Analysis Overview
SHA256
da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185
Threat Level: Known bad
The file da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185 was found to be: Known bad.
Malicious Activity Summary
StormKitty payload
StormKitty
Quasar payload
Quasar family
Quasar RAT
Executes dropped EXE
Unsigned PE
Creates scheduled task(s)
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-10 22:31
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-10 22:31
Reported
2023-08-10 22:33
Platform
win10v2004-20230703-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Java\Updater.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3011986978-2180659500-3669311805-1000\{657C9824-6F00-4C81-9A64-02424586EDF8} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Java\Updater.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Java\Updater.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185.exe
"C:\Users\Admin\AppData\Local\Temp\da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Update" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Java\Updater.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\Java\Updater.exe
"C:\Users\Admin\AppData\Roaming\Java\Updater.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Java Update" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Java\Updater.exe" /rl HIGHEST /f
C:\Windows\System32\fontview.exe
"C:\Windows\System32\fontview.exe" C:\Users\Admin\Desktop\OutSelect.ttf
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9008546f8,0x7ff900854708,0x7ff900854718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5716480075228693438,4641261671845672969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x2f4
C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe
"C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.133.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adequatelicensing.at | udp |
| RU | 81.19.135.5:4040 | adequatelicensing.at | tcp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| CA | 108.181.98.179:443 | ipwho.is | tcp |
| US | 8.8.8.8:53 | 5.135.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.98.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| NL | 88.221.24.130:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 130.24.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 64.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.72:443 | r.bing.com | tcp |
| NL | 88.221.24.72:443 | r.bing.com | tcp |
| NL | 88.221.24.32:443 | th.bing.com | tcp |
| NL | 88.221.24.32:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 72.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | di.phncdn.com | udp |
| US | 205.185.208.79:443 | static.trafficjunky.com | tcp |
| US | 205.185.208.79:443 | static.trafficjunky.com | tcp |
| US | 205.185.208.142:443 | di.phncdn.com | tcp |
| US | 205.185.208.142:443 | di.phncdn.com | tcp |
| US | 205.185.208.142:443 | di.phncdn.com | tcp |
| US | 205.185.208.142:443 | di.phncdn.com | tcp |
| US | 205.185.208.142:443 | di.phncdn.com | tcp |
| US | 205.185.208.142:443 | di.phncdn.com | tcp |
| US | 8.8.8.8:53 | ds.phncdn.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | hubt.pornhub.com | udp |
| US | 205.185.208.142:443 | ds.phncdn.com | tcp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 216.18.168.30:443 | hubt.pornhub.com | tcp |
| US | 8.8.8.8:53 | ads.trafficjunky.net | udp |
| US | 8.8.8.8:53 | ads2.contentabc.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 205.185.208.142:443 | ds.phncdn.com | tcp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 64.210.158.16:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| NL | 64.210.158.23:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | m1.nsimg.net | udp |
| US | 8.8.8.8:53 | m2.nsimg.net | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | vz-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | vz-cdn2.trafficjunky.net | udp |
| US | 205.185.208.79:443 | static.trafficjunky.com | tcp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.208.185.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.208.185.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.168.18.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 66.254.114.38:443 | ads.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| US | 8.8.8.8:53 | hw-cdn.trafficjunky.net | udp |
| US | 205.185.208.85:443 | hw-cdn.trafficjunky.net | tcp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
| US | 64.210.158.19:443 | ht-cdn.trafficjunky.net | tcp |
| US | 64.210.158.19:443 | ht-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.158.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.158.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.208.185.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ew.phncdn.com | udp |
| US | 64.210.158.20:443 | ew.phncdn.com | tcp |
| US | 8.8.8.8:53 | 19.158.210.64.in-addr.arpa | udp |
| US | 66.254.114.38:443 | ads.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| NL | 172.217.168.240:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | chaturbate.com | udp |
| US | 104.18.101.40:443 | chaturbate.com | tcp |
| US | 8.8.8.8:53 | 20.158.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.101.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn1d-static-shared.phncdn.com | udp |
| US | 8.8.8.8:53 | static-assets.highwebmedia.com | udp |
| US | 104.16.93.42:443 | static-assets.highwebmedia.com | tcp |
| US | 104.16.93.42:443 | static-assets.highwebmedia.com | tcp |
| US | 104.16.93.42:443 | static-assets.highwebmedia.com | tcp |
| US | 104.16.93.42:443 | static-assets.highwebmedia.com | tcp |
| US | 104.16.93.42:443 | static-assets.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | 42.93.16.104.in-addr.arpa | udp |
| US | 104.16.93.42:443 | static-assets.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | static-pub.highwebmedia.com | udp |
| US | 8.8.8.8:53 | etahub.com | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 8.8.8.8:53 | evtubescms.phncdn.com | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.114.254.66.in-addr.arpa | udp |
| US | 64.210.158.34:443 | evtubescms.phncdn.com | tcp |
| US | 64.210.158.34:443 | evtubescms.phncdn.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| NL | 216.58.214.14:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 151.101.2.137:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | 34.158.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cbjpeg.stream.highwebmedia.com | udp |
| US | 131.153.81.177:443 | cbjpeg.stream.highwebmedia.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 177.81.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | ev-h.phncdn.com | udp |
| US | 64.210.158.35:443 | ev-h.phncdn.com | tcp |
| US | 64.210.158.35:443 | ev-h.phncdn.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.158.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| RU | 81.19.135.5:4300 | adequatelicensing.at | tcp |
Files
memory/3956-133-0x00000000002E0000-0x0000000000604000-memory.dmp
memory/3956-134-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp
memory/3956-135-0x000000001B350000-0x000000001B360000-memory.dmp
C:\Users\Admin\AppData\Roaming\Java\Updater.exe
| MD5 | 871556e1a93a261d9f942055b47ae9d9 |
| SHA1 | c2c8fde536274f8adc0177196fe80644c11edbd5 |
| SHA256 | da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185 |
| SHA512 | e869cd9d698bf05a7e20fac22177ab167bd956f379759fb2b3af5ed37bf2f636cafcecb4d4766ac9020481b42d1560539fffc2e6c189b752a2bab7d645fddb64 |
C:\Users\Admin\AppData\Roaming\Java\Updater.exe
| MD5 | 871556e1a93a261d9f942055b47ae9d9 |
| SHA1 | c2c8fde536274f8adc0177196fe80644c11edbd5 |
| SHA256 | da2af38db4b5bd416d2be6175630727cd3be73f7d52177e33d2a1da660d62185 |
| SHA512 | e869cd9d698bf05a7e20fac22177ab167bd956f379759fb2b3af5ed37bf2f636cafcecb4d4766ac9020481b42d1560539fffc2e6c189b752a2bab7d645fddb64 |
memory/4856-142-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp
memory/3956-143-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp
memory/4856-144-0x000000001B2F0000-0x000000001B300000-memory.dmp
memory/4856-145-0x000000001B9F0000-0x000000001BA40000-memory.dmp
memory/4856-146-0x000000001BB00000-0x000000001BBB2000-memory.dmp
memory/4856-149-0x000000001BA80000-0x000000001BA92000-memory.dmp
memory/4856-150-0x000000001C600000-0x000000001C63C000-memory.dmp
memory/4856-151-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp
memory/4856-152-0x000000001B2F0000-0x000000001B300000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b5f5369274e3bfbc449588bbb57bd383 |
| SHA1 | 58bb46d57bd70c1c0bcbad619353cbe185f34c3b |
| SHA256 | 4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464 |
| SHA512 | 04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6 |
\??\pipe\LOCAL\crashpad_2104_UKJJTEJHWBRIHTKU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe4fc7af41c4ad2db939f1164ad3ae70 |
| SHA1 | 8815262ec16fbcf12274f9d287969b05c23fb470 |
| SHA256 | d94c000add707101b8ada2817c3310f9a1e6c193b2ecd836daa8688d55214a18 |
| SHA512 | 06669d138e4f4a2c164dae5ddf89e96b97bbc9f2cf0510fc473d62680598555535b570e16a85159a9ccadbc1b3bff9394aee7e66544324eff80c272ced246e83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4276de0f8524b59e369d865ecf125022 |
| SHA1 | a5f7fe3218acabb543459d3ceb544a49d5a1ea8b |
| SHA256 | ab9ca7777460ee36252f0a23d06f7d66738d2ff5c20757fca252278587b65669 |
| SHA512 | 26e785a4d80b8ba03056ab621e2e54c0e095fd0ce4a6614bd19bfd8ea4a9b62e55a90750d1a184ded5971ce3c2a473c6fc1f5084e122538c82ed8a99f62c0f31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9284106fb7a7b720a1b7383ba0a2d0fa |
| SHA1 | 9aed626235c4a0df7467983662d5efaa34e77949 |
| SHA256 | ff76d024588208015ddfa75c2b94f8dcef5a83b6ca79e7d188ec94ec80e70ce1 |
| SHA512 | c00d9047d5520d18dbfd4b07e49f9e7e1dcc9e3847f9a3921add96b091d9ca82cb9dfc71279331ed1e35bde84c17d7a868ca4b569f41a5bd6139841ea08f82d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 29213338df67d29d6454ee5d61ad3970 |
| SHA1 | 8c69ca76a2e639060d5ce835a9600e6ea3764a83 |
| SHA256 | d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51 |
| SHA512 | 14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407 |
memory/4856-226-0x000000001E0E0000-0x000000001E608000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 34b9c70054f1e0b4ab1f13845906802a |
| SHA1 | b80f15b2eeec9f0c7384d27bbd8f713e63617767 |
| SHA256 | f343275f6101b69f1f616341decba5e8a867d23edca48f356f9d1efa5a34d865 |
| SHA512 | 83ddf613c0f8966a4de76b203033e048154d5f7a1a619440f356cc863ace120b82fe2b963f26889c2a26bc6a2ed8878c7d0997ccc8da13374cad537dcc0694bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | d3d1aff7a71e5f6f4537a0b3cbbd5c23 |
| SHA1 | 82bbaa35980290986094ec5b2f33da17fe0e1ca8 |
| SHA256 | d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291 |
| SHA512 | 9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db076cb9-7b9e-4f3b-aa61-211cfbb34c39.tmp
| MD5 | 9084909abec9c3af2f3d04d8e7f14b36 |
| SHA1 | fd33827cadf3e7b2a79cc4dafc4098ac665b8b0f |
| SHA256 | d57da142c1b18ec49ae145470ad101eed369fe00bda23cec414af58364f4d758 |
| SHA512 | d5045c504014bda20af12f3a827e0cae515d2e71fa096dcc5b755b8d431a494f1b5739088636632dc68602ab0da2d9bfed79db4608d70a896664dae17a4956cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592b5c.TMP
| MD5 | 51fd54a42306ffbe170c728ee19b750d |
| SHA1 | 1acc0964697e09bedb422c8f537e70b460d73742 |
| SHA256 | 3c0944c252c548d688568df4938ac4ad89b8a2697839b6a1ecfb4e1b68788865 |
| SHA512 | 4605834c9ead0f422cf6c72dba7c41a804513ffde4c379864987c10e4ed3ed184d45553be5258b5018360176cc8ca468c8a4ad8c13dadb735ff62e6e7f5e3f25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2047a46a28d7455daca60af8c7052cec |
| SHA1 | ce43facd57b595a1648754332a9a7457da567830 |
| SHA256 | a74c62a38375751bc026f87a429fca3aed754337f8569d00b0a02b0567f95a6b |
| SHA512 | 9415cb1aec7200ad381f08afe9a9dec24d295a2956a509ebb7f5d9935e47732ebc326ea28f6f4ffb9b4168bf1a558d815af97d6cb6bdb340ecc3181d14253c0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 29e27ec49856e680d67f7404adf65bae |
| SHA1 | 027a4dc48ea1f2383d60386dcc3c8d403a8a38eb |
| SHA256 | f98f46391945de55baf7d361b3cd5b5a66fad0561b0e56db5f4f7f27df4266d8 |
| SHA512 | fdc76b49c055b81d30f22a234b81684aa3494a7a7829e3439216bc0a1eca721c1874faecd9a2abb2bd50f0df4bc2afdb20ae39c93895b3340cbdb16d211c5e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe594433.TMP
| MD5 | a2c8688976a441de55349480ee80cc14 |
| SHA1 | 4dfb0e4d90f9a90eb7b7e7c8ab2a2c3c98ae4907 |
| SHA256 | f92f49f187b2886bb9a9b9907e6e7f209d2981494880c4fb1afba53f13f5df06 |
| SHA512 | 144997abadbf5432b7b8ec721f9ef724a74668680b2b07ab65c259156a076808db9d51db012dc7e8dbf8ba83ecefd63871536a805ab9537c8b3e18f4328ce88d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dcabd3bee3714514998e81a8630771d3 |
| SHA1 | 900a2d0a7e21f57f035b6dda6f97f8fbc3323424 |
| SHA256 | 2dac568936d560525f3d5d1fc69939c8299bd6469c44d8ae2b4793c0a8bd6ff4 |
| SHA512 | c9082a05cdf88bea4687786f5638862cf2c30bf22844f617d8589bd01dcb039df49e0c778999a5139b1960e29703e5bbb333481235136d3e930a468304c1f093 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6d9c60199feb668915bf667fdc33b51c |
| SHA1 | 997ec1b5ab98c71af234ed50ab62536ae68997a9 |
| SHA256 | 86712c8b121714696106d1e647452173e6addb88d32d7ff3af1b07a94dcdfff3 |
| SHA512 | 48690198d818cec2ee7699060409f3fae52eea5375c5cbb65dd07109f767b1320ce6390998d0362cd3b1b5af7351338a3e90fdac1c6827dcda5a3b2745370933 |
C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe
| MD5 | 1dc4fc00b32a8e8f47620b24b7a79da6 |
| SHA1 | b545c7434553eefaa5803864196e564b869594c9 |
| SHA256 | 05763c86a842aaa1b0d8ab28b12bae934653fcc1d6fe16cac75ad9e2607a6113 |
| SHA512 | 6b37fe5ccd501de4915eb8488f9dc4cb70335a38d7a54eabcdff68ac9d2cc54f8f4be2d1c5e5c3705203ca08129be21746c5eca42e54d0a121da085e5a3ebf91 |
C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe
| MD5 | 1dc4fc00b32a8e8f47620b24b7a79da6 |
| SHA1 | b545c7434553eefaa5803864196e564b869594c9 |
| SHA256 | 05763c86a842aaa1b0d8ab28b12bae934653fcc1d6fe16cac75ad9e2607a6113 |
| SHA512 | 6b37fe5ccd501de4915eb8488f9dc4cb70335a38d7a54eabcdff68ac9d2cc54f8f4be2d1c5e5c3705203ca08129be21746c5eca42e54d0a121da085e5a3ebf91 |
C:\Users\Admin\AppData\Local\Temp\3nnii1Avk3gC.exe
| MD5 | 1dc4fc00b32a8e8f47620b24b7a79da6 |
| SHA1 | b545c7434553eefaa5803864196e564b869594c9 |
| SHA256 | 05763c86a842aaa1b0d8ab28b12bae934653fcc1d6fe16cac75ad9e2607a6113 |
| SHA512 | 6b37fe5ccd501de4915eb8488f9dc4cb70335a38d7a54eabcdff68ac9d2cc54f8f4be2d1c5e5c3705203ca08129be21746c5eca42e54d0a121da085e5a3ebf91 |
memory/184-746-0x0000000000B40000-0x0000000000BD8000-memory.dmp
memory/184-747-0x00007FF906A20000-0x00007FF9074E1000-memory.dmp
memory/184-748-0x000000001B750000-0x000000001B760000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Extension Scripts\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\GrShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\GrShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\PERTHE563456HGRSEG674RSGE\GrShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\PERTHE563456HGRSEG674RSGE\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
| MD5 | ca7b8657793b7e40eb87a186553e7913 |
| SHA1 | 9f5f6c79567a19fc9ddab1be45446817442f90df |
| SHA256 | 151c5ff4b6f67702fd4c7357a4d114b6dabe6e48c9333f23f437fac04d25a717 |
| SHA512 | 8bbc6f76abd8dd63b1755df03ae085258f8128d816f4e6625852f5f35f2ac7968783f22c501c5c19b0543e560d9f336d23bd074dde83140b3c464f06ac70dd7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional Data-wal
| MD5 | 37110f17eafd53c7be44ed8d901dcb9b |
| SHA1 | 5b8aff04260e12eefa757cacf0dfaa020ab34afc |
| SHA256 | 4f72f7a07b4406ec587c1f7026fcb2abad1f52d9fe2fff18d712205df26509bd |
| SHA512 | 06419536386658eb958f2bae45325fcfaaca146dd276c32d189f0d9567f6ac4ff93719e6a972370f4d482775c6216fc7d2c52beb5a6712c239157ac4df4b7917 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Functional SAN Data-wal
| MD5 | 9ff4fed42568ce9df9c7c4abd5797df0 |
| SHA1 | 24f7b894ed378d804a7d00f9e1ff92828eb3eda8 |
| SHA256 | 09e844efc7d3d4ff59bc410b070df25a68b456a383fa7172a4ac297d04b73c75 |
| SHA512 | f182ae3308c71eb37d232e7fe18769f188bfcec6e8124f0eed6dfee179b10562754690b68e1baf6678ee19c52f7a87505fb28f29974e46dc4f0dc7a961b5de5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
| MD5 | a397e5983d4a1619e36143b4d804b870 |
| SHA1 | aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4 |
| SHA256 | 9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4 |
| SHA512 | 4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 9c49651e2bd8fb39caec3421186d1c02 |
| SHA1 | 47357de29963865f8317f5f85028b26cb300a3c7 |
| SHA256 | a6d7e8877ed172e18c67a4635159d93eaad581985a93e310ff2d8b0782b097da |
| SHA512 | ccb4451064f0dd085035b3ddf11af771aeabb893bed2cea892865e0913ddac5fa6d4d9f3d51c4b9545ff3a0a7d8b64b0d1d5d178d25a6811c2954e54389e3647 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 913a9de3d0b06a03aa920a469981fdf3 |
| SHA1 | e51146bd88968325238c950fa505342b65d125b9 |
| SHA256 | e0ca8c83e21bc1bd2d01b0394bf73b77a88171b50b5cc2c10e8c03f5f57ecde2 |
| SHA512 | 58356a8f4a4f1ba734f16c1b73fa342131b3cb2f1a1ccaa8c634636cde05870c167bcb9ed00b87700c6400bcae124fb2cb1bea10bfc1996d260756299b5d805a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | b11ecefa8abbe8ec4e6e7d137cf3bf75 |
| SHA1 | 39f40c48041b5973dc3f2740c432764f820cdd25 |
| SHA256 | 3350b01dc0649df37889966fdade9faab787f0fe0e02d3b2c2e88fffbce74172 |
| SHA512 | 487c7ea7cb10fe2ca2e95e540b69e9ff7bb40589719f5e9ef557655d993f25a4118bd187698be9007dbbfdd0a44bad534ac99051d890755550236e7c24a6cde4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
| MD5 | 132635c047ed1530af1d86dcf50ac692 |
| SHA1 | d42216bd7cb556002410c3fe7c3a3242dd928b8e |
| SHA256 | 1f4d103427d2e676006f968d5f5c6b0d11cb9496a77e12f5437c9d5956cd79f1 |
| SHA512 | 66e8f2d3b59587eb271ea5c9ae132c1542f8386b0eca507d041a1e6c317863246df213e646f202909ee98e1fa94f967627c89b2989f8bb6a1116920374cf8348 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 7abcdbe5917b216adbb96b0e5255680c |
| SHA1 | c60cf1953158ff41158e4943d96363009703d732 |
| SHA256 | 9ea08f3c5c8ed1452403b7041dec7607fb87a45299b769a8e5073d21ca3d029f |
| SHA512 | 5e67f68cea685b3555b8c250a5ebdf904385c8fb78af674078ff054954eb6bd94450d6ff36ebb5a5a1a09b2e7119e4f8813dbd7e1711187cc5c96cef6c16a667 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | b11531e252bfb1ab4170878cdc476101 |
| SHA1 | bc98f9e0f064ece7bd4fc919b5890185c58a0f81 |
| SHA256 | c66d5c1ea67aebbd11feb2df83b1c1f50a88a0115f18630cab65f2541c49961c |
| SHA512 | 8c4bb068721b2948f13365884cbc7ab0eede8d9ddf30f06928a837430d0a2859cb5decc609161dc38e543e3b98a199002a0be12025e502444f041e657073b21d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts-journal
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |