hxxps://www[.]fullprogramlarindir[.]net/kingdoms-and-castles-indir-pc-strateji-oyunu-v1[.]html#

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 15:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.fullprogramlarindir.net/kingdoms-and-castles-indir-pc-strateji-oyunu-v1.html#

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
3636	msedge.exe
3636	msedge.exe
5696	identity_helper.exe
5696	identity_helper.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe
3868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 1008	3636	msedge.exe	90
PID 3636 wrote to memory of 1008	3636	msedge.exe	90
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 1508	3636	msedge.exe	91
PID 3636 wrote to memory of 4004	3636	msedge.exe	92
PID 3636 wrote to memory of 4004	3636	msedge.exe	92
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93
PID 3636 wrote to memory of 4836	3636	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.fullprogramlarindir.net/kingdoms-and-castles-indir-pc-strateji-oyunu-v1.html#
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8425446f8,0x7ff842544708,0x7ff842544718
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2284,3149307204992284071,1858602471568471854,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:5272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
89KB

MD5
018d25aba3f0ccf08622f46c6ef193e3

SHA1
4772fe2369eac728d2b75f8b0e36bc509447968d

SHA256
081bc254be92afbc5a20de6968187e0b6a81f82a7314b5dedf6164bfb3d4a71f

SHA512
58ccd95a153ebeefff90569c317b19fd8e0921934f60283238d301750c422f75586149dfabc7375831d75662a14737211fbddaa03fce8b248c5d4ab8b1214b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4ec0e73cf60dce7bc01150e3288dea87

SHA1
b6a76882692ca84d33768ba0c4f248b365051012

SHA256
83e217dc96c77db90fe51ee3f6af7c2f5e690e4c085b6a76368477e818f504ff

SHA512
c269600a1e16b1f33f6f6e9e6065709bd30fe2462ba61e4724e9321be11df7f144f8edfa0ecf858ebc8dcebbdb44fb25e4bd8ffa3848034815061148405bdaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2baf0cb06786c20456dcc163e61d4a8a

SHA1
32766f19d74e6c516f79d9ab57003081472830e7

SHA256
2653c202b8040b7b5acd987a6d2b2f79b06df637bace668a06c17a88e782b5e6

SHA512
53d2bea8eb5ae20d2ae30b6c7f9e84071933eb845a6b608c9b73bfb7a6ec72cf9c7fbcac075480b81021f4ea184dd7f25012386eff0363a03ba29cb889134a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_turbobit.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
64254a4aa44e316c999c3ff45bd5cfa6

SHA1
7b39c0bace7d156a90d74a80bf8b6c9f2c770cd6

SHA256
0016cac3b624a7775777e94a30abbe30e212f70471379eb958b395b7536e8084

SHA512
11d149917f9e9f3985ce69d1098ddfee9dd5708f0a4f474c7a2cdc0fd5e7c6f87ed8cbbd11784fcb49c9bbc1aa073886dcbbe9ae29eca3b7ed8c6cda5e8999a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
37119dea5ba70204abb0e32993a8cff0

SHA1
e427a3ca0d41368df49b622f96df9ec9613ca73a

SHA256
f311733f26f23e81c256800d38936d2234dced8e102340a34e665704e2720c08

SHA512
130bbbb56db7b662c38f388efb30fe2f44ad799f52347e6302acde707ddb798841e453bb7854ecc8b92d2371f16c9b96f11acfd885204b96595109579ad808c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c0eec7bba7deaf0ab23b77f18da5858

SHA1
ded12b65568b57b21c7a0240bd1acd8efa13685f

SHA256
19d6b5587da5dd050efdb893fa2b4d5e41bcb700a33a4819843e91e20426a09d

SHA512
af78d209b98377d13bba5e5fa9de5d984d63d97b4daeaa9edaa34c195ee19619a5d3368e79387abe427d1f2f710dac7aee6d044bedcc4558cb76e20e3bb4712a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d20bb1ebc8aaa33a6cb8ddb6ee39485f

SHA1
e351b2284b56d08c903fb304e2dd1ef961effdb4

SHA256
2bb124013f7180964fde85bc2ca9e73075f6d484b4c5309afa3443cb05c328a3

SHA512
67e79cedab0684a58e3c4f8a0b85eb02aa8a9ea8604013087917845506f2caea7b6da26c3f4c97d010cbe83932852e5b8ff76a784378824432ec4adfbfd715c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e49b2c201cb7fb07536c09ab2bce76b

SHA1
562bf354c8d845d7725d9bd5c1aa7edac9783a0b

SHA256
68e45301df62d7f7d989810fe81eefa121050c9e2e9dbc512814d06319918b45

SHA512
bd9a5aedae0444893e910ec33a8501568e5ecfe444524cb129d29bf95d7fdb016077dd0fc2c73751e75a81f178fe565b5b628a72e204866da0ba6c3308502377

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d56d5a15e73025251f16bd2c5ab8f2cf

SHA1
3c26ce051dcab159c03d1485083cbc9f7aa20197

SHA256
fe2073df3021051d8955c274781d75e5177d1cc1b81cdce92c6167c0299cc120

SHA512
a7967d67b95cc1e3b5329df4e5bbb725ab434bb25579c137ac365ca466e016491c610b1cebf43b769eca620a1c9b34ceb7566a6e2c6ffa7c14c5617e6c3c1193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4d6372a79671b26583983ce065c81a6b

SHA1
681f3c8986e4b9e29b28c4c274b7cf1c801862fb

SHA256
9bfe3f931a1b855ada2dd423b3ff263cfcdea3ccea132f2c922c103359ebf0fb

SHA512
183a09c7cb6fcd2d7539661497077854750dd79960a353fa49ea6423cf6b9f0583f949e582e7c67d9ffa5b46ddea9dbc0843c98fc83ce17f6fdeac6a3b94ab9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2425eb1f2aa191cc2ca6639dc7279136

SHA1
af242491f56fe06cd4fdc54a4e3b5aa5783fae8a

SHA256
1f584f2b2543bcf140367dcceea6128c276bb083c239d3f4f2676557eb8670d3

SHA512
847dc03743090d7216b138c43326229b34f1a2e6463dab138cf39c54129350fdaefe890aec4ff51aac8fe0c53160c2df04adb386cd9db907bce4794a8c1d454c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e81fa7d53f1eb271f9087aa9c7f04978

SHA1
1a31069e8ceb773d6c538fd86f3ffe78ae0ccd5d

SHA256
1567510988eb04cbab703819b1ca4a4b2c22680a963a8e8e44350a6941a91d2b

SHA512
559f5e8a4a2b1f9f660d243c36dd553d279899f5bb3dda9cb618acf87b0a2c343f5c93aba566ade170a9a474330b7a8277eb5106ad2a0c79272c5c1c6c8e27c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e05cc541d93f94dabd3c8c08d9600200

SHA1
77544e23f68a62cd40ee02dfadd2f7081a3ac30e

SHA256
2a88b9129e94a828a826f473fd675ed09e65516b2acc044c2f5a377a7c830f7e

SHA512
36f7189f70f72d0227a0660ac7121384154bda2020ba77641e0089e9a27ac0c389b43acc7501c0daae53f41d7d7878638e27c08c2027d5110681a35a470334bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d38dfcf3ea57cebaa4716fed44ee8c34

SHA1
4eaaa510b0839830ba4f541fd85cb3434b2f5135

SHA256
b96b3538489114ac103c6cb294cb64f15e20c68a5ba235509989f660b71ee496

SHA512
2e11aa437f3f766e72fba22bd259a30ca63c70706ea60f6b5826fb12dc7795ae9902c75015f06da23fa0df4dc326a6aaf09f91359bb1642563889b83c5c321eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ffae3366bd5bf37a0d6a1666ad118a41

SHA1
01f3714bcc1e2100f7c363d3913bd3ba37c6c2c9

SHA256
df3bce1e4d2469d071427034105fbe9ee141bb113706f3b352b33ae755540baf

SHA512
cfcd57e8dccb48d7b99de2f7bbbb7cf6914be5178d7394f32ebbfe44f2493df66ed5e650281114f10013b9d420cc5714bbb057e5a625f0536474af916e1709e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
76f84d30d572a23fbbf16a5452eb999e

SHA1
98ebf68eb1cbb5bd78dfe9dc6094c48dc1ac1254

SHA256
89dd136dba07fa9f45589afd664e5db0174c465cc0e8695077beaaa96e7a1058

SHA512
b5ebcd07da062920f1126ed0d1366085eab0df2f85793eb6c6f477c736424d676c33a1e0a2b9bd11a7e6de696ccf28fa079b7689b25a9d3e2bc71417b9876538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e254e1fb29ca41b1fbb2f19a4a4e659e

SHA1
21814615a3e562c5c13364a1cbb5e5ff07367c3c

SHA256
4f0806537f3325b906bd98ef0d86c71b57eb6bb49d75574ba6bde1f916fa7172

SHA512
cfac413646f4ca89bfd019df893e1821747806ee305fe8bfd3db4a26cc085790f0e2e9bcd23d8faffa0a6e21a2a7968e58996d4e81c8542b8264e6eb3a92eba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3c7e4c8a4e17f6f7ead0883558f5cb6

SHA1
678c948c1d5ffd9c85830b19a4e0ab68392dbe10

SHA256
2b5bb818e73c87c8d86536cc3bc537efaf567957aa3d28b212baee178f3eca6f

SHA512
9107c2bc99f1e6468a3d9fc82eea202d04bac492fd57d3070ac96c3e9bfbed1adbc8ceba3c882010778bab96c072cfb9ff5e56fd56a133c1e167d4b9e3d2b5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee4252e3e67ebf7972d2081ebebdce94

SHA1
553542864a3f84a144ca197b516028f64250ebf4

SHA256
ef9347a0ec5d606e3e4b2ce1f63947c500559cfe1e1115eb05e56f2754d59c0b

SHA512
0a0c5ede724f8fcc6f53fa093af9b233569fccaceb1853272dd217688afa2f832c0a3a74ffef2baf121be30776c8e6d095c718c8341a8cb71997fe2f17e090d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b46b.TMP

Filesize
1KB

MD5
22a1f50e0304d2d1cb5d0034cf07e7d6

SHA1
a1d445015ad736080d05076eb21874e5886cf2b6

SHA256
f2468345e5f4f40137fc1819fe742f371980060e9ecf967759a434e5e5b26651

SHA512
1076829864f37676d772fbcaa8bfcd520a8eae425b04e5374ffdc884f88b41bbca03b47a5a0d71bcd2a9ddc8ca950e20f583b4341c08477207e36697a3784f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cf452e133ee7b28c8c03d694fb53e6c

SHA1
7be62b401bbc28ea41e61bc0d825a2f530b4b981

SHA256
536ea8dcf31b1314398691b43aebd7af0b0941eb3d9e6c3cca9c7435e7d97ec3

SHA512
61597949186aed0b9438897e445625c2a4fe239def2286b9a3841871ba58d1a2be6462a9f8b7db65d7a8584cbd07c5f85ff35ef3022a42cd59e8ecc756d09f13

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a67acdd508c91769870a7b7cfb0d6181

SHA1
f2d52ca5d48e142ec24ffa4cba0ee0c7ed342db5

SHA256
8f4c8b5e2ea9c262d03f245128a39a2866f2e4038927f5e1d9387d01ce31f8ab

SHA512
67a5f4772a9692eec8e1cb75215adc20f15b857dca96c63e335ad5c6efe0563d87a078fadb9ed2b23aeb7c2dc884f12feda764ccc2725102298f292d24f8bb98

Download Submit