Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.youtube....

windows11-21h2-x64

1

Analysis

  • max time kernel
    28s
  • max time network
    27s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/02/2024, 08:51 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.youtube.com/@FlyBoyVR

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/@FlyBoyVR
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9f8df3cb8,0x7ff9f8df3cc8,0x7ff9f8df3cd8
      2⤵
        PID:3588
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2080
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
        2⤵
          PID:4276
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
          2⤵
            PID:4624
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:2448
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
              2⤵
                PID:4528
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
                2⤵
                  PID:3644
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,386264743228534432,15972219310806039156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2964
              • C:\Windows\System32\CompPkgSrv.exe
                C:\Windows\System32\CompPkgSrv.exe -Embedding
                1⤵
                  PID:4420
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:4748
                  • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
                    "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\ResetApprove.pptm" /ou ""
                    1⤵
                    • Checks processor information in registry
                    • Enumerates system info in registry
                    • Suspicious behavior: AddClipboardFormatListener
                    • Suspicious use of SetWindowsHookEx
                    PID:2104

                  Network

                  • flag-us
                    DNS
                    www.youtube.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.youtube.com
                    IN A
                    Response
                    www.youtube.com
                    IN CNAME
                    youtube-ui.l.google.com
                    youtube-ui.l.google.com
                    IN A
                    172.217.16.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.178.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.201.110
                    youtube-ui.l.google.com
                    IN A
                    216.58.204.78
                    youtube-ui.l.google.com
                    IN A
                    216.58.213.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.78
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.179.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.180.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.206
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.238
                  • flag-us
                    DNS
                    config.edge.skype.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    config.edge.skype.com
                    IN A
                    Response
                    config.edge.skype.com
                    IN CNAME
                    config.edge.skype.com.trafficmanager.net
                    config.edge.skype.com.trafficmanager.net
                    IN CNAME
                    l-0007.config.skype.com
                    l-0007.config.skype.com
                    IN CNAME
                    config-edge-skype.l-0007.l-msedge.net
                    config-edge-skype.l-0007.l-msedge.net
                    IN CNAME
                    l-0007.l-msedge.net
                    l-0007.l-msedge.net
                    IN A
                    13.107.42.16
                  • flag-us
                    DNS
                    ctldl.windowsupdate.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    ctldl.windowsupdate.com
                    IN A
                    Response
                    ctldl.windowsupdate.com
                    IN CNAME
                    wu-bg-shim.trafficmanager.net
                    wu-bg-shim.trafficmanager.net
                    IN CNAME
                    download.windowsupdate.com.edgesuite.net
                    download.windowsupdate.com.edgesuite.net
                    IN CNAME
                    a767.dspw65.akamai.net
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.179
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.209
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.189
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.180
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.190
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.175
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.187
                    a767.dspw65.akamai.net
                    IN A
                    96.17.178.173
                  • flag-us
                    DNS
                    www.gstatic.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.gstatic.com
                    IN A
                    Response
                    www.gstatic.com
                    IN A
                    172.217.169.3
                  • flag-us
                    DNS
                    238.16.217.172.in-addr.arpa
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    238.16.217.172.in-addr.arpa
                    IN PTR
                    Response
                    238.16.217.172.in-addr.arpa
                    IN PTR
                    mad08s04-in-f141e100net
                    238.16.217.172.in-addr.arpa
                    IN PTR
                    lhr48s28-in-f14�I
                  • flag-us
                    DNS
                    config.edge.skype.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    config.edge.skype.com
                    IN A
                    Response
                    config.edge.skype.com
                    IN CNAME
                    config.edge.skype.com.trafficmanager.net
                    config.edge.skype.com.trafficmanager.net
                    IN CNAME
                    l-0007.config.skype.com
                    l-0007.config.skype.com
                    IN CNAME
                    config-edge-skype.l-0007.l-msedge.net
                    config-edge-skype.l-0007.l-msedge.net
                    IN CNAME
                    l-0007.l-msedge.net
                    l-0007.l-msedge.net
                    IN A
                    13.107.42.16
                  • flag-us
                    DNS
                    www.youtube.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.youtube.com
                    IN A
                    Response
                    www.youtube.com
                    IN CNAME
                    youtube-ui.l.google.com
                    youtube-ui.l.google.com
                    IN A
                    172.217.16.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.178.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.200.14
                    youtube-ui.l.google.com
                    IN A
                    216.58.201.110
                    youtube-ui.l.google.com
                    IN A
                    216.58.204.78
                    youtube-ui.l.google.com
                    IN A
                    216.58.213.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.14
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.78
                    youtube-ui.l.google.com
                    IN A
                    172.217.169.46
                    youtube-ui.l.google.com
                    IN A
                    142.250.179.238
                    youtube-ui.l.google.com
                    IN A
                    142.250.180.14
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.206
                    youtube-ui.l.google.com
                    IN A
                    142.250.187.238
                  • flag-us
                    DNS
                    consent.youtube.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    consent.youtube.com
                    IN A
                    Response
                    consent.youtube.com
                    IN A
                    142.250.180.14
                  • flag-us
                    DNS
                    fonts.googleapis.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    fonts.googleapis.com
                    IN A
                    Response
                    fonts.googleapis.com
                    IN A
                    142.250.179.234
                  • flag-us
                    DNS
                    71.31.126.40.in-addr.arpa
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    71.31.126.40.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    nexusrules.officeapps.live.com
                    msedge.exe
                    Remote address:
                    8.8.8.8:53
                    Request
                    nexusrules.officeapps.live.com
                    IN A
                    Response
                    nexusrules.officeapps.live.com
                    IN CNAME
                    prod.nexusrules.live.com.akadns.net
                    prod.nexusrules.live.com.akadns.net
                    IN A
                    52.111.229.43
                  • flag-gb
                    GET
                    https://www.youtube.com/@FlyBoyVR
                    msedge.exe
                    Remote address:
                    172.217.16.238:443
                    Request
                    GET /@FlyBoyVR HTTP/2.0
                    host: www.youtube.com
                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                    sec-ch-ua-mobile: ?0
                    dnt: 1
                    upgrade-insecure-requests: 1
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                    sec-fetch-site: none
                    sec-fetch-mode: navigate
                    sec-fetch-user: ?1
                    sec-fetch-dest: document
                    accept-encoding: gzip, deflate, br
                    accept-language: en-US,en;q=0.9
                  • flag-gb
                    GET
                    https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2F%40FlyBoyVR%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    msedge.exe
                    Remote address:
                    142.250.180.14:443
                    Request
                    GET /m?continue=https%3A%2F%2Fwww.youtube.com%2F%40FlyBoyVR%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/2.0
                    host: consent.youtube.com
                    dnt: 1
                    upgrade-insecure-requests: 1
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                    accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                    sec-fetch-site: none
                    sec-fetch-mode: navigate
                    sec-fetch-user: ?1
                    sec-fetch-dest: document
                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                    sec-ch-ua-mobile: ?0
                    accept-encoding: gzip, deflate, br
                    accept-language: en-US,en;q=0.9
                    cookie: SOCS=CAAaBgiA-tSuBg
                    cookie: YSC=Z5fn2CRk-s4
                    cookie: __Secure-YEC=CgtQQnQzLXRvMEJKZyi_89auBjIKCgJHQhIEGgAgMg%3D%3D
                    cookie: VISITOR_PRIVACY_METADATA=CgJHQhIEGgAgMg%3D%3D
                  • flag-us
                    DNS
                    14.180.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    14.180.250.142.in-addr.arpa
                    IN PTR
                    Response
                    14.180.250.142.in-addr.arpa
                    IN PTR
                    lhr25s32-in-f141e100net
                  • flag-us
                    DNS
                    95.221.229.192.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    95.221.229.192.in-addr.arpa
                    IN PTR
                    Response
                  • flag-us
                    DNS
                    officeclient.microsoft.com
                    Remote address:
                    8.8.8.8:53
                    Request
                    officeclient.microsoft.com
                    IN A
                    Response
                    officeclient.microsoft.com
                    IN CNAME
                    config.officeapps.live.com
                    config.officeapps.live.com
                    IN CNAME
                    prod.configsvc1.live.com.akadns.net
                    prod.configsvc1.live.com.akadns.net
                    IN CNAME
                    europe.configsvc1.live.com.akadns.net
                    europe.configsvc1.live.com.akadns.net
                    IN CNAME
                    uks-azsc-config.officeapps.live.com
                    uks-azsc-config.officeapps.live.com
                    IN A
                    52.109.28.46
                  • flag-us
                    DNS
                    234.179.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    234.179.250.142.in-addr.arpa
                    IN PTR
                    Response
                    234.179.250.142.in-addr.arpa
                    IN PTR
                    lhr25s31-in-f101e100net
                  • flag-us
                    DNS
                    www.google.com
                    Remote address:
                    8.8.8.8:53
                    Request
                    www.google.com
                    IN A
                    Response
                    www.google.com
                    IN A
                    142.250.178.4
                  • flag-us
                    DNS
                    3.169.217.172.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    3.169.217.172.in-addr.arpa
                    IN PTR
                    Response
                    3.169.217.172.in-addr.arpa
                    IN PTR
                    lhr25s26-in-f31e100net
                  • flag-us
                    DNS
                    4.178.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    4.178.250.142.in-addr.arpa
                    IN PTR
                    Response
                    4.178.250.142.in-addr.arpa
                    IN PTR
                    lhr48s27-in-f41e100net
                  • flag-us
                    DNS
                    3.180.250.142.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    3.180.250.142.in-addr.arpa
                    IN PTR
                    Response
                    3.180.250.142.in-addr.arpa
                    IN PTR
                    lhr25s32-in-f31e100net
                  • flag-us
                    DNS
                    43.229.111.52.in-addr.arpa
                    Remote address:
                    8.8.8.8:53
                    Request
                    43.229.111.52.in-addr.arpa
                    IN PTR
                    Response
                  • flag-gb
                    GET
                    https://www.google.com/favicon.ico
                    msedge.exe
                    Remote address:
                    142.250.178.4:443
                    Request
                    GET /favicon.ico HTTP/2.0
                    host: www.google.com
                    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Microsoft Edge";v="90"
                    dnt: 1
                    sec-ch-ua-mobile: ?0
                    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66
                    sec-ch-ua-arch: "x86"
                    sec-ch-ua-full-version: "90.0.818.66"
                    sec-ch-ua-platform-version: "10.0"
                    sec-ch-ua-model:
                    sec-ch-ua-platform: "Windows"
                    accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                    sec-fetch-site: cross-site
                    sec-fetch-mode: no-cors
                    sec-fetch-dest: image
                    referer: https://consent.youtube.com/
                    accept-encoding: gzip, deflate, br
                    accept-language: en-US,en;q=0.9
                  • 172.217.16.238:443
                    https://www.youtube.com/@FlyBoyVR
                    tls, http2
                    msedge.exe
                    2.0kB
                     9.7kB
                     17
                    18

                    HTTP Request

                    GET https://www.youtube.com/@FlyBoyVR
                  • 142.250.180.14:443
                    https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2F%40FlyBoyVR%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                    tls, http2
                    msedge.exe
                    3.0kB
                     65.6kB
                     35
                    57

                    HTTP Request

                    GET https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2F%40FlyBoyVR%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1
                  • 142.250.178.4:443
                    https://www.google.com/favicon.ico
                    tls, http2
                    msedge.exe
                    1.9kB
                     7.5kB
                     14
                    14

                    HTTP Request

                    GET https://www.google.com/favicon.ico
                  • 8.8.8.8:53
                    www.youtube.com
                    dns
                    msedge.exe
                    398 B
                     1.3kB
                     6
                    6

                    DNS Request

                    www.youtube.com

                    DNS Response

                    172.217.16.238
                    142.250.178.14
                    142.250.200.46
                    142.250.200.14
                    216.58.201.110
                    216.58.204.78
                    216.58.213.14
                    172.217.169.14
                    172.217.169.78
                    172.217.169.46
                    142.250.179.238
                    142.250.180.14
                    142.250.187.206
                    142.250.187.238

                    DNS Request

                    config.edge.skype.com

                    DNS Response

                    13.107.42.16

                    DNS Request

                    ctldl.windowsupdate.com

                    DNS Response

                    96.17.178.179
                    96.17.178.209
                    96.17.178.189
                    96.17.178.180
                    96.17.178.190
                    96.17.178.175
                    96.17.178.187
                    96.17.178.173

                    DNS Request

                    www.gstatic.com

                    DNS Response

                    172.217.169.3

                    DNS Request

                    238.16.217.172.in-addr.arpa

                    DNS Request

                    config.edge.skype.com

                    DNS Response

                    13.107.42.16

                  • 8.8.8.8:53
                    www.youtube.com
                    dns
                    msedge.exe
                    339 B
                     780 B
                     5
                    5

                    DNS Request

                    www.youtube.com

                    DNS Response

                    172.217.16.238
                    142.250.178.14
                    142.250.200.46
                    142.250.200.14
                    216.58.201.110
                    216.58.204.78
                    216.58.213.14
                    172.217.169.14
                    172.217.169.78
                    172.217.169.46
                    142.250.179.238
                    142.250.180.14
                    142.250.187.206
                    142.250.187.238

                    DNS Request

                    consent.youtube.com

                    DNS Response

                    142.250.180.14

                    DNS Request

                    fonts.googleapis.com

                    DNS Response

                    142.250.179.234

                    DNS Request

                    71.31.126.40.in-addr.arpa

                    DNS Request

                    nexusrules.officeapps.live.com

                    DNS Response

                    52.111.229.43

                  • 8.8.8.8:53
                    14.180.250.142.in-addr.arpa
                    dns
                    73 B
                     112 B
                     1
                    1

                    DNS Request

                    14.180.250.142.in-addr.arpa

                  • 8.8.8.8:53
                    95.221.229.192.in-addr.arpa
                    dns
                    145 B
                     369 B
                     2
                    2

                    DNS Request

                    95.221.229.192.in-addr.arpa

                    DNS Request

                    officeclient.microsoft.com

                    DNS Response

                    52.109.28.46

                  • 8.8.8.8:53
                    234.179.250.142.in-addr.arpa
                    dns
                    134 B
                     189 B
                     2
                    2

                    DNS Request

                    234.179.250.142.in-addr.arpa

                    DNS Request

                    www.google.com

                    DNS Response

                    142.250.178.4

                  • 8.8.8.8:53
                    3.169.217.172.in-addr.arpa
                    dns
                    144 B
                     220 B
                     2
                    2

                    DNS Request

                    3.169.217.172.in-addr.arpa

                    DNS Request

                    4.178.250.142.in-addr.arpa

                  • 8.8.8.8:53
                    3.180.250.142.in-addr.arpa
                    dns
                    144 B
                     268 B
                     2
                    2

                    DNS Request

                    3.180.250.142.in-addr.arpa

                    DNS Request

                    43.229.111.52.in-addr.arpa

                  • 224.0.0.251:5353
                    580 B
                     9
                  • 142.250.180.14:443
                    consent.youtube.com
                    https
                    msedge.exe
                    4.3kB
                     7.9kB
                     10
                    12

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                    Filesize

                    152B

                    MD5

                    3ac94e49addbb0b2b78b1cc0c4fdc41a

                    SHA1

                    41dda9076097a81d24a814805f80979eb5736a72

                    SHA256

                    259e79a3a5696dd704f943a3146b6622715c38d269751ea5b90c4858aeecaec5

                    SHA512

                    9890dd31736bf96b3669a9ba135e029d02a0245e31795f71f15bdb79066e95f8d43233643a78e1a36780b6983d88a5a82f71a07eb91133d9319c014e935fc9fa

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                    Filesize

                    216B

                    MD5

                    2c17d857dcacffc52681fb6bd25df639

                    SHA1

                    d9731a6b2fdfc9ef64ec0c8a0bbc6a4135b0ca9a

                    SHA256

                    c3bfa0c4c430a35e7191fe2787bed1796d08da0421fda11c16e03a1a87da9191

                    SHA512

                    18595c306d83e26717d0b58becc10bef11dad7defb8fca803752cf2c8d78a4ee2e9dbb02c99083a450f466651e39d2e4aaac404dff64a9e0911ece29fd8763db

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                    Filesize

                    1KB

                    MD5

                    787a784af80efbd6e669f1c15b8a9df9

                    SHA1

                    2f6431de8f797281edf71e1692221b777268c7bf

                    SHA256

                    499eaacff1d7558c56901fefe97e1a064da6dd963906628300e4c74118ff8e62

                    SHA512

                    49cadcb9166a16c1705c76706ea72a1c1f73bcab9bd0174dd4b3b30dd7a1a22396d481f3b837cbdaabf936641f72dd0d0943930adeaea29be593a162531cd1e3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    5KB

                    MD5

                    044a93f3efe926bd79b4645bea6441bf

                    SHA1

                    68ba442e3dc42662c7ed5e0c0232df59b5515bef

                    SHA256

                    dddaa2c4f274d4f4205ecc10d21778318e7404ca774ca11579409f661da94f71

                    SHA512

                    c23d937b4f3cd265a6cbf87f05a6e18f629993a7bc9ffaef9957443b7fbf741befc3930d2d872672ba8b599a65b0c5e8a21ece47a120b95523c7562fc3d6ac7d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                    Filesize

                    6KB

                    MD5

                    3f981f0218e73e05bf79a17db6fe1ad3

                    SHA1

                    9fe9325d20eac914b24b1df8a6813487f3c21037

                    SHA256

                    0270ad7c16102e51d35c6850b8f7ec3281ade087d952f320cf9405bf301327db

                    SHA512

                    6a80ec13ffe1ea42bd82338510568c7399c3e58de893e2dc59a926c7fc69550022969abaf110d568a96264e3018f45d5124c48ea39bf60364358ab4edadb7477

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                    Filesize

                    25KB

                    MD5

                    f47e1b708a6995ba8f891bc84722fd42

                    SHA1

                    a1438c8d4a02006d6c161139ee482ebe66b6f51c

                    SHA256

                    662362a16cd5adecfe299a88b2a65ce422ea39b33bfe36c5248d3acc4baabb2c

                    SHA512

                    4757d77b86dd1b1f50d623f4a7023c6a28404922dc5f978e4ec06c653f636f3bcfca5deed8796b2e47c8c6e464071d149e57ee6d52a5cc57183c6cb85762c74b

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                    Filesize

                    16B

                    MD5

                    6752a1d65b201c13b62ea44016eb221f

                    SHA1

                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                    SHA256

                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                    SHA512

                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                    Filesize

                    10KB

                    MD5

                    05d170a9ecbe12cfc55550a33dcec14c

                    SHA1

                    ffb3fdcf73dc4cf22d24b12f4e4dc4e2591c9ce9

                    SHA256

                    1ae0232be1c5fda2db3048fc99bd7689a7c5c57bcd44d79288e54685e3e86770

                    SHA512

                    ccd909ddebb12c0841983bd1d41af88f9c5343ebc86c0770994098451634377102e2e30d09564add30d7ffc63078057d51a9e42564e8118f4e861c799185ee5f

                    Download Submit

                  • memory/2104-162-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-167-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-159-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2104-160-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-157-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2104-156-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2104-161-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2104-164-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-165-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-163-0x00007FF9C7BD0000-0x00007FF9C7BE0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2104-166-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-158-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-168-0x00007FF9C56C0000-0x00007FF9C56D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2104-169-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-170-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-172-0x00007FF9C56C0000-0x00007FF9C56D0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2104-173-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-174-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-175-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-177-0x00007FFA06B00000-0x00007FFA06BBD000-memory.dmp

                    Filesize

                    756KB

                    Download

                  • memory/2104-176-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  • memory/2104-171-0x00007FFA07B40000-0x00007FFA07D49000-memory.dmp

                    Filesize

                    2.0MB

                    Download

                  We care about your privacy.

                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.