Malware Analysis Report

2025-08-05 15:44

Sample ID 240525-bjhtfshe38
Target Elsify Universal by FrostChanger.de.exe
SHA256 888c6795013781aedce5d8de7225fcd9950dc9d22dd7dd0f347945e70a9a8d2e
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

888c6795013781aedce5d8de7225fcd9950dc9d22dd7dd0f347945e70a9a8d2e

Threat Level: Shows suspicious behavior

The file Elsify Universal by FrostChanger.de.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary


.NET Reactor proctector

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Unsigned PE

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 01:10

Signatures

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 01:10

Reported

2024-05-25 01:13

Platform

win11-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe"

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{242B6EC7-A7F0-4E80-8C37-3E1DD020F6D0} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2028 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2028 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4252 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 4188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3624 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4804 wrote to memory of 3676 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe

"C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/api/oauth2/authorize?client_id=1226873004508708906&redirect_uri=http%3A%2F%2Flocalhost%3A5001%2F&response_type=code&scope=identify%20guilds.join

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9c973cb8,0x7ffd9c973cc8,0x7ffd9c973cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C start https://bstlar.com/A/leanswapperkey

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bstlar.com/A/leanswapperkey

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9c973cb8,0x7ffd9c973cc8,0x7ffd9c973cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E4

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5480 /prefetch:2

Network

Country Destination Domain Proto
DE 62.171.135.90:3017 62.171.135.90 tcp
DE 62.171.135.90:3017 62.171.135.90 tcp
US 8.8.8.8:53 valorant-api.com udp
US 172.67.68.191:443 media.valorant-api.com tcp
DE 62.171.135.90:3017 62.171.135.90 tcp
US 172.67.68.191:443 media.valorant-api.com tcp
US 172.67.68.191:443 media.valorant-api.com tcp
US 172.67.68.191:443 media.valorant-api.com tcp
US 172.67.68.191:443 media.valorant-api.com tcp
DE 62.171.135.90:3017 62.171.135.90 tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 191.68.67.172.in-addr.arpa udp
US 172.67.68.191:443 media.valorant-api.com tcp
DE 62.171.135.90:3017 62.171.135.90 tcp
US 172.67.68.191:443 media.valorant-api.com tcp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 172.67.68.191:443 media.valorant-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 162.159.135.234:443 remote-auth-gateway.discord.gg tcp
N/A 224.0.0.251:5353 udp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.233:443 cdn.discordapp.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.130.232:443 media.discordapp.net tcp
US 162.159.135.232:443 discord.com tcp
DE 62.171.135.90:3017 62.171.135.90 tcp
N/A 127.0.0.1:5001 tcp
N/A 127.0.0.1:5001 tcp
N/A 127.0.0.1:5001 tcp
N/A 127.0.0.1:5001 tcp
US 104.26.8.199:443 bstlar.com tcp
US 104.26.8.199:443 bstlar.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
US 104.17.2.184:443 challenges.cloudflare.com tcp
FR 18.161.94.57:443 d2izcn32j62dtp.cloudfront.net tcp
US 8.8.8.8:53 mentxviewsinterf.info udp
GB 143.204.176.76:443 getrunkhomuto.info tcp
GB 18.244.140.79:443 ghabovethec.info tcp
US 104.21.73.121:443 dedfearinglestp.info tcp
GB 216.137.44.25:443 mentxviewsinterf.info tcp
US 104.21.73.121:443 dedfearinglestp.info tcp
US 8.8.8.8:53 accounts.google.com udp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
GB 163.70.151.35:443 www.facebook.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
BE 74.125.206.84:443 accounts.google.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
BE 74.125.206.84:443 accounts.google.com udp
US 8.8.8.8:53 121.73.21.104.in-addr.arpa udp
US 8.8.8.8:53 79.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 203.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 25.44.137.216.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 84.206.125.74.in-addr.arpa udp
US 8.8.8.8:53 174.151.70.163.in-addr.arpa udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com tcp
GB 216.58.212.206:443 consent.youtube.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 216.58.212.241:443 csp.withgoogle.com tcp
GB 216.58.212.241:443 csp.withgoogle.com tcp
GB 216.58.212.241:443 csp.withgoogle.com udp
GB 18.245.187.92:443 osfultrbriolenai.info tcp
GB 18.245.187.92:443 osfultrbriolenai.info tcp
GB 142.250.200.46:443 www.youtube.com udp
GB 216.58.212.206:443 consent.youtube.com udp
GB 142.250.187.214:443 i.ytimg.com tcp
BE 74.125.206.84:443 accounts.google.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net tcp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
GB 142.250.179.225:443 yt3.googleusercontent.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 74.125.105.39:443 rr2---sn-aigl6nsd.googlevideo.com tcp
GB 142.250.187.214:443 i.ytimg.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.200.46:443 www.youtube.com udp
GB 74.125.105.39:443 rr2---sn-aigl6nsd.googlevideo.com udp
GB 142.250.180.1:443 yt3.ggpht.com udp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 163.70.151.174:443 www.instagram.com tcp
GB 163.70.151.174:443 www.instagram.com tcp
GB 163.70.151.63:443 static.cdninstagram.com tcp
GB 163.70.151.63:443 static.cdninstagram.com tcp
GB 163.70.151.63:443 static.cdninstagram.com tcp
GB 163.70.151.63:443 static.cdninstagram.com tcp
GB 163.70.151.63:443 static.cdninstagram.com tcp
GB 163.70.151.63:443 static.cdninstagram.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
DE 18.196.89.56:443 searchr.lattor.com tcp
DE 18.196.89.56:443 searchr.lattor.com tcp
DE 18.196.89.56:443 searchr.lattor.com tcp
US 141.193.213.11:443 freshcardio.com tcp
US 141.193.213.11:443 freshcardio.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 67.227.229.160:443 s3.3bluemedia.com tcp
US 152.199.21.70:443 e3.adpushup.com tcp
US 151.101.130.137:443 code.jquery.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
FR 3.160.179.199:443 c.amazon-adsystem.com tcp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 152.199.21.70:443 e3.adpushup.com tcp
US 152.199.21.70:443 e3.adpushup.com tcp
US 152.199.21.70:443 e3.adpushup.com tcp
US 152.199.21.70:443 e3.adpushup.com tcp
DE 91.228.74.200:443 pixel.quantserve.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com udp
FR 52.222.144.115:443 rules.quantcount.com tcp
US 152.199.21.175:443 campaign.adpushup.com tcp
US 152.199.21.175:443 campaign.adpushup.com tcp
FR 18.161.97.109:443 config.aps.amazon-adsystem.com tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
GB 23.53.174.156:443 secure.cdn.fastclick.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 172.67.36.110:443 cdn.hadronid.net tcp
FR 54.230.112.50:443 tags.crwdcntrl.net tcp
US 151.101.1.44:443 pips.taboola.com tcp
FR 52.85.3.232:443 aax.amazon-adsystem.com tcp
US 172.67.23.234:443 a.ad.gt tcp
IE 52.48.217.227:443 bcp.crwdcntrl.net tcp
US 52.36.94.1:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
GB 172.217.169.65:443 9fbbb18fa652644a1923d061e80d48d4.safeframe.googlesyndication.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 141.226.228.48:443 trc-events.taboola.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 63.215.202.146:443 proc.ad.cpe.dotomi.com tcp
US 104.22.4.69:443 a.ad.gt tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 50.112.230.54.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 232.3.85.52.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 227.217.48.52.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 146.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 1.94.36.52.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 142.250.187.225:443 cdn.ampproject.org tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
FR 185.235.86.105:443 ag.gbc.criteo.com tcp
FR 185.235.86.234:443 gem.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 141.226.224.32:443 cds.taboola.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 216.58.212.241:443 csp.withgoogle.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c1c7e2f451eb3836d23007799bc21d5f
SHA1 11a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256 429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA512 2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

\??\pipe\LOCAL\crashpad_4804_RVLBBHSTREOGNWMR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6876cbd342d4d6b236f44f52c50f780f
SHA1 a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256 ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512 dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 933e80c9fedef09164625c50c4048e58
SHA1 2ad99bd27ff5aa5c43e2301d321b443445a8bd5f
SHA256 4ee7a2f2a08da7f84095cdb35918eb118a72d780e1372820633722fbb42f47ce
SHA512 8fb3e6241da12f5b504152a4857b4b7f484c58d034fcd7201b868ff5800b8e7f405afee56d7c839dd5d3466c9095449f6f4c296bb456d975cc0ea93abc002e1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed2ca036be52dab97243844f2fc40e0c
SHA1 7be8cf159d0f5911aade86865a17d198cd71dae0
SHA256 0a1c15969fe0ab34d230bc89d47801a46b69379c2fa0d1569b57a495d5a55cc4
SHA512 452d667bd2c0daed7939c2a3288cad2864bde1782304b22231506c62591a062fb0a560a6c7c04f40c394f45df2b5ec1da656f4e1c2f0d7b6b78b2f651195225b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7020dddffd0a7fd606ca7f674052325a
SHA1 ee62654371f8f38e17176b7eb838c8c167ad94f9
SHA256 fb6a496765f4f491cb06f9c0a4d8aae4713a8c3a675756cd37152cd75571ab6a
SHA512 0d3cd510471ad478d4bfd75f16efcffcd33e5f3f31aeacb09c54d47c183e4852cdc365d38b32f46f89a9a04dd28cbe84cbaee3ef693cfea32fa1e1157665dd79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c97fb2fcef68c081071e8925ce852c6
SHA1 edd9d22b7622a22e88fa6a62fd3a4865448f8061
SHA256 6757d74cc1887cc1fed2c410886977f90a8a99eb509d8e55c43fb523bf331c70
SHA512 ebe29b4cfd41f2b6a0565365565d7a86f5b3ad161fb2c1fca09e0d629abe31c5a188b2fae3c8cf195881b805976cd9d584ee3b21f777d4470558eaa60cbac823

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d51cf82de87717296d31a050f11ede5
SHA1 d64f1e45ea19a5caeb07a2eb138a3a10927a9a0f
SHA256 beab5a16842c5a56fd4c87d3b8f70f4310439606e304cfa04f8a6c8ada337522
SHA512 38d514eadd71a331d671d119c08eeecca688862229beb7367130dc8a389eec83dc3d1c1c5f0f34590c31f874e43d1aeb4d2fee368105322ef3298df6db50b450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dfebc62d3319aa0bfe35b0f6d066740e
SHA1 a3bbf4d43eb80469d7cac4ceb6dd4a3547eb460a
SHA256 6ad28391a68ce39fd0e38a108d052e19e635c0637242c038a2e5db6b29aeb6c5
SHA512 425ede2e2c758418e083871fc81751f916f91888f1a961c18585c7d2a0da58d21e3b659710f41fbd0e92e20a308e5a7e086d68b350b3dd52a1e2df470005cadf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5047260abbadd4938841bfc854acc923
SHA1 69f2a697c9bf3365c80b4f27b77966b69205457d
SHA256 b794bbcb47e064cac5f9d9f597d9400df4d6f7cee125e9acdeaa79d96b7e979e
SHA512 1b69788c2c08096f2baa57e68ed69732f893dd90ff21f92bffcb4730aed1e92d14ec56c11ddb352c4c6cadcaaa64696b86f0206e9719944fa567438e404225d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fb96.TMP

MD5 acfeb290a1583a318f103e12136d5d9e
SHA1 6086f3d2444e55952cf63a0bfd5d495aaad609ce
SHA256 8cdd5e0f81fb42e8a01792232a1be5670be1db5e4cd635e71e1a793737ef6c82
SHA512 3779f11134fd2bd567135358029d647b535cc4791e34c57484befc1b380a751d49d3b94b31e8961c6d1d03d7c36d90f8a9786dd1a39750323f31f3db9e143b78

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d16a955c7faf43167005cb77dafb347
SHA1 84919d8a9743f530c3e7273da5d39e7d394a916c
SHA256 56b99ba1ad20dcbb57536be57c3a18f187b879af949ded78689bb476c255e6d1
SHA512 e767e86439de9adc629878ae10b8ee374b54c41ccf9d420517fdf30b2878ae7efcfb4b026a24a8a9932cf20dd8a5c18cdc120261c04679de2b7caa8945b927cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 08dc95453a6a9b6f625670ba7017c725
SHA1 4e28d45de60077808ed107127d356fb633c6ee39
SHA256 1cf295e5fb3969fc71603edfc489efda5bcbc9b833d92422cc64a7e13016a84d
SHA512 47e558e24502b0ed5cbc379c7f914fe9006c2bff48b8567dd745c97d02d49e8525d7fc487a410b095d1c572dfff1defcd4a17efbcc55f3c4de9f4394d0bc1f4e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e709f91d63252a9a7ac5fdcae597d76a
SHA1 9c181fdca346ee57de6e7005e9d79293ae94cffb
SHA256 164c2f51b993590497f938083772575092e0ef40459e8955e348bede6440f62a
SHA512 884d8683edab0bca00e2624095549bc1eacdc4ee54e22d83a91d2ef8b18fe2a6dbefa211a07d392d9657c76461f1cd08db653b01173fa844ad59f6f1be4c70c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2955b1347c9640d80d99835a05809935
SHA1 ee99f263740bdc44a2c5f63364b3f9b940ee457b
SHA256 747f5b5602aa91342f27e017a62911bc466a009c39771ba1c0477b2731cd71c3
SHA512 1846927658c5762f43a3e15648f2daf21794193d0d7f4ce19740012d5e47e3c7f95245b169a75eae15d5bd9078d5828f7ccc6bbb28255c0e4fa5eee80d559491

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 01859503545dff348bba4537e154d987
SHA1 04338aceb516bd97ec803c1a9077f9933fc4f061
SHA256 741530e6f649144333b2bd8dfea48cc74fb97d2726367fb80a33de05677f1257
SHA512 e7dc8e024cfac45070371f168d00be8740378a70cf9566054961a055da4ea21fab07b6e745729e90f33477d3a25e6f4a06a524c36949c8d30c13eedf410e415f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e24aaf2c84a9d48b157781d53e0d134c
SHA1 ddd46eab17595c2fc26f9e5f9501d67e563c7ee6
SHA256 1205ecb731c0a07ce62ae464d70528decedef908389d38fcd628923fa4614c08
SHA512 c9c1ed39e7231b10728d6c15f183ec911078d8db27d1ee2a6be3f6c1844c1ed1d34e9a8c9c2966c5a75dcf50fea1e1a007a05169d4e8324ca08cb06687f70f63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 329aeacfd4685718ba6b1841c4a9c3e1
SHA1 5a9662a86abe535bca76026b9526bb35f56fc984
SHA256 7671fbd1e9e29075addfc096d044180282d39c4849167e1663d4d336940b62db
SHA512 e607aa72d702eb5d0a6a6ba36f0d8f32d48fb914cd0df6efc99c3ac526bc18951982f642d7aed5f2aabd51fb5ea16f06065843f9c716cdec954cd5f0d48fac43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6970a9d2b307e8a349fd507b4c96e063
SHA1 86da1c31fd3af64bd0a913f04966c12f04e7ed81
SHA256 eb6c9c0812d1ea7d17b101c29a692a68fabf7b376544209af732f54bdf807723
SHA512 7d0e2c7f46e3a96900f47888929f3c8f4fbbe63534d17200bd0763440d45f2c50085ebc40fb4852724c92932a81c2849e09c7cd92a53e64d2f22303e9853bb62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 73305382072ef802e7d298479eb6e967
SHA1 a24e7bc67eb97c3fd2313e370bff443342c87481
SHA256 00f1ccc643ee471956b9f9475915de7e5a346d018b6fa7cbe5f767f3ebfa177d
SHA512 c52f730e2a05c6027a57cc65a0c2d0792797326cc7130841b7e830c4196257643ea673768d73aa3579f3bf50f38b7c35392616d49abb75a261886ef97c76258e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 596ea6f4e25e9655ba0c3d8dfcf6e982
SHA1 603e3c65946f94597ee557a28c504da256d8af70
SHA256 f261a7d88e9232a722ff2c61f794da33370389d1a65012e962cb704b672545ff
SHA512 d9cab805cc12ee612475f634b67ac80df73cebb2e3db46f93b79392771677702d3c948d703d79beae10782e8e0afb71cfa1f5dc7a28f36ecc837e9c6496b58c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 f61f0d4d0f968d5bba39a84c76277e1a
SHA1 aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA256 57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA512 6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f9d2f83289f1c768e1488b5945facaa7
SHA1 0c2b26bcb6ec37963cfd8258adef3ac060a64ea2
SHA256 c88741f375fc4aa88aa99cc9d85817dd7a2491efdf6cc0f3497cd77504c4ae58
SHA512 55f5b771c083fce5e11533646536b6997fd6ce8d01613206ed826e037f79aa06fb7a4270bfbfd1e96f0632d973cdf2dd015026c3c3b994f13c20ce9ac66b1f42

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c48b25d57ccc3db08db4f36d38341c23
SHA1 b6cbc5fa24459665959e2f54e0c8dff74ef8d481
SHA256 feb516b392673e3e9645f32795e47d0f50a7000bba373077f2674f2aaeb98878
SHA512 d9f2cd46a929961bdd881fb1178dd62c7a0ca98226b222c98f5a53f30f24f116eec8ca0688e208f640ed234ebc2311df66d0c120b4ff86467bd0e1964e497b1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0df7f8222bf9708aa7c0c39d61a48261
SHA1 f27a41ba540f9b661756551bf6bc712a5aaeded0
SHA256 6131ab1f455a2fd44ab0c554b2b02a965dec01a429abaeaa8b8ba6696105df3a
SHA512 b153413572b6243e06d5e6a6d695a30406650052771c6de552ff2f8cec8c9984f6add538efc4995b13679ad2dd4900415eef3c05d4761ddd386d68039b789cfb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 d726a669e7d6d0dcac310cfcea017fa9
SHA1 4c5117ccbcf0d9e912449c7e653b2634b721cdbd
SHA256 efda17995f7e8cddc86f16a0534b672b76fc1fadd8b0cc315422d40241a84d90
SHA512 5e8db786d53b8923670bb01afa3bd20cba3845ab6bd0340b8ec52352a98c535c567ed7e9d1d90ca4d8290a9f5300c9344220bf75df1e409902c20958ef8d9b16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595ccc.TMP

MD5 8ad49e2c5c95574e167d3d0c2741dfe9
SHA1 ee4c7be1d1fdafb3b0c881112d77d51116dd53c1
SHA256 83f61fceb1ca8fb7fee3cf31549e43df2c319ef74d87551f42d717454ca821ce
SHA512 dc7c3b9fa0113fc5e0ebfeae52d39568860f586528a56ea8c93bc378d0e197d48394403ee4e567856bedb6eed27526f266bbaa9ba56aecf70625392257cceb46

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 1a4ed7e6abbd0bdbe515c5a9a5095ac9
SHA1 eaadefea3a05f15a48b2f72aecbac4b9ab3307d9
SHA256 ecee9301816e58ef438be402826dbc9a5231c5467b182622b75364a004483871
SHA512 bd9f8e258eabbb2b94fbb4cb08385f9021d1d2e773f9e5ef0ed4c5c59ed8e3404f495a42de20c19040e41d3e531ae7db732832beb5b26d4480cb6f0b0939ac66

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 16a6374c3f724172104848737d339936
SHA1 ea59921280ae14ceb6c20dfe46e5e10b5b7e282d
SHA256 a4d76c7a45e68cd7ddb9eddca8141a9c02c2d5ed92327724c5f8b3d19068a9e8
SHA512 7ea8fecd6a609b420ab2551a6a476d0e06fd05265705fe8c4976ad40527184626609e193d328e73f92a1ae71a7325a152c5b29ec051d4af720172dfb97801e35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e903d3-c49b-4b28-9597-c19dbf214636\index-dir\the-real-index

MD5 12ae01ed11a82d75aca3c0e38b6544f1
SHA1 4f77aba82fd9fa68a14dc6284810b84036157f2e
SHA256 5a917e1432629bd4338e8eb7ab60c4900018c3cf48830257353f96244e99aba0
SHA512 4ca2126cf1eba788f8bc1828107fdd43c1d6a05287882be6e61f19766292c1ada04480e46701aa55b60b74a4ac96323c24dd76039ab51b3224ac8f7e9689daeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e903d3-c49b-4b28-9597-c19dbf214636\index-dir\the-real-index~RFe596874.TMP

MD5 b2b8d161cb58f27194edc87d0872a791
SHA1 c61edae82a52787a90886d46f7362ec3c3d6fccc
SHA256 70fc797ce80be11380f288460bed07136aee2470f792d33b7552eea25c588db9
SHA512 4cfb51b7ed804e73ccb1dd96574090af74736b40f88297400fe8913b45552b3090aed71488109e38a51c37d5b71b93915c422afa3d26abc87d9c6b98ea3e9ec4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e52e632e-e1d6-46f7-8f85-427859a95df9\index-dir\the-real-index

MD5 a950c0ce8dc7e3ede15e6bb7cf6fd454
SHA1 8c223d7ccdc9f4c34e2c448cfaec075cbb1f2540
SHA256 131385fb1cbe822c6fc772b7f6762398c79b8abc9393c2bc96ab2e0ec1df2713
SHA512 1c4766acf5169379dbd0b7d391a765773f0c434924d5db8c8505b37ab073fb3c86dec2853147c1f4f3b5ac3671f3b62479d78158e577b9379bef622fc63336a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e52e632e-e1d6-46f7-8f85-427859a95df9\index-dir\the-real-index~RFe59697e.TMP

MD5 37c3dc6dc1a9900dbb750c4af8a69bf9
SHA1 7ee302a3f97d7ac2c91646432db21b427e0208e1
SHA256 e5ffdafb86d1bcb7f719324aa0d579d18726274a18b4c9c8cd1303e353e322d5
SHA512 724a5ecfe4dfa68c6ce76b21a599bdcbd7d715e943161e3251ded6559af6d971e8bad40c69ff0139778b4aefe0cf55b93392fdb794bcf3ef60a70d4a866b1e4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7b3a37d6329a780d8302a11db2d5666a
SHA1 2454fdad78ba8b04ca0663950f5946cf7e03ef3c
SHA256 53ee01c86aeb5551023ac692f8198f04083e3aae125de18f0fb8e0318efe47cf
SHA512 4eae4da614a99929c0bdddf5a5a01d772d0e4c1c844a5342dc4e3af1c71a033c3f9795b4879d0ed9987894bf3306d81eb5603d346e06814f75e6766009609a91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3f65c8ab7d241182cc34dd8026de23f6
SHA1 a8a5d0591da854cd5d8e79eb1a30e244df1277bf
SHA256 3fa43b4cc75fe606660c7f1f3b189cb3b551b3754b5a5f686bdb1f5801487898
SHA512 528b37669343f4b5c8815668277fced2fe9885c81fea90526ace5248189a049b9323cf55ef21d82744f7d2e8af92fb76d14895bac18b0f0c311750e39425d215

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb1cbf3b2cf54af9b0cb7188ec253515
SHA1 59d4dabe36307ecda4f6b6c2959e0748112b92b6
SHA256 1e231f2b2006347f966768987e5ffa382c3a7689d5e1340af5c61ed624dc522c
SHA512 330015e2108f243ce9a1c2c72e85f46dea532415d2b010a2eb9a2b31f819aa5fadfc4fea89dcf203725c28988c1c964cb91a9634962f1fa578c522941f8117bc