hxxps://www[.]mediafire[.]com/file/fchdc2cjlfdjcy2/Rise_v6[.]rar/file

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/fchdc2cjlfdjcy2/Rise_v6.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1432	msedge.exe
1432	msedge.exe
4284	msedge.exe
4284	msedge.exe
6712	identity_helper.exe
6712	identity_helper.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 908	4284	msedge.exe	84
PID 4284 wrote to memory of 908	4284	msedge.exe	84
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 2076	4284	msedge.exe	85
PID 4284 wrote to memory of 1432	4284	msedge.exe	86
PID 4284 wrote to memory of 1432	4284	msedge.exe	86
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87
PID 4284 wrote to memory of 2112	4284	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/fchdc2cjlfdjcy2/Rise_v6.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8126946f8,0x7ff812694708,0x7ff812694718
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8232 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9208 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8372 /prefetch:8
  2⤵
  PID:6564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
  2⤵
  PID:6880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9152 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1
  2⤵
  PID:6348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9120826031635427540,10199142799224307477,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5c865a0d-cc42-4de9-ad2e-b3b978842f62.tmp

Filesize
11KB

MD5
dabeb601daa4eba3a9f74da81d172200

SHA1
0e4e9cf1fad4948e1d94600bdb640f009eb642cf

SHA256
6c3130442038c1f76a83acadf8edd4b95d4c210d299c4d59a04ce0fe89446498

SHA512
36f92a49ac40095b98ca24c9612d5ecb73df8621883ab1f63d31cff776b46ff3e8f974ddde33e4894adc4433d7a6a95ebce01bc943a1807771b92f247a1c7230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
62KB

MD5
4d941c23969f354e7919c58a501e2add

SHA1
21f490b51997ffdfe8a636560ebc2cff507e19f2

SHA256
7713927066b441e48246966f514dde158cd629ae5b4d06f29a04114257cc51fc

SHA512
1d3c3e646eb37f8dd250e6fd345d682c34cc83912b11d7ad2c70ea6be0db7623d1bb4e23f9ac8e8024dc6d26123d1c5e43705348d5b5f77832d790e46a8d6915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
31KB

MD5
5944cdc7d52b631db23dcdc812ae9004

SHA1
d2d88c0228ede7fdbb6fc14aeafb0d07c23d80d2

SHA256
a052386a870abcd55614bd90fa3c649f2b96d7e819fc4edb87b5db4f2f3c362f

SHA512
4dde0a6c553eb527d154f13da4cf0ecb957d5775f3b101ebf44c92fff64274d5237d93125be31deb445e1e1acaabfde43d9b6243af33a6c46cf8f401dc350a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24e4dde1bf97cf7d_0

Filesize
339KB

MD5
22f037e6191a3c840e2684091dac28ca

SHA1
5f6f62ddd84561e1c5809fe8b6ecccf86b29a271

SHA256
2e33bb4cc2eb6204810990525f4b8179fe86c5e8b55d122a3bc623052666547b

SHA512
30e96da46a1b47dd294b83c6dda7925064d514c25e2cab499748e37e4e32f6b025c325a5d127addf7cdfc01de566967826278e1378ceae314e861131accce3d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44491b67dfb9f274_0

Filesize
23KB

MD5
9a08aad05e98af4bd14e6c05a29a0b8f

SHA1
6f21a3af0e1fc9161a017f662a6927d2284c48c1

SHA256
0fc44b6e02744473cfe22305abb831d8417267ec15ed79c82913be9dace13f6c

SHA512
25fd58f4cafe54af293a7ba3b6b1cfb9e260b8ecc7aebd178a1bdc37ae7325f19af1fc704a5f0ef3f575cf00c4c2217c56f5245b63144d044a2da4f70a0abb88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69ac004e2a8181ad_0

Filesize
278B

MD5
dec74ced6a87598973005fef41df24c4

SHA1
5268b2dcba5545a863f5ed1f9bc141b1b7c3134d

SHA256
11e2036a36d16cbf4b5763e012539d57a28bf320f26a96670bb72c65640cf933

SHA512
8f59014a64e0200cdb1d8480db24edb19b691ca321500c76de33720ecc78ab0ef3e46bf444d94d21b13a772e10d9df3fc87b4cd23cec3424c2923f53abc71d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\925183070c0a4278_0

