hxxps://ctrk[.]klclick3[.]com/l/01J5XTD9AATG61KP0NBR6WAX8J_0

Analysis

max time kernel
114s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 00:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ctrk.klclick3.com/l/01J5XTD9AATG61KP0NBR6WAX8J_0

Score

4^/10

discovery phishing

Malware Config

Signatures

Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{72C99028-2BCA-4630-A6EA-C6C7FC0406AD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
932	msedge.exe
932	msedge.exe
3000	msedge.exe
3000	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
5820	msedge.exe
5820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2052	3000	msedge.exe	84
PID 3000 wrote to memory of 2052	3000	msedge.exe	84
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 3152	3000	msedge.exe	85
PID 3000 wrote to memory of 932	3000	msedge.exe	86
PID 3000 wrote to memory of 932	3000	msedge.exe	86
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87
PID 3000 wrote to memory of 1008	3000	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ctrk.klclick3.com/l/01J5XTD9AATG61KP0NBR6WAX8J_0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6cbf46f8,0x7ffb6cbf4708,0x7ffb6cbf4718
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8476793042716576939,8292438786934336264,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:1064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
326c352c6f567661ec45e72631bc82dc

SHA1
4183a29195215c97770a40f01ec9f8310ea48752

SHA256
e25e39f6f9ce6ba47cf288f9fa72f23649848b35fffe526bd16cdab4dde456a1

SHA512
f609bfc639b9cfce113ef0cd7b5a02b437dd521dc3b416c28c2b9db6da18aa7536339be9fd74c98189cf4c00151b5c9c6ab9965f96a03c786281446f444b8815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fb323158b0efc8e93493d9d2732a9979

SHA1
41c4f42ebacb5d238f909f855a6c7f7fda48fd1f

SHA256
273d881cfd00c59129327b08bf9384d77f861ae36a1a4c72d007cc7c86310fa8

SHA512
822a4cbc2fe7906eaf69fb27c40efa1bc5edb8aad27c3ec722bdd38c98a4ce4093be9c0617fb9cbd6c88f7c13f314e944cfca74fc01ada2e753055bf9cc1687d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0978904badd1e9068ffbea9653eee0b0

SHA1
c0d6a81201a63327c91bbe6167d1cfe84c8e2424

SHA256
039e21e11aa8fbf9f3e585d4b3b42950839fad20e4174c6dbf55ade4037da1c3

SHA512
87cd4a67fd680669a532d5312c8bf6fa7d570bb4136d30e9a67612644d20499a1cce99a90a82abfd7254b63881510046ec16451a46691499477c2b0f71fd77c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f42f97fddb774334eb4513c50ae5e335

SHA1
3e67145cd53a3cdbc5746a0fc30b256ef73c9e7d

SHA256
57b1e2630746e4c8ef5e1ecf6e92b6c1dfee35adb3d142e8f78f49a7c8d5d608

SHA512
57107b1ea69998a6e6a2f1f42185e5072d5d897dbd16e65a347302d7ebd02f8204f1c3df405f95ae38718ca59f00e71d3d33506bd68abc74e65c3e236ed48c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c548d7a35b0e5f8c7cdd3a40866043d1

SHA1
fa8f199966b6c0e738043a40f4066a968cd1a9e4

SHA256
7c620206036344e74e0731eb5c1f3eca358c8ef1af93f6a15ad809cbb6529152

SHA512
f8d13d59e12d836098bd94f23b533a8654e039386503bd27396d2d5bd102617fe9c0702fafa6441dcdb57f13e65c36d25ddf2c08f9be023d1fea06630b7fa3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
533a4463fceb40efae5fe86daf2aa2fb

SHA1
13f1c7f127471c44504948fb65a89f969f3bc874

SHA256
3eeae38cc372979266afea39b3adccb692ca54d9446b0997188211badbafe561

SHA512
c4b0c14ebb2cded0ba1e8f5df0f1aec65d5e7a4bc84d29a4ef3754f749f726fd4400975084d3103d7a1cbf4bdc20153d59e35f932597d540f5118841a71bece4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bd2e087ffa0b6ea2fe8477987781d4b5

SHA1
c0c3eeae74e57c5d7d31db1953a4caa1e9a7e9cf

SHA256
d5c481431086a90f33b5108e8340d43a0a1cfcdcfaf3bfcea76b45d1ac0d7116

SHA512
5ea5de89ae5bd04e9c1cd9679ccee7192244f2a8201019e85a8ef6c4f35e443d9d670ea6cf049c280446931af121b970167ceac594cd174bfa2fd9f0fa4875ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93b0eca8ca5bf13a50aec10a3ef5eaa4

SHA1
8a46829d355a35cde81087f94a420034cf0d5140

SHA256
ae542719c154d29daa9f7b4dce3d523509bb1e18ac69e72bd979e160a5aaed1d

SHA512
efbd77998893e5caf2915dea1f68ef36ab9a087ce09e7d1f02ffd2d5f095c98af573446b645cded97e99240c0bba06d9cab1c064c3aec6d85572c18f836f4fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a2f0be979ceb74ae48575db5dd0952f

SHA1
1d8393c313ce930eef04afa2a17233cc41913c91

SHA256
f615c5b1a3eff2a15def7fd62a148beb055fcd2714bb995723cf935e3a80c258

SHA512
830973050dc674237eb19ab42b4f298e955e338595c26244704fefb2520566a0de7f1b8ee1bf2ccfdbbce0c76aa6b19041f8b5afb2b4a7c557a3d6a6f5744c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c979323b9d115301fa2b1ddb6019071b

SHA1
703cce045af66c808f0005a687a57618fd7b770e

SHA256
d7e3a1b76b2a08667d334e9cf8ed3ebfb7770e5a5187643c8ea4666a9721498c

SHA512
b0cf51b103deaf33e4e7af1ea00945512e3fda4386051e7763f0079f728f0a4ccd64bfc8a6feba6ab4b0b13b1917a40a2a8ce13e76f3fd7a26b4d4b34a960e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3eee5370578ef5a90f7ee9b08793ce1d

SHA1
12c66dfc54bd66b4bd73e2e68c9890af143ece4d

SHA256
cd8e4b3103334c9ac30da3b9889bdafa3aa399935e1fca2e2028fa2a6702972b

SHA512
15256f8ac55682640b67e393a9ee81228d358dddef4442686f45c3dc9600c7e951c59c9554210f915f678c0ae28714141b3e8e939c585d1a4f60b4eb688e0760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fea3.TMP

Filesize
1KB

MD5
1f6b90689db631d4078bd24bdd9dba95

SHA1
a60885af5a12b64ea02c16a4bc6122a35f4711ef

SHA256
327aa93d77132d87f02d0d87e98ada3d71c5715d7faecbd0e1c8719a707b4089

SHA512
b52ae09c19ce097d8396466f883335ade77cc33f373da8dbb550a4af92b7cc13f093d61f82da2707675f308e8d22bb84b7a15b6edc4fb407c4266a31479b5023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a4cfc69c-4447-452a-8fc0-54532b4b6a99.tmp

Filesize
1KB

MD5
6c805d078b2e347be2e9e7d20e075804

SHA1
548ff85783872eb7701710b7b83bfd2d89013652

SHA256
84da3bd4b7b71f95632be802caa414ec8f01e2d4711eeab1cf52f53fe9ec3bc8

SHA512
9a79c4e1d3d11ca45d71a89e84840adbde08930326701805d2b5b76a83ebf112e9aede20361aa79c8fd1934b11eab801d97e3bcb6c0ac8ee60dd10fc58102372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbd21db08ec004a290da2224c0fdf671

SHA1
65e746a3b255d7e4262a74ba15d44dae924f9f30

SHA256
ddc8cf619ad9a9e1106231469baaee33b77f781d4c6b0cc65ca5aaa5d3cdb183

SHA512
747dd60241f56c45cf046558ebbba51037b855545fd184c5c7247f5c56495cd6545e6706eab7682d5f1b893e6813674375d34b0383d32a699035b23c4100ca13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e21e5eeca0475ed6c6a7e08e9ee596a1

SHA1
760daad14c1380744a97b4b625b9410120019468

SHA256
e654d129a659018f5b160a54add325bb4d314d9a5ce1145781b2b2bab38b388a

SHA512
8b521b99d1ebe6be0e08d902a0e667b3acb014f6147ac83584932ea2b6ca97d8aee59e90ae425c36000938aa84fe61952caf9696d0666ece31014157bcfa0509

Download Submit