hxxps://www[.]youtube[.]com/redirect?event=channel_description&redir_token=QUFFLUhqbmhac2hya0ozZmRuZTk0Wmw1TllsY2Y3VUQ4QXxBQ3Jtc0tudnlYYk1sWnpHcWhZLUVRdHpNVzFYWEN0S1pQOXRoWG5iY3l3TzZYUmc1WXptTEtDdVp0MmNVR0V6Q2tNT21ackdTejRXVTRrOTBEOTNCUVhOX3hNeDBjM2VfempxQ0hadXhKaHZ5elZNUW9GeGFXZw&q=https%3A%2F%2Ftimeformeeting[.]com%2FhN8WS8zp%3Faid%3DxxTTScVZY%26kid%3DVYZVxPZZx

Analysis

max time kernel
196s
max time network
255s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbmhac2hya0ozZmRuZTk0Wmw1TllsY2Y3VUQ4QXxBQ3Jtc0tudnlYYk1sWnpHcWhZLUVRdHpNVzFYWEN0S1pQOXRoWG5iY3l3TzZYUmc1WXptTEtDdVp0MmNVR0V6Q2tNT21ackdTejRXVTRrOTBEOTNCUVhOX3hNeDBjM2VfempxQ0hadXhKaHZ5elZNUW9GeGFXZw&q=https%3A%2F%2Ftimeformeeting.com%2FhN8WS8zp%3Faid%3DxxTTScVZY%26kid%3DVYZVxPZZx

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{EFBC6322-ED6F-4EC1-A713-479AA9BDDD16}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4104	msedge.exe
4104	msedge.exe
3200	msedge.exe
3200	msedge.exe
2724	identity_helper.exe
2724	identity_helper.exe
4296	msedge.exe
4296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3200 wrote to memory of 2416	3200	msedge.exe	44
PID 3200 wrote to memory of 2416	3200	msedge.exe	44
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 3544	3200	msedge.exe	84
PID 3200 wrote to memory of 4104	3200	msedge.exe	82
PID 3200 wrote to memory of 4104	3200	msedge.exe	82
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83
PID 3200 wrote to memory of 4716	3200	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbmhac2hya0ozZmRuZTk0Wmw1TllsY2Y3VUQ4QXxBQ3Jtc0tudnlYYk1sWnpHcWhZLUVRdHpNVzFYWEN0S1pQOXRoWG5iY3l3TzZYUmc1WXptTEtDdVp0MmNVR0V6Q2tNT21ackdTejRXVTRrOTBEOTNCUVhOX3hNeDBjM2VfempxQ0hadXhKaHZ5elZNUW9GeGFXZw&q=https%3A%2F%2Ftimeformeeting.com%2FhN8WS8zp%3Faid%3DxxTTScVZY%26kid%3DVYZVxPZZx
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1d1146f8,0x7ffa1d114708,0x7ffa1d114718
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2444
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe" ms-settings:dateandtime
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1120 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,13049500518495695871,15056907686978604553,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:3120

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 1
1⤵
PID:1936

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 1
1⤵
PID:1524

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s tzautoupdate
1⤵
PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\38dba434-33aa-49c0-abd7-1c9beeeebae0.tmp

Filesize
6KB

MD5
a8347bdb47d7abdce282118e789887ff

SHA1
60995f8e6263ecce36f07158019b090e29b58789

SHA256
836c2a77f5506128290538a411bf8e8320d9dabf4cc8cdcdc5f366196e9a5187

SHA512
a4896a30b1883d86ccc2da748f3eb2386a1e3bd1b7f72c7020a02d511917357f5b028b26433fcdb78a56e484e8a4aeacec8cfadc59b49c09c02984ef8857fccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
f5a853647e4a82689bb581e936804920

SHA1
48255b5de1f30e898833d8cf4f931cc3de048ead

SHA256
06dd989d27e44447577f112b8db6ecc93df92610c3fc6b8f0ce6e0ba2aae5ec5

SHA512
d1658fb6c8aa2a7da9ad33cb6480f5ccf9f4d61eb52816694445c81cdf2e7cd3758bb592c215cac6f46c5fb1111b1c6907a798f289887b47eec13e2993a94737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
a90d7c369b2a589d9034e9a201efe567

SHA1
7afe40e9e4002a2254885901d66451e2ab0994c0

SHA256
7cc054981e642ae7bcbdbc78152eccb11b31a6d922ea1dfe61e749f8985e498d

SHA512
befddc83828674c9993b8912ea83486dcb04389e0d7b45a4e6c19b6bb5e6e0ed2b16d9247c2e633870658697131c094864d3cdd9a2a4c0fb17bb503ad2915b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
85KB

MD5
45a177b92bc3dac4f6955a68b5b21745

SHA1
eac969dc4f81a857fdd380b3e9c0963d8d5b87d1

SHA256
2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb

SHA512
f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
1018KB

MD5
eeba738ae56e4e37cdf710accc9cc732

SHA1
adfbffe2d7926a42352f2600d3e3cf73a22804a8

SHA256
720d2462ad049c3df29421c081d7be46400d81a190a68b9b76ab85495765730a

SHA512
cc91d15ec48694b86a1d05ddf882c9f5cc2107269192e9b06668b2ec0c8a6d259591e0d62b133d42b0c38935c70ead6ef4ab3dca5b5391aca98447786ba2126a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
0ac22f495ad1759e6cc192d7bc5713b9

SHA1
b073eb1aed819a2f2646051464928f6672b9bffd

SHA256
adc364e55de8401f4d195d1306db3f6ed5f702d2b2362950402dfe05fce99978

SHA512
8bc7fd1b318dd79bc6d7c0d4c8bfb73cf6badbc1035710bafec7b1e8504f0c435bd21b49df10df0881e68a04d463421f7f451ce9b378e288054a7fe8f91f3f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0dabb5fa4bec06a95b56442341ca7590

SHA1
e07a4191cca800a8e231540786eb2ebb04f2d9f4

SHA256
b7edc48391f89c2bde3845faf142dfe904c6d15da62b817d7d2d490e64147caa

SHA512
3ffc9297544ee09f5f9aa71a2051cacbb7555ef2ae7cee93d1af6070052ec4fbd24ffab4e33380e99d94a16fa854547bfeb02b6a3789b37e3a239f7507189eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6e9eea2cf9dde8b03a2a114a07be1677

SHA1
a72a686165772d408e1706d00531a7c5f916978d

SHA256
dd6ab31668662ae849b5662663ebe145dac36b91364db1cf715915b36beaaf2f

SHA512
6be96bc4d7595227bcc1aaf71a6897ee3f8f93a2c1dfa0208b20141be40c0c0da7d080e76effb5b0e968e04117fcfe3073578784c4797cef616fbd05fc17dad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
35177175a20bbe14443463b37ea0447d

SHA1
d34340812a110e85fdd73fff6f13ac7563188c16

SHA256
93dba2d54623ac1b334219c74496383d5f1b462fdc2193acf7af20e77ec5f081

SHA512
02842ea662c0e6d5a8a7e2383fa00a58c3f7a07c114148026f8954958fa1c708a85f4a2f1d542e20cf9f3a8356e7871821f066698fefe15681efe77735af68dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6cd9c993642b602d8da41bdc1a7f22c

SHA1
f4c289a76e996bbe05b3846c88b5ead31b45908c

SHA256
bf299b54a059999428ca50a931b223022cfa33dc8e7a8032d31f129084d7bd0d

SHA512
709fac48b17b3c5fddce0ea097391d70cce7fa819f9aedb80e5123eed428c227e0b6a774f8da92314b62beffb8775ac626d934d53b6e6abb3067226055d6a329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bfd67087a770f4e948ae8a8dc9295c66

SHA1
adab4ebca9995d73c5e7575aed32fc1587843756

SHA256
208966d9792bf401804e535fe8219433bbf5091c9269d69616f01659b65dcb6e

SHA512
59f528ed8d5ae7b28857ebb46abd4cb6b152f04364830f73e60d1a6a67e14a9e400ce6d5886b4ddc9b65eb57ced644755eeb11ff00229843a36b1fec649a02f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4f0f158194de6dfc7811e1945fdc004c

SHA1
2b39331adeed16641435404280ac4e3e0c395d6e

SHA256
06e2ef8c646a390a666eca48b0a98711ce6059a609b0497227bb9cc4ad8b38c7

SHA512
761d1d775f96afc83c86c05bef08695d28620c4029db9ccd071711062253ba987ddea0aeb7bab4d56e01d1e62c28bb5deeed6b5f6c3a7b2dd4d9df81412b23dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8df7dd3dfc9d6ad7df310418775da873

SHA1
903486a99ee624c51713c889b34134f89e9d6e82

SHA256
870d413b2d476389db0793e40823a9536be3cd8003ee27508e58b35ece98dfad

SHA512
6701d454b9440efc4b3837befb43544cccdcc28f640044bc68602e170a9332ac66eb227eb4f79c5498d1ada082ca45338818b88d2034c1db61cfe90b74315bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e2160bf50175d19a4ea00cf512d4b99

SHA1
4ace3abab4b58a64548cb160c52c38b19ef5ccee

SHA256
3414eebba7af4bc62fed94eb56116ee1477b0653d4279f5fd583c50f051b754b

SHA512
4377d08c954e3f1d5447481cadc416de61fa4244eea95e759ac8b5496b26479bc4de4fc1dd5e67af8cc9ad77946b48539e758edc80723df0a5e67652b6992937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4269db50aa7381c67abdd214d81bd760

SHA1
fd1d8f4135ebf2dbcb4710fa2890d24d5e09d416

SHA256
0ea2d221c6a3d56b91fe326b401e541aeecdda77cd825a29b791b41906c829ba

SHA512
35174451c6b0ffcbe84e5774c36d4d21883c3dbcc9ebf719838dc74e599e1c4aabba402a20582b4c0a262c09bdeed3651d642d2c532734c82dc71ba158f00123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
852c12be6bb8802ca43ed432c5ece50d

SHA1
d1c3911a7d8b0fd70b522c6fe0a21a490969ad69

SHA256
d3de4e76f60c2ce1915a318fd70773d9bbc6f6eefd0b3a4b6a6f850f2b08e850

SHA512
5dee74587dff0cd27067a308bcc37c756ccc3e3c8268652268418172f39114d485446c97b3667a9b11e12423df60a6a6e77c7a85259c2795961932400e8ccc88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
509600d52510d1a751a01b748fccf529

SHA1
c18cb6e08ce5a3176848e279c86b274ada073ac4

SHA256
fa3d2cc657eb1e235909275aa2b54080e53b2022820a30229262ef3727c5667f

SHA512
0e2b872adf51398adb36a3dfa653d2c1e0983d728863162af799e556e8137174e6a296240a1225e0679478e1a7a3a49b44ea4e6e273e86f625b11bf943970cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e848.TMP

Filesize
48B

MD5
03bc0a8ee8b984f830e1f5087afcd717

SHA1
f472e3b9f4b9c0600a2ed9a2503dbe7952385588

SHA256
7926dfd3c29ce86db02a4bdc1add5d8c6d683d5aa5102e5ce089a144c6339898

SHA512
6474f7028358f3c59d5bc626ca829ed2ee3752e970264ee702ddcacd7aeea434c26ecfc9bbaf94cf482965d2490b253c2584b20de8c02f9d01f9fa4b341982fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
b2d0dc2d039f8508261733fad088adc1

SHA1
910977e6c225e50af413463f2f5bec6a8bdc7b31

SHA256
737cc28e2beb6b7dfd863aefbae376bdd791777d02694bd567961583c5ecfc05

SHA512
c5b369b0021348d8cb24d031c8eab0e480c85867c960b89325b834296dcecccc650fb3333729a07b55808fab7fae10ac57ae05f8f258bab3a05d4c0e1c50edbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c63431fbb3881860aebe15160d9c0464

SHA1
c387ae7b9b7ef88dabf06d24326a50dcb0bada54

SHA256
059932811aba1cc1adbbfd947360b708bb37f54638f819c2ddd6df13a60febee

SHA512
a3a64be82ba2f75cdb7a885f70adacd9e379fd24e9551118eecd8ceb6b040ae76538539e7c970f5b3cb054230ccbae55042e2d14bc6228a1c15c05e591499e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588836.TMP

Filesize
204B

MD5
2b854c97ee8beb8f62c2eb3a546e6db5

SHA1
af64ef833f923168c0fde66bb451cef2b210e4c2

SHA256
f1a3fca569bc475be24b80db9162b9d571fa69b40a54d899d2d750fddbb616cc

SHA512
5da08d217e60d85ffdc61ecf57a9f79603d6b156728828687ada2012f831dd3f3b66d18ed0a89b75b846dd609f62e01b084e531997941a2bbf51833734dc5a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
9784e5843a2018c6a4cc9365b842efd7

SHA1
366cba9ca044e6615155b55b256b13f4cd8002ce

SHA256
fc32472d49046b47e6eea1d38b9f6784be54a114a92ccf70747881ceb46c5b77

SHA512
f8d4b354f8fec8df0f408b44d269b376fffbf1b5be6aea7d10042e97ebd781106115d643060610dd392ebb4d61fc1e15d6a2e72fdd33e3cab09aa749026cf40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
50fcd3a45e4a3262d448442e69ea6ee5

SHA1
6665ba81f7c5080396cc7f0aaf5dab83681c24e2

SHA256
78fc51f29393599f8a8f8ac084f79693c1ee8e8b3a8c57ab0b658a44c79b28c2

SHA512
3ae579a8c19659144dbc8c119c421242c04201efb0ec00f118a15cf5b6d63bdd37987ee2b7f5e3329b7a7a4a23599c338578b38f5e3da82338b60b2b8a8a766a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0d8524db34fb49fd2d29933626718bb3

SHA1
afebbe63ff71ec6a35bf830a71875d0201866c50

SHA256
00c189845101b10192efcf5a3ca84a226ada9e27060bb590c46f237de3f97784

SHA512
e85577c550b704ed317306b4fe03dd0dfd066a0f364b10236992cf07c21fb2b753edafefc006fd2f0bae30cbf06016fb6cc8fdfea62dfd79795d5b60467c6016

Download Submit