Filesize
158KB

MD5
f4149b3b0c93f0b72a08db281258f45f

SHA1
f90970816558fdcda591a12c94ed2e5b51a19d15

SHA256
01e036c932b73a102b509679817963110ad946698ed040a7c15dff328c38af84

SHA512
26bd0d6c6b4f87adf5dcd945c6b9848633624f1eaf31d67b29c8966abfa3b6867d07e34ab19fe9c6826f8d3bed69630f3462bc7d246a623ae472f6dbbe5bf040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae0a0c7673dd5a06_0

Filesize
14KB

MD5
6e290467c52bf06a7a4b5a9d255b6ffd

SHA1
f6b6b230ee05395f860a8aa4e4b69ebde1876ea3

SHA256
d133e769c1711cfc1458487671958182e31468b594c9e3e6a2d82e8c751fac64

SHA512
3a936655c655fa3e3ffffae4d5520e840168cc48ef6eca542a26d59d3d634f5cda12f2df9b39755765ccf71656b0ab8c246380fa027b581dedd706038b88a655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b0945c06fd950ed6_0

Filesize
54KB

MD5
b9444d731f620afbbbe555b8502eeb89

SHA1
6be0bebf30464d5cd1f3d4a563c19f0fd8d16a17

SHA256
c8d59d30e2e918267fa652066086b93fe5c0ebe9dd8355825d8fd77723cbd439

SHA512
80f72665981a54e75d496c6cfe0f738dd2e84fe35a77e914521687be89ab00eba2b1dbcd1b27ded9119615c7509a3113930ec430f9be4bbb40a1d1b314a612cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2dec9d1a1e98901_0

Filesize
268B

MD5
242f217d56ccb6f6f86443c3389ddeb6

SHA1
2240fe969e54b9111077ee77c9ba2d3a6b3d25fa

SHA256
8ae01eaf0b695ff1651e2d3673527ebb5b0e0eb667d23e333e8e33fb42af251e

SHA512
57565239ef6048512b9dd2eefe3887f66cd7dcd72a365217b330c005c6d59c8c135368a9c62372b83617bf185a007eba0e2d4cfe5f157615aa23c19e404e2ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
b728c5d7cf83cd7b34f4bc69c660fb6b

SHA1
ab1e5defa6ee787e6f7800eeccbb72050eaa758e

SHA256
70219e7b83682ca5d6d36d3b46ab2d8596de3667e982e166a7bc2e3b5833c91b

SHA512
405622fc30f8dae6f2e74eeb684addc9b394f9294fe868c8dd0ad57f0c61b4c5271961abcba679ff4d2affc3fde9964e156910d6bb5861ea0702833fbc2ba920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
120776f8b006b78d1933a50875959ead

SHA1
e025bc33c399e9c8bb438cd47fbb2d4f5d27641e

SHA256
dbcb4096f3dde9188262bdcb73021577593fcd1b7a90cb75dbf3dbbeb05652b0

SHA512
84bf5f8454ceed8d379987272008f09cf99de083dda4ff66b3b69d0ebee0538a2528b94754366de123802663fa09694924c43a85124eb60a7971864f39288553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5158850f99ad871b393f9ab9ce0a1bd3

SHA1
27b7079e581f428d47c720abfb2119852bec2b89

SHA256
71791a8d6b21c5bdc755375ab2b1d757648ac08b26db232a38ce3d7456a538e7

SHA512
0e637679be1c844bb9ad29e1c4285b5c46a496517ac2f49f6a10c3ca5ef29ced177a918db03942a3a81e660b93f068aa4f3d7cc079e8df945980dc5a35831e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
45ac07c0662480a09427e38fabe6aacd

SHA1
15dc7636ef85d95f2505235d8074165a7dc44cff

SHA256
9231e168b4866c887b608ca431b2efe0c9da6299b7952c0b7539352d9c11689c

SHA512
9809f48168a9de0d80035f0f5a6fc0e27e3938185ddb995c9326a0695f4b5a4a7961399193b23f5793fd99f025dc1bfec4eeeae7adbff57ef9fa7974f6af8d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
6b5e6f899a6295b61d331468f97537a1

SHA1
26091992ff8d363e266e332bdd6633a9fb77970b

SHA256
201690ab2b1c1ff519d381d9ebd092a8fb136035232180cd8302efda81b32dc7

SHA512
afc6dff9bb81149123987c5c945654d8d134367f81bb570b66ed5602ecfb5eee05595ada93d2e23231641344083375168191f5f5c039b06045187cb7086c00aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
6e61a9f41521c2a8c7f568ec2b36443b

SHA1
7acd6ffa0595c3533cd6d70ebd9e84e5c9f4d2ed

SHA256
804e7a56fb24c28fb22104dbd2d79a30663935f1d4ef07cf954332f9b9bee026

SHA512
2251adaac728b10670d4bbd7f2c67e1f7d405059b63f60c943942f308a737e107fd8a6495ae5c91cf9e8a07b4d969bd98c7bafdf55e6831b02a7de06cc4f0c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddb914dad3e4e29f07dd4576a4fda9d8

SHA1
d3a62f958f58f561539037872aaae5e719e6674e

SHA256
26372164abcd60d69bc2716fa29993b48f64e861090eb31d1f18859e1b660ea7

SHA512
7318b8d0f153654d905bca343e88d7012b12434c1dd3d32752d97d487ba19c51b5eed4057dc48f3733b43bb66926e97fc9f6848686370244c96c19aac50225ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b74060268aca06c59bed918b4c517b77

SHA1
cb528baff44d48a208ea72338d0bdf441eaeb211

SHA256
db2f28de727cdfe1259f4f474d3fe5bb3f73eee2105e1415d08d3bbfb583d621

SHA512
6128323e280738d08595b618072c0340b7d2b2a59dfce76508e87fefe8b924c1de0dd32022a9a7146c3330ff7f9e5782f2343f47129ad948c5916d439e69cdf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
4e8f69e8bd4f03654fa97b97ca1806ac

SHA1
ad3b61d725fe42cfffd11a383d37dde4a57a440a

SHA256
0dd81cd8b5bf3b50846878de6c41fd440963bcdcf12f6c685a9d12b979aa4b90

SHA512
aaa4cbb2ba127b6372a25f02062e61928b0afe92a8c64f234a8bf2ef6820aa90f94d2c0348acac3b54663466b81646e0c1537a900fa44c6517d39cb6a39f4f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
77b2d771bb4b71ae5eecd02649326fe7

SHA1
1613779e073d73e2f45e7d76a5ed5949b33f760a

SHA256
c95a8bfa0d22d9fa6d6c5b6a51c515b455c0775315a5589bca51a3ab74f6246f

SHA512
50090a7447f78b743fc6c19daed177b254898626b0b57ccd38678bf6bcf9434383267a0841800e5250a50a4185212827bd8ce1f0be09759fcb04c197aaacf119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1dc5f5c71fce04e4044a5708721c0f44

SHA1
d65eb6ff0d8c9c471fe3f4bb450b6decbc8d090d

SHA256
e3502d5e00d3d5e80f3f042d52ea4c8a73034fdc5545b280c72ae4342a92cebd

SHA512
cd13965c58d4096ab44d68ca6d591ae91847f507ba54c76be8f721b59559b3f654b190907a39d651e3cc32e3e045aeb20cb906cad7a191d90742ba038be9d763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9a8ef372b0eb5fb969f8fe1a858a3e43

SHA1
e2ac01d52167e9196e34618ccea32d69cd74614d

SHA256
db69602f8132be957f89e1ecceb20b655039e147fa4f00ae53f5581e89d6c9f0

SHA512
8a36baacdd3973ee643dcbef37504a8feca9bb5c1b07805f958989bd1f08b80eafbc73aeaf3bee3544fa707e9634e8c7712ae24f87126f24d07cc1aa33d0dbcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ef5f4815fa33335e01f7f9f9e3874962

SHA1
d760406dca39525d8569d51dbfc3430b2a77bed0

SHA256
cb237a221ac8f9f02c5bf024fd63cb6dbc2016e6e3be4290a0ab130e451ed8cf

SHA512
58f0c83348d5bf07b0d491a686ae137fb69a50e6fa91e706321691bf2ab11e203d831bb9aef47861cf5e8c65249274600d4c3a9199f006982766fa282e967353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ef96a5f192859cec0d2858384ebaf86d

SHA1
7d7546210ae9b0cca5f6a8596a145960cce1dc39

SHA256
5ea1a9057013ed7e4845d182205d1392263c84f9e372db15780259061936a20f

SHA512
de65899b8ff7af7d242a11614e506bcb21d031239f0d9fd2fd437b2858a99e982c7db21555d9283071fba1276442ef46373039c673442ee05a1a53b017934c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a25a.TMP

Filesize
3KB

MD5
ec6760776f12a747158e30fcfadfb371

SHA1
110b2a49df72a5e80d5959bf345d387228286093

SHA256
b69de2704a979a8edc2ee88bc5834822d6358dfdb7e2ba1277ae9f101828a13f

SHA512
9438f7ee6f68c7d549c5537787881c5f2126559b3e341106ad58aefc69d931b7f7e706436d54aaf4d2b4c03239f070d4d103e666fae51d245e117f82942e9187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit