 | d559b3c90972d311fa737089620420e6 |
| SHA1 | 4c1ff09b0d36286560a16bc05e948f3c220707eb |
| SHA256 | 177f740198afcbbbecc5ccb674109149d27465f71e6c4cc71877985d69cc4f76 |
| SHA512 | ab030da56b36227d2c3dd66edb6bb53f0352e626587e7e0dd181f46c48c1233b42642fd296a89b004ebb83e36dbb69d757a536c089ae9cc8a4530a1d60951ee9 |
C:\Users\Admin\AppData\Roaming\7y8.exe
| MD5 | bd082d20b0d503af6189f01893bf278f |
| SHA1 | d86c3fc675b89f6b896f4e33febdfe758932e855 |
| SHA256 | 5829af5f5c25d300c253d1655935bb8ea7c18068e4a76536a2ddc71c011fc9e8 |
| SHA512 | 6f012e4b6db007394192287b7bf72eb3318ea2e8ee478fbacb139dd2b8ed6fd3fdebb10a1e580b2c935d5f1c72fa2d7773f0d77a71f4831f60e6330c806932ae |
C:\Users\Admin\AppData\Roaming\loasder.exe
| MD5 | 7186bce1f86503fe86e67c46defd400a |
| SHA1 | 737eb7becd01fd21b9db5c94e6fb20c9ba4dd960 |
| SHA256 | 1aeec278d38b426366a13214ce235f939c5f8cefc5cd3745408459d032edd07a |
| SHA512 | 897ec3536dfc6e20718af45d327798d32205ea565be8b2ec4fa502424a833d5fcbd542b924ebd2983d117e3049627e8bc320f65c78b1617a97ee58096943496c |
memory/1568-418-0x0000000000DF0000-0x0000000000E3A000-memory.dmp
memory/1568-419-0x0000000005E80000-0x0000000006426000-memory.dmp
memory/1568-420-0x0000000005980000-0x0000000005A12000-memory.dmp
memory/1568-421-0x0000000005C70000-0x0000000005C7A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d78ab36f4314bad38b1b59827577d163 |
| SHA1 | 8affff09a5251a498dd4592565b0fb5be53113f5 |
| SHA256 | 8a934fc63f88d80347e78c583402b06cb11bec79c1097a3201a7f97dab5afc42 |
| SHA512 | 955e65daeb709f1b9921129a01e3fdf38be6d74d3c5e2e88186ab415504db8439310f9ffaf39beca23d1187ddb95d8f25c84a63ac51b4eed5292e4126e000b20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 57a6b09bec8205e519cd6781eddea929 |
| SHA1 | 9f32d77e68a28efc143b65652cd6a028342f51e1 |
| SHA256 | fb9bd14d0fce3b33a48b7db721332da81b864037a6b60d6c1cc977e332371a43 |
| SHA512 | 14bb774c91907445cc541304e3835c64f559b4ca77fc31f508db09471e9e7a74f3aa0d28e6c7e33baca9a6b105730b6f811c105527e5443ceddf3995179d42ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5f4465.TMP
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
memory/1568-455-0x0000000009C00000-0x000000000A218000-memory.dmp
memory/1568-456-0x0000000009730000-0x000000000983A000-memory.dmp
memory/1568-459-0x0000000009660000-0x0000000009672000-memory.dmp
memory/1568-460-0x00000000096C0000-0x00000000096FC000-memory.dmp
memory/1568-461-0x0000000009840000-0x000000000988C000-memory.dmp
memory/1568-547-0x0000000007810000-0x0000000007876000-memory.dmp
memory/1568-552-0x000000000AA20000-0x000000000AA96000-memory.dmp
memory/1568-553-0x000000000A9D0000-0x000000000A9EE000-memory.dmp
C:\Users\Admin\Desktop\key.txt
| MD5 | b85cea940bcf4f1db5bba3dbcc82ddab |
| SHA1 | 8b01016b7961486fa2b5a87629e8b8aa7495d4fd |
| SHA256 | aa033ecc9fcad4b608962281cf28bcf94faa7e0ed80241ca5fb6f6199c2fcdba |
| SHA512 | bad64cd8543edf91a3b1718619f6f881dbe21e895b9cc293dd2358c0732b08c6c196c250b7d781640c53d37b98de7f895b86c2faf66eb52a1b97ddd493dab62b |
memory/1568-559-0x000000000B650000-0x000000000B812000-memory.dmp
memory/1568-560-0x000000000BD50000-0x000000000C27C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f88607651c083f2ae11be79c1a487a84 |
| SHA1 | 427d1e483af0616c6fad0fa5d3ee87bde30f2c0c |
| SHA256 | 545ce3406b9448919b465c0b3f464dd4e1e6e51aea54b7aaeef8a3604f9a8fdf |
| SHA512 | 461e8b417a3f6db2098584941656663cc494864b7297635482be11f6f48028ee0685b639b5b3d14fb5fe0697f6defd335594e9f6c11d7cf3268bd66693030ec1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | db08b2b1d48630a3260ff542435353eb |
| SHA1 | 1bdaff791eb5732e53d13233a547605d18b04150 |
| SHA256 | 9c819cc9e55e5ddea3eba31d7286521215aa36a1256323d18147608faa3106ff |
| SHA512 | 994b1cad525fa90292bb76a38469b108d2ac5522607ee6b0652597f51694d12bbdb26a76e80d19390e4fc41b9728a0c13d9d0996fa3827db03e147af1fc95c71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | caea33ac19a5200d2e0afb0ebbc96da8 |
| SHA1 | 5adcb6bf1b4690a907c39e4888c7127696ce250d |
| SHA256 | 4e64c5f46a0dacb048e1cf732983f5bc61bcf6a338431926607f38b02de0453b |
| SHA512 | 5ee935703fead33967dcc97c72786c70c6de75610980e30ab732bc23c10c9883e0451e0a66e7b912998d78d69811ea5872426b979ae9211562bd389c4d04113d |
memory/3284-569-0x000001CE0F820000-0x000001CE0F842000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yzun0egu.hhk.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/968-598-0x000001A4B48D0000-0x000001A4B48EC000-memory.dmp
memory/968-599-0x000001A4B48F0000-0x000001A4B49A5000-memory.dmp
memory/968-600-0x000001A4B49B0000-0x000001A4B49BA000-memory.dmp
C:\Windows\system32\drivers\etc\hosts
| MD5 | 2d29fd3ae57f422e2b2121141dc82253 |
| SHA1 | c2464c857779c0ab4f5e766f5028fcc651a6c6b7 |
| SHA256 | 80a60d7ec533d820de20bcedeb41319e7b1def548b6ea73ddbd69455bac4e7a4 |
| SHA512 | 077a5c554663be7b71f181d961f5c98c732bc296dc015ffee30768a648bee3aad62c39c352cf2947432be19519906aeac7dfaf2557d309bb460732abb7fdbc68 |
memory/2184-609-0x0000000140000000-0x000000014000E000-memory.dmp
memory/2184-612-0x0000000140000000-0x000000014000E000-memory.dmp
memory/652-614-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-615-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-616-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-620-0x00000212135F0000-0x0000021213610000-memory.dmp
memory/652-619-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-618-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-624-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-621-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-625-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-623-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-622-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-617-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-613-0x0000000140000000-0x0000000140835000-memory.dmp
memory/2184-608-0x0000000140000000-0x000000014000E000-memory.dmp
memory/2184-607-0x0000000140000000-0x000000014000E000-memory.dmp
memory/2184-606-0x0000000140000000-0x000000014000E000-memory.dmp
memory/2184-605-0x0000000140000000-0x000000014000E000-memory.dmp
memory/652-626-0x0000000140000000-0x0000000140835000-memory.dmp
memory/652-628-0x0000000140000000-0x0000000140835000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a1fba4d8d68e0c7224a6edfb3c9a88d4 |
| SHA1 | 6583c4f642031061bf8758e9346ef29750d08267 |
| SHA256 | 396858084220b274149d1b6513adf7b1fa83ee05c48e4ca4599d2f4d181f6327 |
| SHA512 | 6d96e8646c9fb7510ec282d3a7542a3885de6fda8f932492a08bb98681389fd6b9f25e0c5f6bda60051b14f6e0aaaff54a39a5c3f259d99443db8aa597fdcc7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
| MD5 | f222079e71469c4d129b335b7c91355e |
| SHA1 | 0056c3003874efef229a5875742559c8c59887dc |
| SHA256 | e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00 |
| SHA512 | e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468
| MD5 | 3a05eaea94307f8c57bac69c3df64e59 |
| SHA1 | 9b852b902b72b9d5f7b9158e306e1a2c5f6112c8 |
| SHA256 | a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e |
| SHA512 | 6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
| MD5 | 6a3a60a3f78299444aacaa89710a64b6 |
| SHA1 | 2a052bf5cf54f980475085eef459d94c3ce5ef55 |
| SHA256 | 61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f |
| SHA512 | c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
| MD5 | e9c502db957cdb977e7f5745b34c32e6 |
| SHA1 | dbd72b0d3f46fa35a9fe2527c25271aec08e3933 |
| SHA256 | 5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4 |
| SHA512 | b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
| MD5 | 52e2839549e67ce774547c9f07740500 |
| SHA1 | b172e16d7756483df0ca0a8d4f7640dd5d557201 |
| SHA256 | f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32 |
| SHA512 | d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
| MD5 | 6698422bea0359f6d385a4d059c47301 |
| SHA1 | b1107d1f8cc1ef600531ed87cea1c41b7be474f6 |
| SHA256 | 2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1 |
| SHA512 | d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13374367082451295
| MD5 | 328bc922d59d8e8b3cdb4467f90803c7 |
| SHA1 | d081454b7f310d4a291bb5e5b76e24f29bfcac3a |
| SHA256 | 277a8180fe4101f51eac07067c07e1ffac5f75d745edc162796c6fba687800f8 |
| SHA512 | 9c07507109222892b2b24b57dec2476a558ce377ca18cd9c46e63c53b32a1302b299c9f170e0623cfc2d0288c92849c3c0fb3a5041b1da86d7674cf98071b185 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 6f5c5e935dd4dfb113c91ac0d488d3b3 |
| SHA1 | b4f1fc84949d4ef54c4200cb46478cb9178e60df |
| SHA256 | 1642516e48fffa1fca4cbe7e5f9f463412a5634fb18a4ce3001e83c59a47762d |
| SHA512 | 80caa41eac93b203a02893001240d3acf306640f5d3aa86cd8079dd0b4a92efee1f9de3070963f54870a8918aa18c479c865e38ceb549392ced06050e8580b1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | d8d1e33fd43989811d0dfc6f4e5199c6 |
| SHA1 | 319d5899b74a92b64c0c7d7c8e56d51a293904b4 |
| SHA256 | 9015f94aa7110ac210450fe28117d4b1d75bc683cfc06ae9b5184f234f4154c4 |
| SHA512 | e4852da671bcb4da0e4fa124719ae411c0418e7ac4bb671e351be77ca4dba5a0b3ea9581ba188ebc0701c14a67d83840062e8de44d84fcb54589bcfbd297edfd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 3688316aab5f7d33dfd1a4b289fe33d9 |
| SHA1 | 57c9afec18bc343063381a806604399bbd41b005 |
| SHA256 | c712cfb3c9df67bfb33ba975228364b38678d1a1bc8cd80c460b3c7aef141895 |
| SHA512 | ceebc6d792f281ca0682b263a657805543bb0da4412e0478ae23c1d604c00406b1d612a2fb0cfd76af2147c420bd19a478202ed7657a47af477375b87d356c79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | a5ab9cb175df313b243a81dec19fae1f |
| SHA1 | 7d480cd0acac4c7864ff0e50ca5751b580f233cf |
| SHA256 | 4786053ed9719b7ce22486ac46c6b92692cce97ce423f65865c5ffd551a29823 |
