Analysis Overview
Threat Level: Likely malicious
The file https://www.youtube.com/channel/UC0G6UimTOf4mIRvW11yPZXQ/about was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-12 04:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-12 04:12
Reported
2024-09-12 04:15
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
148s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 792221.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-701.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC0G6UimTOf4mIRvW11yPZXQ/about
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5c9c46f8,0x7ffe5c9c4708,0x7ffe5c9c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x504
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6308 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6264 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c33b9dcfb3744a2b904674a9c4df499b /t 5708 /p 5672
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,10891435241988081394,6505836913613735669,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5044 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | consent.youtube.com | udp |
| GB | 142.250.179.238:443 | consent.youtube.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | consent.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.200.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 54.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | rr2---sn-q4flrne7.googlevideo.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| US | 209.85.165.167:443 | rr2---sn-q4flrne7.googlevideo.com | tcp |
| US | 209.85.165.167:443 | rr2---sn-q4flrne7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | yt3.googleusercontent.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 216.58.201.97:443 | yt3.googleusercontent.com | tcp |
| US | 209.85.165.167:443 | rr2---sn-q4flrne7.googlevideo.com | tcp |
| US | 209.85.165.167:443 | rr2---sn-q4flrne7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.179.238:443 | youtube.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 167.165.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 209.85.165.167:443 | rr2---sn-q4flrne7.googlevideo.com | tcp |
| GB | 216.58.212.206:443 | play.google.com | tcp |
| US | 209.85.165.167:443 | rr2---sn-q4flrne7.googlevideo.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.230:443 | static.doubleclick.net | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 216.58.201.110:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.169.78:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rgcatalyst.biz | udp |
| US | 104.21.68.214:443 | rgcatalyst.biz | tcp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 214.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ucd16ffd644b773d94aa2af536a8.dl.dropboxusercontent.com | udp |
| GB | 162.125.64.15:443 | ucd16ffd644b773d94aa2af536a8.dl.dropboxusercontent.com | tcp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | winrar.com | udp |
| DE | 51.195.68.163:443 | winrar.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.212.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dd2754d1bea40445984d65abee82b21 |
| SHA1 | 4b6a5658bae9a784a370a115fbb4a12e92bd3390 |
| SHA256 | 183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d |
| SHA512 | 92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1 |
\??\pipe\LOCAL\crashpad_912_VKBYFMIFZXEKFKLQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecf7ca53c80b5245e35839009d12f866 |
| SHA1 | a7af77cf31d410708ebd35a232a80bddfb0615bb |
| SHA256 | 882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687 |
| SHA512 | 706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf5b678cd022b825c0fde736fb9539e3 |
| SHA1 | 5df2b89800b7d566dc78e0c63f28248ee0309dd8 |
| SHA256 | 103bba156b668772f4857e0800f49ad0a542e3837584f964be2054ae9af55071 |
| SHA512 | eb2a46a3cfc167415ed6947a5087a91f53b6feb99aec1c65e10a78121597918b302c2f0f6c5953ee00aac64efffc13258278584dd41117af312c653b67191e51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5cd2acb43ae54de4288ea43ad8298e10 |
| SHA1 | e6d2617ae87e7902594dcda35dd62b5acec11997 |
| SHA256 | 9fe2a21a8652dcdf990b3481a0e7685e62f885abaac940f606fe2456ea87c49f |
| SHA512 | 428384b1baa751cd5cb1f8409b015c817b04b4baf4f45fc94edcaa78365048fa2263e505bd62e36ebb5eca40a2b70855254136f2f0f898fd244521f578c168d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b0f53e29c6e5a9a486bb886649a9fd7f |
| SHA1 | d209dc14dd0835a0b068b0a40feaa3a809472f77 |
| SHA256 | 04b51d79613b6371ec1ee43d263e654092d792ca9af55401d2bdbba56e217711 |
| SHA512 | aa327d58686eb98bd8d6e51e543cd2ba89923d0b3cf0ad0707b81094df9e81d1cc14cfab4426a0eff352ee5d49bd1e5476b2eb43b240f762295d7150228ac358 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 46c7305a5d7e9a8e2ff5c2097ea42494 |
| SHA1 | d7242790bb75895f54b64867fe45ef8bd998938d |
| SHA256 | 8f7fb1c0e2a607ff11693c27476422c8f8ea186844609f4b0c0edb4ec72f3ff0 |
| SHA512 | f1186d147ed92bdd4c56ddc35af7b8b1176766a608d439551a33a0cd98621ac7a1fdffeebfaee95428be86bec207b5ea2dd1f7c90c7a3211dbf6ef4dde637283 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 68753278dcf7a8d19704daf58d4409b8 |
| SHA1 | a3380a47f4f47cc7e391b6e8ffd2ce2ee7981cd3 |
| SHA256 | f175debda6d703818dd3572c5a0b515471df0365d630ffdf466c286f0cb1f389 |
| SHA512 | d67feb18c7232be65d0b8ccbec04f13cc8b5d3e0fd31a2ba3b39f65cca5bb8c3abc6c1bd04bf4a3f9e06d9aa6a3a5ce7b38db8b510b1e31294645661c9ca3bd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 248b9467055c380f162800b270cc2b54 |
| SHA1 | fcebae8a4dddcd663ed96935845cd7374178b806 |
| SHA256 | 07db6a581f1c2038a6497c591570d1920f3e0d4a5a5e060e0bdb68c02ab4f54e |
| SHA512 | bc61fa875b9d9c99d28a8c61a8f607e3b36ff174d7e6b6cf7f143c86856f82e4767f3f3760b979a1948d70ec7ac1832eeaa0c71c0aee38539c1f6c47a877dcb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9dcec7cc0e99e00be8704fb91c9754c2 |
| SHA1 | 538f3620dcdc6e6838dede0b7321aba17f7cc60b |
| SHA256 | 26b6f0be2afce7f58279c94c3af6f0b68b593084ab23f9be6f57c550c1090d89 |
| SHA512 | 4a2f515e65dcaee83692c57f7f1a6d66fa4d328e4545da7d6cb24597cb409311f5d4d1ca18f4644e412d4113269e631b5c6f1cea4240a38a64a5457a23405286 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ccd48f6ee2153901b03a55c880176fd8 |
| SHA1 | 56453a11c630758f8e9249e3805ab49ee05c4b0c |
| SHA256 | 9e6169cc0854410b1ee3815ee57137f6284bb3b3d7885dfe0e8dc602fb13d033 |
| SHA512 | 890171fb0790b9b5b4ac18a96b5fae9c96e771d76def18b45b0427c851a4947022258b6a08b3c3b7e8b1a7724b0d5207ccf35d4b6306039c75e23588678e609e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b73811d284390b52a80fd56c2b9322c0 |
| SHA1 | 9548462e318ffd22b9dfd255ea1662a42f427ac4 |
| SHA256 | 60e0d05a3f1887d050983c1d6b361c7a8453c3893d05bb8a7548b136a2d9c61c |
| SHA512 | 75de5c14e1120959d27afa33eaa9a679f67ac937ac55e635b7f01eca4cdf2d88b0df001e9d4cccc3b32273bc243fdc84b960e64e915148c3dedebaa7f1c4744f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ca64.TMP
| MD5 | ad711dd1630eb74f061a44d3bcaed193 |
| SHA1 | 4ba7aa436f59c7ef75aaf23c07ddad83976a4915 |
| SHA256 | 736cf70289d7c4b9f121326c4faac6e088bb3712ada38641dab8623550e231d1 |
| SHA512 | b8a26af437ec80ed792ffac4fef68d7542da714fa38710e8fe9247c1101e487c51b8a74c09099877498ce023cd0d845ea9f67b8159f28cb1d134e782fde89b31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 061667d4d5e0b7d50379cb88409e9ffb |
| SHA1 | 2c8bd81db31d58c2f2fb8b51b95f86da024fad00 |
| SHA256 | dfa8aa9676dbc73e9243ac04845b99bbc80d11a2ae8971fb0a7eb2face8fd6bd |
| SHA512 | d1b018fe3d017d51b3413e2afbf055d6adaed02c0ac4d8e9d9c3478b97e7ba8b46109add838ea2742300e16c9ae21f83e4131b52be339417b46b298a8f017122 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dea8.TMP
| MD5 | a1433db8b37d0737df7c6e5806108e89 |
| SHA1 | 866becc786550ce7b9d06c2920e89a24fe703345 |
| SHA256 | b458eb5d99e898cef51d5a8df11158b044a6e3bd849ae16a1a180a0b82c46405 |
| SHA512 | 52bd628b0a5fa48b4542ca92bc59a3c9a7f1b3d58bd8c134664a2b9e86be082701efe511c728a22a30519254fa2a7f69404eb375a1b5fc78030eb048d7df04a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4ad4ef5a-9d58-4c7c-aa6e-28391e83f1df\index-dir\the-real-index~RFe57e60a.TMP
| MD5 | db615e54a8f35bfdb6cfbb5686a81e7c |
| SHA1 | 33cf2c1a54ae6c0f1c42f0b31fb5b6797d39eb4a |
| SHA256 | 783ad2b87d637ba312ca55289235657060845051395cfb4be27bd943a7d771ba |
| SHA512 | 3db57d754f8a3a28459418f00cd01c1de57ae03028dd692c2f9a0792868d9308f974afd822dbcb5e8311f6d803f3b1d28aa432361d3a02e2afabc0b0a84050fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4ad4ef5a-9d58-4c7c-aa6e-28391e83f1df\index-dir\the-real-index
| MD5 | 12d87d8e3b89324c3239007595b05ce0 |
| SHA1 | 1e7aa00dd0c93b0f4d4468d070943354bf315838 |
| SHA256 | e6dc1177b49f7426be0e0614e8255becc97642c54b8e37af43403c2ed1344d55 |
| SHA512 | c6e99d6e03aad16cbfd244b5a3bc0a8380bbb1ad6b909900b6ecc034084fb2b44a0e650629cc14b00d0b8b626faca56209294f3958872ee69aa10a5e1afd17ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3cb51f2-6c5d-4884-a0d1-806c4509ba6e\index-dir\the-real-index~RFe57e8e9.TMP
| MD5 | c307cffacf15b953d7dd4218921c600d |
| SHA1 | f2d9243b33a43a72dbb77c8c91b2c36ea9983cd4 |
| SHA256 | 0d4c33590282b69300894dc77047a24a5605731fb74cd6993aee154f90903fcf |
| SHA512 | 464c2a0cb8afcb1d0b0f8924700c547257a8052b36f729df6376ec12443d5da1cfee38762b855390d0bdec97975bee16de0d16fb5632e35cf8562dd4eb00a2b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3cb51f2-6c5d-4884-a0d1-806c4509ba6e\index-dir\the-real-index
| MD5 | adebf6e972bff534f8ea664d982ad42f |
| SHA1 | da1d4c7e68df6a207dc68db6e1e615f7b2ad878d |
| SHA256 | 938284bdef9c12028c515b0d02c7276a08db8dc5a0349e6dd25544b2575ea077 |
| SHA512 | f51d5ee3315e47cdd8fe2ba5108d9005d2d152ae6e623645685b41fc07b949f14ea6fe12b8a22d6fbc6104ae9bec3f38d0c338370d1cc3da86d2438057390157 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 87f45cb4687fa45d169e1a3f825269be |
| SHA1 | b20b50c1fd65ab0eb444f8cd1195109bff808ca4 |
| SHA256 | daa2405553bc79e925d9f9f5ff923dad1607790d2e1ab4e70f45c14239078162 |
| SHA512 | 273ae5e371682241e84909e30cdf59238a498735df0d19a49349f6a7ee48008db4d2766b8f7f5497e2755a21d8917680f9d96d2a1afb367e7a00def9299fdae5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9d5d49aa360c4327abbb9996a7be7fb7 |
| SHA1 | b710d42001a274443f59edca59c1d8cf8e3b0e55 |
| SHA256 | abf6c8e2b7a4d6099dcbc36c30b0ffe1b00cd6f39c3b16d79c051a87e85a9fe0 |
| SHA512 | 6ae59f102e2bd3fab308014f274fe1951a86604e8367b8af5d0f78485f0d783eaca0ae7016219f1b352ab3c7fe652b28fe9af402e70f0f44f471f66ebe835b88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 545f0566e3b71cb3216f77494458c6d2 |
| SHA1 | 0b56fad37274de50d22a472fc67ca0ce4d81e9ff |
| SHA256 | 58e72085ca43c871af34433ca78ad627a66cedbcbc8009d6aafe580971e1c557 |
| SHA512 | c9f3ef523fda25466c62a6f7808daa70d2fd3f2bd471038d94d08f515be4b1801e15ef0322fdd75d51a78edadd176ece5a92faf027ea3a444ccb0e22f9334762 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16e6b749a93751784ec49fe029fb5ce3 |
| SHA1 | 73606764a0d05ef0147e00205f6595eaf2cd42c5 |
| SHA256 | 333679ffaaea59c498c366703ddc3e650aa7e0fa027cb6953192ea75f24b6f49 |
| SHA512 | 0c4d44b4c179d5e7e5a8988f617a66bce6db876621411edf117e0fd77aa5e9bd20a352f7debaf724bb05180f0a8d9f08e3cea21b4ba2b8de8bbc3cc8521f40d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 009aaaab135b5112b7b3a59813a48076 |
| SHA1 | cd6e5f42589694a3228bd4cad885d7560c0e971f |
| SHA256 | 5823fbe83dca43688af27279eae435d703df16f2e10aeb095f16d55e9dedc042 |
| SHA512 | 50115dcd2c18ce7248790bc7cfe0a98fa1f8b5655fc7138d995e3bf595aa31abd8260acdd4cc53af085bb5aba702994d4fbf0daa1eb7e8b267ca1ac93a404240 |
C:\Users\Admin\Downloads\Unconfirmed 792221.crdownload
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 78a88b7012ee89cdc0d68e2960d391c0 |
| SHA1 | 42c5a33d5691560210178c397f3e6a7e86168c53 |
| SHA256 | 4422888a26850a28f65bad1dd8e02483703272a036458322cd07a1c0401dd78e |
| SHA512 | 6d4128e3557c01daedf7b765b9132f64f9581a23eb177dac6fde417315fe7e76a649754af4c586f88cda4e03078733101142ca1e54d83b6282d2cfc3ab5a02d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 19ba79898ad78a2efa159fa3729586a3 |
| SHA1 | d180e1279fc68cd21d86fed150859366516b4794 |
| SHA256 | 70df2f0df521719dbd1ff2ccaef973a68ead94046c48189f9d754938353db6de |
| SHA512 | 0702be638fea0eccf72902adb16148568798c27cf691b080a55199eba2b4de768b47a09092a285369f364d83a50d6cdc2e80e635565545262cf9633a476e3145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 47a3f982da6a7379c574977490f72bde |
| SHA1 | 7a364ca040a4c73c65a094b5d2b9bce8fd6b92b1 |
| SHA256 | cfa5f9d9331e38a9ba81ed80eac80d33ff614986986502e2d6b371951aa592aa |
| SHA512 | f8d6962672a5a666670270a3b4ad57b0ab3ee1ae50271f9712d4775f0f2b67abf30977654d0b26d575ea62a1f0c1b86164618a215c2720834e138c6ff43ccb91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 41a207c9b9f3f3f248c3ee53498191ae |
| SHA1 | 67eea288a1ae205cbac55e82bb29ee4f6b5cba12 |
| SHA256 | 27dab4b706cabbf02c2d7c0873f909fe6d9c92a5dca297b3482acd043f1aa4be |
| SHA512 | ecdb43d7384ca9f3a6152b8143eccc2c9fcec616a6b2c92ff35a6a210ff74999ef35d650a69819bdd90703ac8673ec3d315c99506f65b1144e1ddc322cb55b74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | a16d2487788f3636963dc261fc5b01be |
| SHA1 | 4edd7357b3073d74585932808991080ec5e61441 |
| SHA256 | 3ff3ab3378f4a23b063533749ec95a05e68021593a96b4c7c805fa96019aa423 |
| SHA512 | 246593a0203a558dd43d80ac10b1e8c5c5b5c0032c0def1d73a1ba0008f4fa01b12f941215221b6f613fc73e4be7190adac816696500898ad71809f63071336d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | bc86b34d64050984b551418a2c7dd7a2 |
| SHA1 | e7c7b4bdefc8cdc059248d7d12152d43948c2279 |
| SHA256 | 4524f73e3e19abedc58e11ca392010ec7689980c8a7344a3216fecd7902140f8 |
| SHA512 | 1ad414c77dda00ae63157039a67e7771e7dc17ecaa380136cfd186665026698b93257c377f4149e7e03ec10c2e1d43bd59ce7342b89d16d3065d1498d5fd04b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3820fea7056f4712d5ebd15f7763a19c |
| SHA1 | 9280b24902d8cf17cdc35ccee7c0f25f602d6e05 |
| SHA256 | 343a11430ab6033c4fc5dbc1ec0ce84f93bbb70d0417e427ce0312c753d3f826 |
| SHA512 | 0516d252b1d2b5c1dbe19a062e400bfad14461e2195b4971cb8913465f8fd644ddffb470810f21fb3abf25abc9acb1270b901342f03963af52ccb8f5c0ccb5e7 |