Analysis Overview
SHA256
9a92c27447113d83d81208169d6c000808a584b9a3223f90a2db04e0bab41272
Threat Level: Known bad
The file Rat.exe was found to be: Known bad.
Malicious Activity Summary
Quasar family
Quasar RAT
Quasar payload
Unsigned PE
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-30 10:46
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-30 10:46
Reported
2023-11-30 10:48
Platform
win7-20231020-en
Max time kernel
31s
Max time network
115s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Rat.exe
"C:\Users\Admin\AppData\Local\Temp\Rat.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7feefbf9758,0x7feefbf9768,0x7feefbf9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2244 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1252 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3900 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3828 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1624 --field-trial-handle=1176,i,10361988795033761174,2098023443468988432,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | apis.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| NL | 142.250.179.206:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | pornhub.com | udp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| NL | 64.210.135.114:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.114:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 8.8.8.8:53 | di.phncdn.com | udp |
| US | 8.8.8.8:53 | es.phncdn.com | udp |
| US | 8.8.8.8:53 | hubt.pornhub.com | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 216.18.168.30:443 | hubt.pornhub.com | tcp |
| NL | 64.210.135.115:443 | ss.phncdn.com | tcp |
| NL | 64.210.135.119:443 | ss.phncdn.com | tcp |
| NL | 64.210.135.113:443 | ss.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 8.8.8.8:53 | ads.trafficjunky.net | udp |
| US | 8.8.8.8:53 | ads2.contentabc.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | m1.nsimg.net | udp |
| US | 8.8.8.8:53 | m2.nsimg.net | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 104.16.122.175:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | vz-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | vz-cdn2.trafficjunky.net | udp |
| NL | 64.210.135.114:443 | ss.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ss.phncdn.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.36.181:443 | analytics.google.com | tcp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ew.phncdn.com | udp |
| GB | 95.148.114.81:3074 | tcp | |
| US | 216.239.36.181:443 | analytics.google.com | udp |
| NL | 64.210.135.114:443 | ew.phncdn.com | tcp |
| NL | 64.210.135.114:443 | ew.phncdn.com | tcp |
| US | 8.8.8.8:53 | cdn1d-static-shared.phncdn.com | udp |
| NL | 64.210.135.114:443 | cdn1d-static-shared.phncdn.com | tcp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | etahub.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | ev-h.phncdn.com | udp |
| NL | 64.210.135.144:443 | ev-h.phncdn.com | tcp |
| NL | 64.210.135.144:443 | ev-h.phncdn.com | tcp |
| GB | 95.148.114.81:3074 | tcp | |
| NL | 64.210.135.144:443 | ev-h.phncdn.com | tcp |
| GB | 95.148.114.81:3074 | tcp | |
| NL | 64.210.135.117:443 | cdn1d-static-shared.phncdn.com | tcp |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 192.178.48.227:443 | beacons.gcp.gvt2.com | tcp |
Files
memory/2032-0-0x0000000000DD0000-0x00000000010F4000-memory.dmp
memory/2032-1-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp
memory/2032-2-0x000000001B250000-0x000000001B2D0000-memory.dmp
\??\pipe\crashpad_2772_KPJJYZXHDPNNKYSQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\CabA3D0.tmp
| MD5 | f3441b8572aae8801c04f3060b550443 |
| SHA1 | 4ef0a35436125d6821831ef36c28ffaf196cda15 |
| SHA256 | 6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf |
| SHA512 | 5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\TarA53E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
memory/2032-173-0x000007FEF5FA0000-0x000007FEF698C000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a0a61c7a6aab9056a32f784acd9dd7 |
| SHA1 | 26b778f43059839d86ed1a1d7d694b68818431eb |
| SHA256 | 2a90a87bc7146420852a0ef4d018fd1f2acea7ded4ac3690d2df113f4d93d57d |
| SHA512 | a898686d3e3dcced6515e5589e4465e3d8b449d523b45cfc69dd7b3a9413e6d637a57917f2a60bc849d6b15ffa4e29f3f4c837ae99b280a1b1e595441c338d83 |
memory/2032-332-0x000000001B250000-0x000000001B2D0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fff6ccd9c107c97ea98ca786109ed60e |
| SHA1 | bb987e8d46bba606f2e7a6ae1d8cc9a9d08c1b95 |
| SHA256 | 877359349b34f71f8ebc25e2388df1ba6bbf04493898312c7febb339cf7c2dd8 |
| SHA512 | 65912ae709e90cf7387a24f524fdf3e493c4604ed6d6c37c474750d34460eb9a34a4d658ae58a9719cdf6bfbbdb548119039f84e8edfecc7ea401dd07bf46888 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 976f17e84fd99cbd0d0a952ca42746dd |
| SHA1 | 94f5ed3b045cf2894641f609ef70012c156fab8d |
| SHA256 | f54857915bd76d2c20ff7aca92e228045643917eb450db52a332bb232c5bb646 |
| SHA512 | bd79ca8c57d768e2b49fc2a627998c3580e8627478b8a7c85b2508bfb2370493fe360a60f38df8dca193ce86f4b7b13475e100ceccbb29f147695a519e660459 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6013815eb4b839eabbd4b5c29d8ddf57 |
| SHA1 | 36e52d52d78b9a960343bed687c0b0e889abf71e |
| SHA256 | e1752611ee327c536e58444affa13a9f2b818d05c548d893994161a6cd368270 |
| SHA512 | 96b2d54985c094236fcf988a0e37eee60ac460bcac7b1f9ad8d4ec05664a116a45dbd0124a04a039458256c1c8749bdd8b92e67185ac50557fb0b4b35ca69315 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 791805b4e242448ceb7ffe63e3ff32cc |
| SHA1 | f331dce1cb01bf12689e45d472d400484f0efa6d |
| SHA256 | 7a1434ccc1695e8bb09ceee2b183be311669767adbeb2603d5debef2aa1ce040 |
| SHA512 | badd45095760cfa3e07a37d373908d33a5e25c7fa8de67a6dd2bf6e09db94608e9ef61975dd154aa7df29a246134ec4360f62f1068267ae209e18d5579f59d12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e5cec7b00da065746282679690b78e9 |
| SHA1 | 73b99c9f0b88fdd0e9e430f7d08f50d9588110f0 |
| SHA256 | 838b9693f5bea64ce631dc12dcdb90fd73c7e98815e70f3a71bef252b509c31a |
| SHA512 | 9a74183e18ab0af0849e0942110292b4f44e628a1586d40d85018381ac2f9bbb467cd31da6355e9b59c7bf35e4e088f2a4134f80f0684f0295de0ce4cf4de754 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f86c0f8d06342f24f2f15c24a9ebae8d |
| SHA1 | 19919ce60e2fe80ee32fa3d3e8243cf4d9edcd64 |
| SHA256 | e28901596b23cc6b5dc2d4e7d15e0121a948e7d0152323744636b3998d3bccf8 |
| SHA512 | d535259cc291acd45ff3ecc549845c7b9a38fa76efb35ca684d2a0d1e175277275794d85fc8d1ef1dd98302e4a57094267f61372a18fe14ef5ab4f6b287b4068 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e1f58ed13a06fcb12047c333f270a2ec |
| SHA1 | 54a7c931ae2a1101906882e2d0950094ddf5691a |
| SHA256 | ceaff8eb1248a8862d590dfca2ec6ee6b4201fd159caa427ab3e259fc4355fd4 |
| SHA512 | 97ffb30caf3c5d757b7d212ade2d223b1fc5705edd634df7439ae7c4782299cc309125c29d9e5b2691ede98e102b7c1c4d1519c9d65af7905d1732fe63dd30ca |
Analysis: behavioral2
Detonation Overview
Submitted
2023-11-30 10:46
Reported
2023-11-30 11:16
Platform
win10v2004-20231127-en
Max time kernel
1799s
Max time network
1804s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Rat.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Rat.exe
"C:\Users\Admin\AppData\Local\Temp\Rat.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc83dd46f8,0x7ffc83dd4708,0x7ffc83dd4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5896 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x150
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,62228301988960546,16807351812153033846,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5992 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.24.238.8.in-addr.arpa | udp |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 131.253.33.200:443 | www.bing.com | tcp |
| GB | 95.148.114.81:3074 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 200.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pornhub.com | udp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:80 | pornhub.com | tcp |
| US | 66.254.114.41:443 | pornhub.com | tcp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| NL | 64.210.135.114:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.114:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| NL | 64.210.135.117:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | es.phncdn.com | udp |
| US | 8.8.8.8:53 | di.phncdn.com | udp |
| US | 8.8.8.8:53 | hubt.pornhub.com | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 216.18.168.30:443 | hubt.pornhub.com | tcp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| NL | 64.210.135.119:443 | media.trafficjunky.net | tcp |
| NL | 64.210.135.112:443 | media.trafficjunky.net | tcp |
| NL | 64.210.135.117:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ads2.contentabc.com | udp |
| US | 8.8.8.8:53 | ads.trafficjunky.net | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 8.8.8.8:53 | 114.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.168.18.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| NL | 64.210.135.114:443 | ht-cdn2.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | hw-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | m1.nsimg.net | udp |
| US | 8.8.8.8:53 | m2.nsimg.net | udp |
| US | 8.8.8.8:53 | vz-cdn2.adtng.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | vz-cdn2.trafficjunky.net | udp |
| NL | 64.210.135.114:443 | ht-cdn2.trafficjunky.net | tcp |
| US | 104.16.122.175:443 | unpkg.com | tcp |
| NL | 64.210.135.117:443 | ht-cdn2.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 119.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.122.16.104.in-addr.arpa | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | adktrk.com | udp |
| US | 34.160.198.209:443 | adktrk.com | tcp |
| NL | 64.210.135.151:443 | hw-cdn2.trafficjunky.net | tcp |
| NL | 64.210.135.151:443 | hw-cdn2.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.198.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.135.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adiktive.b-cdn.net | udp |
| SG | 89.187.162.241:443 | adiktive.b-cdn.net | tcp |
| US | 8.8.8.8:53 | 241.162.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| NL | 142.251.39.123:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 123.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 216.58.214.14:443 | analytics.google.com | tcp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ew.phncdn.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.102.250.142.in-addr.arpa | udp |
| NL | 64.210.135.119:443 | ew.phncdn.com | tcp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.thuis.nl | udp |
| DE | 18.156.16.63:443 | track.thuis.nl | tcp |
| NL | 216.58.214.14:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | cdn1d-static-shared.phncdn.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.169:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | www.thuis.nl | udp |
| US | 8.8.8.8:53 | 169.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.16.156.18.in-addr.arpa | udp |
| NL | 195.245.236.220:443 | www.thuis.nl | tcp |
| NL | 64.210.135.114:443 | cdn1d-static-shared.phncdn.com | tcp |
| US | 8.8.8.8:53 | cdn.mxpnl.com | udp |
| US | 8.8.8.8:53 | vz-cdn2.trafficjunky.net | udp |
| US | 8.8.8.8:53 | vz-cdn2.adtng.com | udp |
| NL | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cdn.pushcrew.com | udp |
| US | 104.20.55.119:443 | cdn.pushcrew.com | tcp |
| US | 8.8.8.8:53 | 220.236.245.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | etahub.com | udp |
| US | 66.254.114.62:443 | etahub.com | tcp |
| US | 8.8.8.8:53 | evtubescms.phncdn.com | udp |
| US | 8.8.8.8:53 | 119.55.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| NL | 64.210.135.146:443 | evtubescms.phncdn.com | tcp |
| NL | 64.210.135.146:443 | evtubescms.phncdn.com | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| US | 66.254.114.38:443 | ads.trafficjunky.net | tcp |
| NL | 64.210.135.115:443 | ht-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 62.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.135.210.64.in-addr.arpa | udp |
| NL | 64.210.135.149:443 | evtubescms.phncdn.com | tcp |
| US | 8.8.8.8:53 | img.thuis.nl | udp |
| US | 8.8.8.8:53 | 38.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.135.210.64.in-addr.arpa | udp |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cv-h.phncdn.com | udp |
| US | 152.195.34.118:443 | cv-h.phncdn.com | tcp |
| US | 8.8.8.8:53 | 118.34.195.152.in-addr.arpa | udp |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| NL | 64.210.135.149:443 | hw-cdn2.adtng.com | tcp |
| NL | 64.210.135.115:443 | ht-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| NL | 64.210.135.115:443 | ht-cdn2.adtng.com | tcp |
| NL | 64.210.135.115:443 | ht-cdn2.adtng.com | tcp |
| NL | 64.210.135.115:443 | ht-cdn2.adtng.com | tcp |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| US | 216.18.191.182:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | ht-cdn.trafficjunky.net | udp |
| NL | 64.210.135.113:443 | ht-cdn.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | 182.191.18.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.135.210.64.in-addr.arpa | udp |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| US | 8.8.8.8:53 | cv-h.phncdn.com | udp |
| US | 152.195.34.118:443 | cv-h.phncdn.com | tcp |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp | |
| GB | 95.148.114.81:3074 | tcp |
Files
memory/4608-0-0x00000000007D0000-0x0000000000AF4000-memory.dmp
memory/4608-1-0x00007FFC82F00000-0x00007FFC839C1000-memory.dmp
memory/4608-2-0x000000001BAA0000-0x000000001BAB0000-memory.dmp
memory/4608-3-0x000000001C200000-0x000000001C250000-memory.dmp
memory/4608-4-0x000000001C310000-0x000000001C3C2000-memory.dmp
memory/4608-5-0x00007FFC82F00000-0x00007FFC839C1000-memory.dmp
memory/4608-6-0x000000001BAA0000-0x000000001BAB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e5c27b4a4d5a3c9c60ba18cb867266e3 |
| SHA1 | dea55f1d4cdc831f943f4e56f4f8e9a926777600 |
| SHA256 | 860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9 |
| SHA512 | 56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b |
\??\pipe\LOCAL\crashpad_2580_KGCTKQKCKQRISRRX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 013cd13dbeb7a715d39077dd1304b4b3 |
| SHA1 | 016e7d02bfe6d65bad145806447ec0dac2759b02 |
| SHA256 | ad29d34385eabcbab9df1b59bce08da4ff9312488df3ab5dfd13372aa0d96601 |
| SHA512 | b10444d136441c438c1eb2c19aaa7ffc95f68d069b8949239595a6d6ad333057c25a290fc386ccb9d5dc61248ee2bd5ca30679f5fea174f2829b2dc162111498 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1cb49b29c55a9af9e4fde2f4e785c9d3 |
| SHA1 | 1b2d54c29c990af9c9cf3001ceed60f066a87238 |
| SHA256 | 913bf356f3d1d9311b07f601515cad47fd7b77caa6a152cffe3cde7a5cc607e4 |
| SHA512 | fae47714ddbf062ead8a9e7f8b4cd9557265bb98cac93b2243bce43bf46ed49c202004630bf3afebf116810ef3f72837e24f4bf9578b4f6f56829f689e8f8b44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a41b5e8235827c27dc3b8a9c6c95bc07 |
| SHA1 | 1d5a0205bea9533b52890a0e4f9d65e47e9d8e50 |
| SHA256 | b2a0b45f21fb94012e20ca641353a6e5efeabfdf2988350ea8e2abca421ee233 |
| SHA512 | 3ca1d114149869bb32e4af8d3d72ae7fa10def12259fbe4c13c8bd5618f92409df7bfd6b21554efd5b11e5c737354f4a796e792126a75bb5e750527ca3ce009e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e30738d93d6789672ce8e1c4bfe275a8 |
| SHA1 | ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc |
| SHA256 | 7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832 |
| SHA512 | e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e30b3d3263b908f2ae89e37b664d5aa |
| SHA1 | a26db667ff4df5a8ad67079ba323bd7dc19e57c7 |
| SHA256 | 684477fa4abc8f56b9ca960ead1caa54bc5a5f0cd93154dcf08256b51c41bd7d |
| SHA512 | 909a6cfe2e8a2c2a7d719aa91c1f0b123cecc863c57742eacaf527352a9b977c0d3330db320b0a2d65ef4f236f181911a9b8dbed593bec01b029789041b2b5c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d
| MD5 | 48c80c7c28b5b00a8b4ff94a22b72fe3 |
| SHA1 | d57303c2ad2fd5cedc5cb20f264a6965a7819cee |
| SHA256 | 6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356 |
| SHA512 | c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 37f92d32b10127e61b974264b1ad442c |
| SHA1 | 6f1dcfdc29f8b94bf643abda3982c9a90670b85a |
| SHA256 | 700e6605fbf5d96dc24043f9af3e49b79f0afaf41d1b40e957cadd025f92749c |
| SHA512 | c5addd78e52af7988608e6d29619eac7968d93d84a6deb2291d1cca8a34f44f7b22842913aaee3b6f6ef677c99f6367a90f91d0129f5b01c3c3044e17b74fe80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0693b579440aeef591aeeeade847834a |
| SHA1 | 9d9be6e3d7e8e6b0e771b50f3b5be3379a50349c |
| SHA256 | 0f2e57533f992292571c9bedd34a01832ec272cc3f57575f8a00aeccdf1b8618 |
| SHA512 | fe4ec3add3eaec79790033f1f7e89e30ef9e2ea49edef9c2343c90fca5608882971f9065d1d615f95800bf7618054204efff39b16aeb837758b039ce2ca25821 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8e613ae0d19c4ec567c379eb43454b65 |
| SHA1 | f63ee7123ae8796be153fceadcf07e12ff5a5b1f |
| SHA256 | 6ccbefe502808d2d2bb8f00740018d1134716dec436be0024500d49db3f7c0ad |
| SHA512 | 38f937d1a08bec23dc7db2e9db7304dc55120f2364b2575c6ac04b69ef9784acc477fa6a7f4ff569ab3278cd6fdce573dfa795d4081c4a52f1e295c16a80c9e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 3ff31f3a26970a53d9efb9ca88749476 |
| SHA1 | 3ed46e4746836978f69acc2b994e2f113a9d7ea2 |
| SHA256 | ad195970b2190e55c0d3b60c870f82379730d3e0e4e8c857fc119408afcb6596 |
| SHA512 | 575e37295bd9bed0bbc1836193abd6401d48dcecd1e964c812eaeda6f44661f4c6d9423b2b4a5e639c970f7c9c8e74a4b5e259467e4d59dd57edb9032a150b48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f63d.TMP
| MD5 | 6ad335b9f973bf110706130239fbc5cf |
| SHA1 | 56e5a31e6ad2f4a3ac7b3db96cbec6517d3684b3 |
| SHA256 | e6c416e74713e598f81fa4a314f32d27967dff4a9058bb7a5ea382e3c7993581 |
| SHA512 | 6e50a8322dab1b4117abc59cafb4853724eb5a6c718387239a812079d9d94c90b1163d252bdcd1b54fb64005b6ebaba8aef092760bffcba3ca2a626896cf4de6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4547a7e9545107213d1023b4bcddb6e0 |
| SHA1 | 3828e74a7f3d8ab25af3311223f61be287fbf889 |
| SHA256 | 741bf82be74a7b0ac57d7744ee98fc72cd01f521ea42815460ab5bd7d7a182b1 |
| SHA512 | a3e67ea164fac465a0ab4e0d30dbac28ff830f7e151f4ff94bf5636cff9261cead33ea6660f1bec750515fbb85b9468821ef25555ba24b19b6305cabdaba1092 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 15c241c20d7b6e37ae2e82af667603c3 |
| SHA1 | 21a9dfa73ea1351f88b0ddf2b7bdfa16f6580e5b |
| SHA256 | 396a6da43a0f5492b3a5fb4ab96651e23ddce8bedfc6783e2b4881cbc905b2b2 |
| SHA512 | f485e12ba7cc4cf891726af0febbdc0b7a8d45e886f17c3d664c14ae8d1f2cf36c051204fe6d3ea93cdc9a2f6ba01b408026d22600f803560bfed0fee4c68f59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ec8d4151959fd5e14fda71421ab1212a |
| SHA1 | b26f76042e241771f0f4d964225b27ec1020fc01 |
| SHA256 | dfcdb405023d507ee1ba4940b85daecd940b96321ece9b321c56b5d9c0262177 |
| SHA512 | dc45066922e59c3f4af3bc982e4ad439f02740b9d17c817e6b9ed8c81704a2cfd5d02b5bf5831fdd10bbd86918dc9d8076042a0076c8adfef0ce8d88d40ba4c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 84580b7682f0efa972c592f2de4f9f8d |
| SHA1 | 1cf1d1c9f1506cc813c45f8892433a3b3994035d |
| SHA256 | 3dac3ca41723c86bf5bc8e6ce2f2db4f3e7973e144ce4a376617a3d3a417367c |
| SHA512 | 2416dd1f80a9c3c2ebae8eda6625c53f09f659e34005f5271b6a3e9ddeed99a3c6a48c972e5d4a0274af12ee51ec9eeb566a82b8c5ef402a3a2438e8d434957c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 80265558fcf1db01aa207ce4acd262ad |
| SHA1 | 15fb36eb302de2f8f24f4803e9f57ca3f4e53f19 |
| SHA256 | 3ac041fd65d81f8c7a1702687f4eaa5707d4d0a2ab3eeb0d7fd31face233e0e8 |
| SHA512 | 544a9d766511478ef5b1ede08b5fdd41ee7ef13b07219215a14ae6bb45635b9ee624e6c7d2bf39f110e375b325a8ac3e15296dcfe21f37ab0f9dfae82705b734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 906ccec6a2b8b83d4fa0cd336921971e |
| SHA1 | 4f15e5e757292cf8ef5458f5bd7c31496fb0dfac |
| SHA256 | 1c0a246e5f497f03158959768548e780c73c06ccab4890c0832060fe0524614f |
| SHA512 | d3b8edb7eb1d1aee259dc11eec540e09d57be8866c65a868bf827f5fac8b898de903fd41ed976b4523882ffbcaebb1c391b2623ecd9ba88a777f667eee1ac82b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3e1b5e7e35fb8731804d1f6988aa2ab4 |
| SHA1 | 5a7f9c35cf0ab13994563260ec594433d6463f44 |
| SHA256 | 003d4d7989db54d25611f07e0edcb3683d32880a8b6d0378a197580d6163b5c9 |
| SHA512 | ef4cf16df2a288bb2288d9363695fedf27683c7e2b7511c3afc848cedb719d8c266c78240ed4b2f156aea465684a10cc07abe7936726d621f1f8adfeb2d6ea42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 39ae2bf08152272bb5c4ea140bbcd16e |
| SHA1 | 127dd81573366bf069f0e967330fe7d49887040e |
| SHA256 | 31012f609a5f2548cae0250e23275df22a97782271d975a7bce2280e407af87d |
| SHA512 | 209c8aea9702b62084158ec333e0d9d123ddfaa430e6066f1792c1b7db8d1661dc460f3b97e667684d13c66f6f6c1a75a9575d00883aa3dfac52c5169f15ac9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | 7005fe2ce78c66e2daa211bc5e34b8d8 |
| SHA1 | 8af531d07d4de7f3a10d0bb748f5f20b0ebe0922 |
| SHA256 | 63d93b295cf98a02c2ea7ab57669cb10fc0f9953cadfa0d3d21e8e4f2f922b36 |
| SHA512 | acc343c8bb1a638c008b6cc454cd09883d558f6de1d381f479050711526d64437036d1730360e75f53513fda66acd1f140cb580e0a2827abd6f990b59c48021b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
| MD5 | adbd876e17d0e7463360872932a12963 |
| SHA1 | a46df0c246cc495e513692d2002d5bcefaa6af9d |
| SHA256 | 4852e8cffbfdc88732145ab00e23ce24f537f43d5ba08ab3af1ac7058c460eeb |
| SHA512 | 1beab36d0045e3c762b4f73752361d0ec6fbbc8cc45b6a287331ad1d13f4633fef5c4c601b545ff5fe0778ddd01982de647ef822f94b6e2d7cb69cbd2475002b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c9f7e7d72ffbe2d4d7227fa8e7b57116 |
| SHA1 | 2ddc559f61e9ee8d614c4e6a47d6c11a7bd179a4 |
| SHA256 | 08ac2b54771e7dfb510e1106574d1cb5db90cd4b16de5f96b3ab5bc42b1c139e |
| SHA512 | e3d4168d985d5ea2a6b88727f9764f20c0a74952b3a1a1457f16cce310dafecffadc95b2d7183f1ac8548b76309b7cee969ac6e293bed2bdb3d26ee4a608f12f |