| SHA512 | 76f9c2220cfb8bb69d16787b58ba5d47a750a5c0fc2aed1dacdce96f993d57f14873696cdb8f45a8a955e265b70372b6f053a789e3e1ee9c9ce1999dcbf4b99e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
| MD5 | f44dc73f9788d3313e3e25140002587c |
| SHA1 | 5aec4edc356bc673cba64ff31148b934a41d44c4 |
| SHA256 | 2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983 |
| SHA512 | e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ebf4e8f7179369a96435cdafbb270596 |
| SHA1 | 50efe8d38c7099e403f1eedb59879d78f8c5f46f |
| SHA256 | 19ef1b5c40b1bdbbb7a7642ed738e666a0dff762507620f7b460c3a8bdffe7bd |
| SHA512 | 9d69ac02542b8cfd60b746eda508cdbce3ed4d7dd32a143b10f74cefeffc0a17de1af0bf1d0ceb5fe3a8b7c84711b55bb186952110c848634cd33e1905656146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | 9578740aeb7f1dbe5f3dbd56dc518381 |
| SHA1 | eaeb9a93fb25580b24fd673185e522d7de52046f |
| SHA256 | fad50e585aeb145b095fc7df2f103fecfc891cdf6ee21086b66128715cecd46f |
| SHA512 | 8a04d4b94ad0ace37245fd8a545849780b76ce2ba1725471d61842d657e01b6cbab9338a555054d8cf6ae976d080a406157b07e62945d08c1bc953e62ec08171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 34acc58095d7ee5e2bffe355c907e7db |
| SHA1 | 136fe809a7fa6ac2ba6a4fe7654e7f254710f109 |
| SHA256 | d6dcef101f72f3c4fae7dc42f4d2fd6bf01cbd2f228ca25a1b7225839fc8fa35 |
| SHA512 | 5b511e019dde6d6bb910cd5362a02cf47dd532df78e4d30bb51b77bb02df1401b27ecb8a0289619570eb6ee1c8a4e72daac10024a46b164836d482ee702006a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal
| MD5 | 7a5b65e002e6d3c1d2b484e6af8be446 |
| SHA1 | 7b430507a16b361b697a70147bb6bc5a37b0bfa8 |
| SHA256 | 2d720d78bd59faa8d9dfbb495268781fa60265800e8cfe7228ea758b1d9df6df |
| SHA512 | 112b6fb4df40169b80a44e7ea82b262878f373f6388ceac8681719ecfa7216589ef28e8561e2c697504b274ab0e576f8c1b24d2a7f9f110e56e4a58000f57639 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 2d9aaa195a068184866c263e91079992 |
| SHA1 | e803572c6b55c3b99688f32d5e6d3c09e52f46f0 |
| SHA256 | eb2a589298a8e07dda1b7db4816984c9bf37c706baaebefef9aabb15333cd268 |
| SHA512 | b00c0106c4c5e5a2898465ee16b3a920c8d2438a8e7cb1da46c74f34fd54db5df9b7e4efcf91bc0a2acd3cf3b08a7dc5b51f924990bbc7237b40a22e19357eca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 07eb33d20eb4cc66d89f144ca37496df |
| SHA1 | c2a87aa3b8bcdfbce91173cae1e230edc912afdd |
| SHA256 | 356ce63bd39d2a534092abfc1a3c7ac76cbe0e1d4a63ea6263bb71040add671e |
| SHA512 | 9e553392564323e0200ff15a0a2ee4ffe78062528608792c4b53ebab3c75b25f10012ee567ffc1bbaec404fab27b8c3b09cdd62488d9890bb55b6ea9225c0fb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 5258cff539f9d032261e3c4f223445bb |
| SHA1 | 1ee83bf54957886a853be59d0497475ba9c3c597 |
| SHA256 | 0aa3fdc44a61f8aba876f99c902522acf7b1afa65fa187c60bb7821c80909493 |
| SHA512 | 5c5b3f49aa851b9ed79c64cd7a347dbe8f0294f5c49e06bd42e2ed23c6c54a70566ca20ebe8010d19f2197a559c07567e45ff0933b288d26d570b3886d1539d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fcaa085e2c3c4f8fc96fa3c9916b036f |
| SHA1 | 4206fdce81060a005f08a7f52895d6f2ab36674d |
| SHA256 | 1ea478646c84cdc5ae028d08f01c04e3312e8805f06eb69096cd2294daa36cf5 |
| SHA512 | 209f76c66253e935775808246711469caa90f7b047769b4bbb3feb2bc6cb2679db39ddb6f7885ee86b0deafa75862281d020599aa559b606cc5d6dab23f5674d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |