Malware Analysis Report

2024-11-16 10:45

Sample ID 240603-klvqgaaf49
Target https://www.youtube.com/watch?v=zutsGuUBFpo
Tags
discovery evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.youtube.com/watch?v=zutsGuUBFpo was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion

Checks memory information

Checks CPU information

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:41

Reported

2024-06-03 09:14

Platform

win11-20240419-en

Max time kernel

1798s

Max time network

1802s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=zutsGuUBFpo

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4028 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 4984 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 3672 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4028 wrote to memory of 1172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=zutsGuUBFpo

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8f5c3cb8,0x7ffa8f5c3cc8,0x7ffa8f5c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16713872713500589838,10426973034904523314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6532 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com tcp
GB 216.58.212.238:443 www.youtube.com udp
US 8.8.8.8:53 rr3---sn-5hne6nsk.googlevideo.com udp
GB 216.58.212.246:443 i.ytimg.com tcp
NL 172.217.132.40:443 rr3---sn-5hne6nsk.googlevideo.com tcp
NL 172.217.132.40:443 rr3---sn-5hne6nsk.googlevideo.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
GB 216.58.212.246:443 i.ytimg.com udp
NL 172.217.132.231:443 rr2---sn-5hne6n6e.googlevideo.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 216.58.212.234:443 jnn-pa.googleapis.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.234:443 jnn-pa.googleapis.com udp
GB 142.250.180.1:443 yt3.ggpht.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.46:443 www.youtube.com tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.46:443 www.youtube.com tcp
GB 172.217.169.46:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 142.250.187.214:443 i.ytimg.com udp
NL 74.125.100.234:443 rr5---sn-5hne6nzd.googlevideo.com udp
NL 74.125.100.234:443 rr5---sn-5hne6nzd.googlevideo.com tcp
GB 142.250.180.1:443 yt3.ggpht.com udp
GB 172.217.16.225:443 lh6.googleusercontent.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.178.14:443 encrypted-tbn0.gstatic.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 216.58.212.238:443 www.youtube.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
NL 74.125.100.234:443 rr5---sn-5hne6nzd.googlevideo.com udp
GB 216.58.212.226:443 googleads.g.doubleclick.net udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d0f84c55517d34a91f12cccf1d3af583
SHA1 52bd01e6ab1037d31106f8bf6e2552617c201cea
SHA256 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA512 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

\??\pipe\LOCAL\crashpad_4028_CIKSBBAGXYBBTLGM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ade01a8cdbbf61f66497f88012a684d1
SHA1 9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256 f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512 fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aa514053abf72080a25da83f62164383
SHA1 c3037ae5ad06d40b832cc834228b14a49bc53e31
SHA256 377ae73e176899bb8bda7b0dfea6ec23350c9a66721a40ac284853bb07cc8967
SHA512 a041516a2a29ce843fa7339530a8ff3c363a08debf599e345bd298c863707aafd53c410138b266e2d9dee2b4f7259f83f656bfe2ffce23e4655027074e6e75cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 be7f5bae26b219780eed00fcbe274d9a
SHA1 4b38d0d34a6ecbc1e44783aff75a8f99e6da099a
SHA256 01baa817be4403c02d9db2be1343078a167e436249eda3ee600e6c5dde871686
SHA512 8e1852ea1dccfdfc035196f61e4e21e4e432c7bbb0b1960578364686b8ce2cee69b068edeacd32e453655efc11d32dff4ec2c7402b200953d95cd0d781ba6ee1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575ef8.TMP

