Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
83s -
max time network
89s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
30/04/2024, 17:48
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://modsfire.com/uPA1YFjgmowTdhJ
Resource
win10v2004-20240426-en
General
-
Target
https://modsfire.com/uPA1YFjgmowTdhJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings msedge.exe -
Opens file in notepad (likely ransom note) 2 IoCs
pid Process 6000 NOTEPAD.EXE 1992 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4848 msedge.exe 4848 msedge.exe 672 msedge.exe 672 msedge.exe 3196 identity_helper.exe 3196 identity_helper.exe 5280 msedge.exe 5280 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
pid Process 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe 672 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 672 wrote to memory of 1396 672 msedge.exe 82 PID 672 wrote to memory of 1396 672 msedge.exe 82 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 1480 672 msedge.exe 83 PID 672 wrote to memory of 4848 672 msedge.exe 84 PID 672 wrote to memory of 4848 672 msedge.exe 84 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85 PID 672 wrote to memory of 3448 672 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://modsfire.com/uPA1YFjgmowTdhJ1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:672 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc643246f8,0x7ffc64324708,0x7ffc643247182⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵PID:4568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:82⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:1884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:12⤵PID:5292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:12⤵PID:5448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:12⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:12⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:12⤵PID:5744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:12⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:12⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8076 /prefetch:82⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:12⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:6080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:12⤵PID:5448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:12⤵PID:6060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:12⤵PID:5168
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:764
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1312
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5528
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_C13AEGIS_1.78.zip\system\cfg\ppfilters\C13AEGIS.ini1⤵
- Opens file in notepad (likely ransom note)
PID:6000
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\system\cfg\ppfilters\C13AEGIS.ini1⤵
- Opens file in notepad (likely ransom note)
PID:1992
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD533fc274867d72aa19eca22d15a41e7eb
SHA1885a21d8bdaf68b82e8c4401431c2ec7f3e0d41a
SHA256de0f76a107941379a5afdd0951ac3173054dcc3c5d0d8f6dd5e9df5fcac911fe
SHA5123b994c30eb03eb9b50192b2b4648f103cb4cf8f96443e08563cb4a689ec52ed97bdaa336518ab69c4dc959af1fe53c53a0c48e1c4e761821995a7b21621ab5b3
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
19KB
MD5f266b5b7f7a5b8b30286eaf784a209d6
SHA16e58bd181829f56af501fbda274bc4db888e42ef
SHA256485702c015ca106fb1fe168d023a0bb9a6d5b144480231b601b4207df86882f6
SHA512592b950f752c1b17d8863a8ea28641782ccb93d0fac91e4f93812f0adecb0ec810b831ce45c7bc79d89ce6212ec30afb143d8ddb11464f5407981880e2723ab6
-
Filesize
2KB
MD5f878a96ed40224e4b78c072849ef049c
SHA1791f2043a96c0fb32b0accb4b67b127f679dfe38
SHA2561dbfb9d01438060d9cc4cf6356737f2ac65b6e859be4d32bbfa730094397a0c7
SHA51202153465028e74f68526851ed8201c2bde9a7b57a0743285ccc7f13984a818e36646f70d65f106396c711ecd67b30d0ad89196f49657105176f0f1c2cdf7050b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5dfd2aa26a60c227708dacba4df5e90c2
SHA1879c5575034a098d72afe0ec05ac04b559df2dd4
SHA256759c692f7116d5a5f6f7c8718a71b667f5aae92bdc8e67dd6d4d2bb047232e96
SHA512eefa89533b96dd5ba283dc47c2870b366c54adb17340a4c68e469eaa5b62d939ad2459415dc56546e255553fb2a9bb31fc358937e4a2704644698c2764a92f65
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
12KB
MD5015244cbf75e3bd920a48967b78da5ee
SHA17ff433ccd5c8cd3434d90ed2475b90e5c26f4cf6
SHA256e5d8ad7e369639f106eba24cb5eacf04ff03a8ea8e8bda1ad686da6a2b7e06ef
SHA51242e937c4a9ae0f89b0607fab27e52e7ad8fe6bcc62f364e25b28cd41c9359f5da8266ef52bbd2a13144a90e531dd268d0db50d610fb5bbf9c31435da207edc82
-
Filesize
6KB
MD52f475701d846d9c47516c691b724304f
SHA1df2b20a03f8ef6c1505422e6a709098c0381df72
SHA256f817f2e7cf41727aacba15c39ee4450a66c62e2cae2748eb95548ac9d9a46d71
SHA5120b992c022852a47a3ff904e6da69e4ac245dc3895c18314bc0a0439128d36a828fdc5d33941506ad9e094eb4b64d25185e45a863441c6d6a27eb98c2558a9f31
-
Filesize
7KB
MD55fd9602da8a1e058395bbd73a5ea773e
SHA195cdd6e7ec9a455f4a5a2923dfc13277f995be50
SHA25691a3472f3d5c40c460094e1311903707b502ac3711f0c3c8453121346beb2167
SHA512bc0e888b2bff85a16bc1312d5cebbfe1a12526079bf514a0be605074d0c7255abbd1e2bbfbaf838b5d0a6f3f2eb8ee38f510761934706fb711975d05abff6a9a
-
Filesize
14KB
MD515d0cb4367cba8fc029b845a25bb434a
SHA19c24ca4009c3e3fad98de04b0b9756df42e2d0ab
SHA2561e0105ac3b4212193f43ad9e5a6ed35328859b9151072aa9ae96be5425a1ebff
SHA5129c7f70b50ec21ad17756a62a5edc8e8b38ab5263244b6da39339f673593f80148fb4fce4960124773cbed95cf4b2d0e87835b5dd093fca0c1ff94c851606b7ce
-
Filesize
3KB
MD57af583cf7b79e211c02edb58808d3c12
SHA1eabe97cea71b3b9352a6dc0a842f4f80191d8030
SHA256889715219678ea672804f89a8494ed31bd47ee99db594215563be268d1f9f267
SHA51270da895abc38aa7f2b5d1710e1ec68af3bf660dd218ee969b61f42c345409b1203121548f049dff2ebdde990ac5d3be951bc98fff45f376abda70c4dc36d005f
-
Filesize
3KB
MD5baabfa74c93aed5717b476ad0fe4fb51
SHA1cb2ef198df75119353bcea2113c7ddf27c2e13c7
SHA2560fb8ba7fa81f93f0271429034c80c532dfe3a3b5bfa13b5455a0e17f956fc6c1
SHA5128e97c813d9ef0223bc619a037cbab05a0c711c130d2b9dfd38247472c9ee25453ac3a09cfe6526a61d33e957e6660c4c6b8e589bb6084bd4c39fb997f87db2ba
-
Filesize
1KB
MD55eff9152573a2764b45d7edff55ebff6
SHA157ec103809203d8f8543b448450f05dd83c3a882
SHA256f45225849b703920f84e9a38909cc7515384bb3173410fb6341a12107d8a5196
SHA51286811cfe77c3d15a5da0b249435abf619d86e58863dd850169910d5e4bbb680064ee3e9ef6c4a20b20ce99e959a8b4360ca5113e952f5c43053a372e897521e9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b45b6e4c31da86a6e944681dc43ff560
SHA1d092d18821eddedc6cb9717f8b5cb2bf174c806b
SHA256b1e5d2a2abb26a9ba737bd9014aa7105cee86d43f22cc50a8006231fd2591010
SHA5128e6120347520eeead8227cfed96240c1f1c5fe7f8df9342826fcb7e4f317cdc9e2d25a0723b73d7d241bac3bb37ca91579bf4f7b1486783e5233421eefdb454b
-
Filesize
11KB
MD5f5022c3411e153fd2e9ad5c8db93d722
SHA165d66ef25dab46ec7c72016f3f707a33c200b3f8
SHA256d82125b6fe53ad9bef75163501a67d3b921a45cbaac56c749f2f657c5f594c13
SHA5123d96963ef3f7a6cb69b9b08b1efa8eb10a1c90ee9782bc5ae99a8795586b40aa43be03a4b13b4429724a0a18d478ca3ad4c1404a5449bc6a2c448eb36a1c7410
-
Filesize
23KB
MD540123b8a0f73fcb705517ba64d2d626a
SHA1b57173e5addc5ac46711f0c01fb39b0b0eb15d09
SHA256c1211d81cf6dd8b9e7f55e8d41e38484811523fdf429130ae2010638dc96b10b
SHA51220433a2cbdbb33462a6f28b7822880f140ca510397616f9abb5b79953b4fa8c628485400435dbd877b128d9f6bb1847bd1121258799b4cd4748e8f52106059dd