MD5 c5279a590b2ec5ca93c3c3e6a3e27af4
SHA1 b2b67bb978e5c46102dc521e9825a7643a3d1017
SHA256 a9aae4e813d218484768d117f269e959c8f559e5213b1ca7aabcb67c84dd8686
SHA512 df4e58697f3167bf2783dce9e87e53b8aa5340d9efcf38bfa509d8a9ac366873e136312288c038db1720e23e711198afa40e0756bf08c8514622bb06f07597d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5b39b30b49c30e4febd1fd22735be46d
SHA1 6ae37ddc9e9f6e50b7c8f186dafad55f698cee90
SHA256 e45953d22f567a1769d977342ef98c2cefa7ed421ebece969801d9e7ee1d1b1b
SHA512 1185f20ed3b091c2a8c99bdb150ecd38a52ca2aadf149f0b2e841f1a81933761d0a96a1a15990f4dd9530b1a4ec16f6ec2de6e9a9e7aae7bfed5bf031bfa0378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5f4ffdd726a1d8568115cb24e54c9d2a
SHA1 87adea3e6fb736b1c7bf46c6c37f0fed8dfe81de
SHA256 4b0f2b26822cb09d2feed7b7251ec3ecd22977e69941356a96901604113f8cf4
SHA512 f6702a616dca13e00a7e6127c683c3d27bcd640282face161d44b486c8629a8b1eb984d0ea5ef90a696f5e5e80718856cbb7f49ebc70f7d640aa7cfd32d39d6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac9f5e717434bf68d0f85b3ddd4fe868
SHA1 8c18c32e2858ae47e4aaec04f1e85c6386b8626b
SHA256 206fb6724db10c4bfa26be4d62f979346910203046a550eef0754511c0d092be
SHA512 ab838aef5911998b898a1d43a1ebecac1edf12fd8796bbd187074ea2babf321aa990b8cdd40124fed0f641eae6f44c2cce10d47241a4286bad68d5619ebcd6ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 54c7e443fb62bc4da38020c5906158d8
SHA1 3dda2873a4f47d7ac0d265c08de8994fd0e95dad
SHA256 09dbeca1575d3ebd1e70a3c3460afb812e0fd291e811e701291e13ba3cc207cb
SHA512 15bda14ff68981b1a851fd091e62baa49b17eecdd39f4516cecb13d4f020853147c07b84d2e60753008f7491c546538264f55ac310fcd38274a32d8c88a87a6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ae03.TMP

MD5 486016394548b0762bf8f00a3a6b4cb1
SHA1 0eb399d5f6b9141def44bcbca4ebe79f9719915a
SHA256 631c99dc7a26afcfd10b13d44f5886ad377ab6f752a949186b9d4d2ebca44953
SHA512 f0b033a1940451813436b67092829b59198b2f20b93fccde3b7533462157614ff3427dd24d76858f22e349610b403881bef2ac37416057b8c65230527225b863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 7091f603af850166074b77033b7ee4d9
SHA1 99e65403297070c3e3ed093dc5e637d00f760d3d
SHA256 22716e3cde11e0569d0ab4162b095496b071ccafda9b478892655ae1c1050de8
SHA512 ffdaf2fb4c274419ffe040593b1dc22eda71b00fbe3b55ac790f68352da8a5eb488e90abf5a86886e59d8023b242e285560b3a6c0d837a34d99de7d889554b88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 77158b18c8bb64b4d6b6d03a3ff52ddd
SHA1 0fec5a4464698a146a3146c0303f2ecc6204e133
SHA256 6d85736bdecd1d82412da578892bd38d8cf0cdd107144d6a648ef1d7f690e712
SHA512 7c1875cabd755f88565759622f5c52a2c84c11432f438648862269a56d2d9779475f5be8be6664138cf6e40521a77ca279d5f59208400078ddb25c13c11ac10f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5ee7ac4-8805-4f74-adca-f03d8f179b11\index-dir\the-real-index

MD5 95a942aefcaefe420b43006e18aeac56
SHA1 c16309d1f58776c7c8bdf3fa8346a0e17e6fe204
SHA256 af26c7981fd8ec1f0c99b08f26f0988dda489702a05f906d572a7f06ed2f9796
SHA512 dbe9c2ca55a4a9a80d91f700a43bccb9f1aea0fe9e1437eb3432149b0908ca6d20cb497ccc8e7bdcdb4527cfcf18e66beb9b2ff1f129b07725f68bf4ca346943

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5ee7ac4-8805-4f74-adca-f03d8f179b11\index-dir\the-real-index~RFe57bc6a.TMP

MD5 58bd283d13e58555e33b9f0a5df7c715
SHA1 a37ac668af7c42e4dd10eec0834c44659be82763
SHA256 5e927ea8e1d6ffe5b140fd031befd51734d4367c4cbb0284a04d19d7a2f5e146
SHA512 ec0eb4affeb39ecd8025e426d114564118d0d31668dff531a95eaebe06c8bb505c0b7c550aef8a99542ff1c4fee2b057c151bebc780b16a16aaac4f5b5e77d35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c01ebf0c-ce66-412a-bc86-eda4a704d99f\index-dir\the-real-index~RFe57c043.TMP

MD5 c60f54ec0182846ebe2a5e05ca6aad2c
SHA1 f69d70dc6841cba5ed363e2039ca672905ff34cd
SHA256 9fca860a5084df4f06a4a8d3bf9a3779ffd52f1b8f5bfa504d4c933856f23b79
SHA512 3c132dca38c6c5bcbfefe0682d47889dddd079bad6a5265c6abd0e5ce6d2a2b7f796ee8e026ed2a3581e204db3b857317e00b9e483d09579a4fada92b47a4726

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c01ebf0c-ce66-412a-bc86-eda4a704d99f\index-dir\the-real-index

MD5 271faf1445c616e44e8eda1f9ead5312
SHA1 ecddf11fd4a12c53420836a462bddb86986b4419
SHA256 a1c9961a3931544f6803a8fcd7df1f47a862f99fdd53429340e30c392d6b8a01
SHA512 257363bb12ae29e9c6edba589133b521bd0290f7d81d54481952047cbc1d44c82b113bca9aa023b4634b7695f1876ad68aff566b829b6bf780476b404971c743

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6bf6af5788cadae560d5c175a90b129d
SHA1 b599a62e1c67217318ebe30a3ff1a015263179ed
SHA256 a903242727da792c9a961f0068365a57faf98892fd53b787a8e559879bf20af3
SHA512 c59d1bca4f3a9ca2c93e000b70fe4063f4af5f1cf14089bddee45622bc426a4b5bed68b33a2dc59f41776f8b5a05629badb8771ac6adfccae47c4c9e2f67f782

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3730203de658673d602b5f52fd22993a
SHA1 0c5032ac87b1efb229c91ab09124b6b6b3a1cfe6
SHA256 34e4498cf265a8cfe97659b4a5aeaeb543a28ecad8dd0858aea725fa66ed29b0
SHA512 bde74733b4f8676925dddd96b7b0f9488657c88264dd78288a023f803d09fb7f4d71acd695ab6e6a991004d34a714dadeeef2c6b5a8b422a6f45b141b8c1d1fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 88942875c58e3dbe6ade726f35283daf
SHA1 101700de9adb2aedbb6b7ae2a6589fd30edb478c
SHA256 1482fbc5e86b6e3ab18c619ff38d71497e5672135475b733361b9682d2475ab3
SHA512 2d57e609f4cb8387ad99bd01bf1ed0cae138e043bd2ccdcb865846aaaaa945c904aa1135a1145b5b7360837a4480c297285e368611940e5bb9d05d44f18c5895

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7523b9266dcefe215d2cc0354a674cff
SHA1 146c759c335916a147fe4cb8342af2afacd7c1f3
SHA256 b797fca961657d9321a2d1ed3387fec0855ae632cbc4b3844158f68622b8e5e8
SHA512 6e0d9263325b491be0ed1a0cbcb2fb40d39dd5c370073a5379aa1b037104c4eb0755b28f63ed5256adfe2151e0e6128f20696ca45c2b81710d31e7868fc8d4d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6a3035b0f15f70556678b2a8a065f2dc
SHA1 9e12763d26cff25b9f0b5267d04a4cd0221bb3b6
SHA256 1f85d243723456b77bd0db40cf974a0d42e12e438b0b7fb370834de42dc54578
SHA512 1d54a49e576f70e81e349ccf682747c64f571a5d4161d628c591a268fbf4f8721cd666f07db3415209f4f14fb609b55d25e0114c2030b1003de174fd1132451a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 972eb24c66dc8ba22cc07c953d02aa1e
SHA1 e5ba997c5e28c5246283a9771d07a9aee0c7d774
SHA256 e943c91617e0e6c504fbc3a4cc0f5e63d43f239e2a3ff6018835e21a1aad6246
SHA512 783f15e928fcad5cdcbb94fce5a1f4a373b21d4b3b5003f492b0b7cc0e123797fc64f24ddce6ecd5b1d34ad2ebafcc971605b677dfeb22a9734329a6d4c18109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 17bbec8d6afb5a9c3dc3323ac9bba637
SHA1 f198d04789c5872b7a4a7bbcc453c5d5942c759d
SHA256 c69061c8bab46f21717dd2fa7165e64342394f65f37012f0fe2c9bd24fdb6f5b
SHA512 6ada4f393d721e99fa893103999321996ba1afcd9a2c0c05895f3a182094eaf098767ba76ccfca78a9912a01fb1f4ac1d6cae8053047a73b6a7ba5b0543812bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 49f325b3b2dcaa31077ae7b7e7a2d8b0
SHA1 cb9f862327575dfabad410250111f29746119757
SHA256 fa7265cdc370b406f6f0455cdc4190e0cd7321556453f269dd75effe2d29d3f4
SHA512 9db5f84fcac5bf2e747d6c4cdc89096862f6c321e13979eecfa8c840176acfc3aec8384d21617c3b9ffcb151b902e2a89fa35624a073a165f578567e9e949435

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e890b6dbca73320f6068f17416c412ce
SHA1 e88d533bb07dcf8b4893afc3990ce72741633519
SHA256 9a4fcd9d5478eb1f2b3f3aa3b6bbcdddb863e9a4fc03785f9368e1c84855e603
SHA512 560e5ac0c41d34cabd5587aad00bb7db0c125a9f9097b068e7e8b360d63f0e20974e9ce5e9bb9ee2a0ffbdb9a6add8a806507f3e30d2938ee9a404f4ecbc7f4d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f1ecc4f68ed5e16b93955e00bd1723c6
SHA1 986af51417a4f96c1af6da54dc5c4b88d054d3d6
SHA256 8ff6eccd7538dede1401a36b7654715e18cd85e48cc28645b564cb4c631296f6
SHA512 56b30ae7f3c091fcd5cbaef43ea6014153a7a873768cdf94a0e69df34375db278c2bcc052939066fe0c97fc70e05dfd875262776eedd25c4e4ca22ec504c79cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5ee7ac4-8805-4f74-adca-f03d8f179b11\index-dir\the-real-index

MD5 6f944a0cc865e608eab9e6fee6630943
SHA1 891b67d41b2e4b6fafcd3749efa9ba829f669cdd
SHA256 6c9bcb7241a5225e6be5cd38d01ce85cb8fc61f78e1e9bd56ab7ffc3ef1ca69c
SHA512 d8031187a1ed20b7078242422eba8522b160b116b96b7295edb3bfb499dfac496941c428e2c80fa81feaa497cf838fcbddd67ec1dc9f6795d4e665dc8afb8007

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 1d3f43cb445e9d38e596ef04dd2d538f
SHA1 dfd0d552cdadd6391fc8d82ca183af8ed82abea6
SHA256 e21506a090ef26d1f17dd42a6e0bb6ba2bc96c9527470ababf463b39d14bdefc
SHA512 86d959e30407e5acd19f8d7de1f89775136419a904124e752cb40222be34a1b1837fc82265ecc5050ebcaf3e0915b282eb6d7993e784b540b4c666ed50a500fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a269705351d4cad85bfd0514c3568f64
SHA1 3018d08fc370e1ca290bfcf6fa944f9f6eae59b1
SHA256 b87c0d67b965e128bdec8b592c422d7d69f71230f9798700899edb9558980442
SHA512 c29fb753b1d667a5619d37da1769ab1b7c7ef4dbab72d3b4a1cea278278f1ba86bae989f6e00619131c50d9ea9772dcfbc9d61b751e9fc9f16fcc19e9124200a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 022e3ee466d5ab9a1f5cac0fe016ac0d
SHA1 aa58a68053065c048b9915c7a734231992b7ac56
SHA256 6b8b47a5b02d12606f98f3da7b026f807daa6a40dd7cf92d4b05e744fd660d24
SHA512 f001c6adadbd256ce6a55a2c9747275ea90f7c111867ce284f351b6622a91a278143fc9fc452b556f37afe2c73913f351129f08edd50308dc6708645da90ab87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f62f924847dde6d1aaa9c667cf281c43
SHA1 5d19dd815a3ccd68e5f966472d2ccc84a60c5208
SHA256 8ad2316cee9358539300b2cb57638f2c9d181d798cb0c4cebf2f3d82370a6a5e
SHA512 b38015ee20704706b160af80b7c808872642787cb92b4051c4ad8e80665195cbd855586a8129e68bf2c5626bbf40b50b5f4fe551d66f1cd77945ff0971395d76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 88cc9d49bce6dfd03bbc5b01e44b8076
SHA1 56ed4f8082961596f87f66fdaac077c678eb4850
SHA256 902ce8f70045fe42ac23c24b4413576ec3230a28ee94aaa6120a9870dbb719e9
SHA512 8d53be760c75e6981dbc52ff733b01bf081a16cc11d8b8221bd3e35ac6ec9f2819cb032e4d54e2900021772ca384e11a4c23d6efa7e1a4e148d63f2cb8ec1586

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8b25ea15a2f6d5d04adaee74f70d517c
SHA1 393d2806b1facd92de8da61cdbb99cdf93640bea
SHA256 dd2e5e3c44553506afa2e04fdf52bcfa60bac8dbffdec464145d45ef458e8281
SHA512 db25c8025476c5b35340e582d7f581332388b5b8db9a367b1697fbe11df17e35c214bc092a65355aa4dcb4bbe93405597ae835c269d3b55549d88fb700d66582

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bde669d22accd7506a545c35534bf41c
SHA1 8a8b580fc57d9989d1c9b8b42beba99ae0ecd906
SHA256 af6ace57401d672861cc71a1ef5aa2c99f381f0db2710ee8d4ec2f9ccd79c205
SHA512 0ded109bd55bc98a1e5784345480b5f95e9a08eec2f90b51bbfc096887d71a610ffe5af30156893d3ca98d93669c55f78e2133cccc5678b122e134bdae37931a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7de99a807218b581960e7984167fcd85
SHA1 9c96090c980b2370d63f6e995d28a7d2413c4592
SHA256 8dacc8e416729a0dd1b722206643249659484bcf710239ab1e36e57da827b482
SHA512 f1f9908697e86198d46fe1d184ac95df87aad74d4b5f183cb993ba4807316d66b267b27fb23925e8c452a180df1157de055d5431e635b91bc3a9bab56db2a89e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:41

Reported

2024-06-03 09:16

Platform

android-33-x64-arm64-20240514-en

Max time kernel

1816s

Max time network

1819s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 udp
N/A 224.0.0.251:5353 udp
US 172.64.41.3:443 tcp
GB 172.217.169.42:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.187.238:443 www.youtube.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 173.194.76.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 m.youtube.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.200.46:443 www.youtube.com udp
BE 64.233.166.84:443 udp
NL 209.85.226.9:443 rr4---sn-5hnekn76.googlevideo.com tcp
NL 209.85.226.9:443 rr4---sn-5hnekn76.googlevideo.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
NL 209.85.226.9:443 udp
GB 142.250.180.10:443 gmscompliance-pa.googleapis.com tcp
GB 142.250.180.10:443 gmscompliance-pa.googleapis.com tcp
GB 172.217.169.65:443 yt3.ggpht.com tcp
GB 216.58.212.202:443 remoteprovisioning.googleapis.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 udp
GB 142.250.180.10:443 gmscompliance-pa.googleapis.com udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.200.4:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.179.228:443 udp
GB 142.250.179.228:443 tcp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.35:443 update.googleapis.com tcp
GB 172.217.169.35:443 udp
GB 142.250.200.4:443 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.200.4:443 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.180.2:443 udp
NL 209.85.226.9:443 udp
GB 142.250.200.4:443 udp
GB 216.58.213.14:443 www.youtube.com udp
NL 209.85.226.9:443 udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.200.4:443 udp
GB 172.217.169.40:443 tcp
GB 142.250.200.38:80 tcp
GB 172.217.169.2:443 tcp
GB 172.217.169.2:443 tcp
GB 172.217.169.78:443 www.youtube.com tcp
US 216.239.34.36:443 tcp
GB 142.250.200.10:443 gmscompliance-pa.googleapis.com tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.180.4:443 udp
GB 216.58.213.14:443 www.youtube.com udp
NL 209.85.226.9:443 udp
GB 142.250.180.4:443 udp
NL 209.85.226.9:443 udp
GB 142.250.180.4:443 udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.180.4:443 udp
US 1.1.1.1:53 www.google.com udp
GB 216.58.212.228:443 www.google.com udp
GB 142.250.180.4:443 udp
NL 209.85.226.9:443 udp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 tcp
GB 216.58.204.67:443 tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.200.14:443 www.youtube.com udp
GB 142.250.200.36:443 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 172.217.169.68:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.206:443 android.apis.google.com udp
NL 209.85.226.9:443 udp
GB 172.217.169.68:443 udp
NL 209.85.226.9:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.228:443 udp
GB 142.250.187.206:443 android.apis.google.com udp
GB 142.250.187.228:443 udp
GB 142.250.187.206:443 android.apis.google.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 216.58.201.100:443 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.178.14:443 www.youtube.com udp
GB 142.250.200.54:443 i.ytimg.com tcp
GB 142.250.200.35:443 udp
GB 142.250.180.3:443 udp
GB 216.58.201.100:443 udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 1.1.1.1:53 udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 216.58.212.228:443 www.google.com udp
GB 216.58.212.228:443 www.google.com udp
GB 216.58.212.228:443 www.google.com udp
GB 216.58.212.228:443 www.google.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 142.250.179.228:443 udp
BE 108.177.15.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com udp

Files

files/dom-0.html

MD5 593e07fe69c368f85f425dabf0346f5e
SHA1 326225599b3ab3dd02af3f48e2aa42c9496ecd76
SHA256 716a40e213686d9583348ad2ac65b0e3d037efd1d88dfa692083d6babf2f408b
SHA512 dafc6ef3f8c3c5f6895e5b914693e5984fc4a29c17e9042deeb93359fc503b8a667125c05ef586d4d6e11984ff2768f8b1967e1a25c7f4ba28465a5ca6d585a8