Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://modsfire.com...

windows10-2004-x64

1

Analysis

  • max time kernel
    83s
  • max time network
    89s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/04/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://modsfire.com/uPA1YFjgmowTdhJ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://modsfire.com/uPA1YFjgmowTdhJ
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:672
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc643246f8,0x7ffc64324708,0x7ffc64324718
      2⤵
        PID:1396
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        2⤵
          PID:1480
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4848
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
          2⤵
            PID:3448
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
            2⤵
              PID:4912
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:1020
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
                2⤵
                  PID:220
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                  2⤵
                    PID:4568
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
                    2⤵
                      PID:3980
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3196
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                      2⤵
                        PID:2292
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                        2⤵
                          PID:2664
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
                          2⤵
                            PID:4528
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
                            2⤵
                              PID:4636
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                              2⤵
                                PID:1884
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
                                2⤵
                                  PID:4348
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                                  2⤵
                                    PID:2220
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                                    2⤵
                                      PID:2300
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
                                      2⤵
                                        PID:1372
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
                                        2⤵
                                          PID:4260
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
                                          2⤵
                                            PID:768
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
                                            2⤵
                                              PID:5292
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
                                              2⤵
                                                PID:5448
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
                                                2⤵
                                                  PID:5556
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
                                                  2⤵
                                                    PID:5652
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
                                                    2⤵
                                                      PID:5744
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
                                                      2⤵
                                                        PID:5752
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1
                                                        2⤵
                                                          PID:6136
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8076 /prefetch:8
                                                          2⤵
                                                            PID:5256
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
                                                            2⤵
                                                              PID:5268
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8952 /prefetch:8
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:5280
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
                                                              2⤵
                                                                PID:2248
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                                                                2⤵
                                                                  PID:3232
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
                                                                  2⤵
                                                                    PID:1844
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
                                                                    2⤵
                                                                      PID:6080
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
                                                                      2⤵
                                                                        PID:6012
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1
                                                                        2⤵
                                                                          PID:5448
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1
                                                                          2⤵
                                                                            PID:6060
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1127843054975545456,1670156843308142109,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
                                                                            2⤵
                                                                              PID:5168
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:764
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:1312
                                                                              • C:\Windows\System32\rundll32.exe
                                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                1⤵
                                                                                  PID:5528
                                                                                • C:\Windows\system32\NOTEPAD.EXE
                                                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_C13AEGIS_1.78.zip\system\cfg\ppfilters\C13AEGIS.ini
                                                                                  1⤵
                                                                                  • Opens file in notepad (likely ransom note)
                                                                                  PID:6000
                                                                                • C:\Windows\system32\NOTEPAD.EXE
                                                                                  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\system\cfg\ppfilters\C13AEGIS.ini
                                                                                  1⤵
                                                                                  • Opens file in notepad (likely ransom note)
                                                                                  PID:1992

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v15

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  55540a230bdab55187a841cfe1aa1545

                                                                                  SHA1

                                                                                  363e4734f757bdeb89868efe94907774a327695e

                                                                                  SHA256

                                                                                  d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

                                                                                  SHA512

                                                                                  c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
                                                                                  Filesize

                                                                                  230B

                                                                                  MD5

                                                                                  33fc274867d72aa19eca22d15a41e7eb

                                                                                  SHA1

                                                                                  885a21d8bdaf68b82e8c4401431c2ec7f3e0d41a

                                                                                  SHA256

                                                                                  de0f76a107941379a5afdd0951ac3173054dcc3c5d0d8f6dd5e9df5fcac911fe

                                                                                  SHA512

                                                                                  3b994c30eb03eb9b50192b2b4648f103cb4cf8f96443e08563cb4a689ec52ed97bdaa336518ab69c4dc959af1fe53c53a0c48e1c4e761821995a7b21621ab5b3

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  2daa93382bba07cbc40af372d30ec576

                                                                                  SHA1

                                                                                  c5e709dc3e2e4df2ff841fbde3e30170e7428a94

                                                                                  SHA256

                                                                                  1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

                                                                                  SHA512

                                                                                  65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  ecdc2754d7d2ae862272153aa9b9ca6e

                                                                                  SHA1

                                                                                  c19bed1c6e1c998b9fa93298639ad7961339147d

                                                                                  SHA256

                                                                                  a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

                                                                                  SHA512

                                                                                  cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
                                                                                  Filesize

                                                                                  19KB

                                                                                  MD5

                                                                                  f266b5b7f7a5b8b30286eaf784a209d6

                                                                                  SHA1

                                                                                  6e58bd181829f56af501fbda274bc4db888e42ef

                                                                                  SHA256

                                                                                  485702c015ca106fb1fe168d023a0bb9a6d5b144480231b601b4207df86882f6

                                                                                  SHA512

                                                                                  592b950f752c1b17d8863a8ea28641782ccb93d0fac91e4f93812f0adecb0ec810b831ce45c7bc79d89ce6212ec30afb143d8ddb11464f5407981880e2723ab6

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  f878a96ed40224e4b78c072849ef049c

                                                                                  SHA1

                                                                                  791f2043a96c0fb32b0accb4b67b127f679dfe38

                                                                                  SHA256

                                                                                  1dbfb9d01438060d9cc4cf6356737f2ac65b6e859be4d32bbfa730094397a0c7

                                                                                  SHA512

                                                                                  02153465028e74f68526851ed8201c2bde9a7b57a0743285ccc7f13984a818e36646f70d65f106396c711ecd67b30d0ad89196f49657105176f0f1c2cdf7050b

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                  Filesize

                                                                                  2KB

                                                                                  MD5

                                                                                  dfd2aa26a60c227708dacba4df5e90c2

                                                                                  SHA1

                                                                                  879c5575034a098d72afe0ec05ac04b559df2dd4

                                                                                  SHA256

                                                                                  759c692f7116d5a5f6f7c8718a71b667f5aae92bdc8e67dd6d4d2bb047232e96

                                                                                  SHA512

                                                                                  eefa89533b96dd5ba283dc47c2870b366c54adb17340a4c68e469eaa5b62d939ad2459415dc56546e255553fb2a9bb31fc358937e4a2704644698c2764a92f65

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  46295cac801e5d4857d09837238a6394

                                                                                  SHA1

                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                  SHA256

                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                  SHA512

                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                  Filesize

                                                                                  12KB

                                                                                  MD5

                                                                                  015244cbf75e3bd920a48967b78da5ee

                                                                                  SHA1

                                                                                  7ff433ccd5c8cd3434d90ed2475b90e5c26f4cf6

                                                                                  SHA256

                                                                                  e5d8ad7e369639f106eba24cb5eacf04ff03a8ea8e8bda1ad686da6a2b7e06ef

                                                                                  SHA512

                                                                                  42e937c4a9ae0f89b0607fab27e52e7ad8fe6bcc62f364e25b28cd41c9359f5da8266ef52bbd2a13144a90e531dd268d0db50d610fb5bbf9c31435da207edc82

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  2f475701d846d9c47516c691b724304f

                                                                                  SHA1

                                                                                  df2b20a03f8ef6c1505422e6a709098c0381df72

                                                                                  SHA256

                                                                                  f817f2e7cf41727aacba15c39ee4450a66c62e2cae2748eb95548ac9d9a46d71

                                                                                  SHA512

                                                                                  0b992c022852a47a3ff904e6da69e4ac245dc3895c18314bc0a0439128d36a828fdc5d33941506ad9e094eb4b64d25185e45a863441c6d6a27eb98c2558a9f31

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  5fd9602da8a1e058395bbd73a5ea773e

                                                                                  SHA1

                                                                                  95cdd6e7ec9a455f4a5a2923dfc13277f995be50

                                                                                  SHA256

                                                                                  91a3472f3d5c40c460094e1311903707b502ac3711f0c3c8453121346beb2167

                                                                                  SHA512

                                                                                  bc0e888b2bff85a16bc1312d5cebbfe1a12526079bf514a0be605074d0c7255abbd1e2bbfbaf838b5d0a6f3f2eb8ee38f510761934706fb711975d05abff6a9a

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  14KB

                                                                                  MD5

                                                                                  15d0cb4367cba8fc029b845a25bb434a

                                                                                  SHA1

                                                                                  9c24ca4009c3e3fad98de04b0b9756df42e2d0ab

                                                                                  SHA256

                                                                                  1e0105ac3b4212193f43ad9e5a6ed35328859b9151072aa9ae96be5425a1ebff

                                                                                  SHA512

                                                                                  9c7f70b50ec21ad17756a62a5edc8e8b38ab5263244b6da39339f673593f80148fb4fce4960124773cbed95cf4b2d0e87835b5dd093fca0c1ff94c851606b7ce

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  7af583cf7b79e211c02edb58808d3c12

                                                                                  SHA1

                                                                                  eabe97cea71b3b9352a6dc0a842f4f80191d8030

                                                                                  SHA256

                                                                                  889715219678ea672804f89a8494ed31bd47ee99db594215563be268d1f9f267

                                                                                  SHA512

                                                                                  70da895abc38aa7f2b5d1710e1ec68af3bf660dd218ee969b61f42c345409b1203121548f049dff2ebdde990ac5d3be951bc98fff45f376abda70c4dc36d005f

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  baabfa74c93aed5717b476ad0fe4fb51

                                                                                  SHA1

                                                                                  cb2ef198df75119353bcea2113c7ddf27c2e13c7

                                                                                  SHA256

                                                                                  0fb8ba7fa81f93f0271429034c80c532dfe3a3b5bfa13b5455a0e17f956fc6c1

                                                                                  SHA512

                                                                                  8e97c813d9ef0223bc619a037cbab05a0c711c130d2b9dfd38247472c9ee25453ac3a09cfe6526a61d33e957e6660c4c6b8e589bb6084bd4c39fb997f87db2ba

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578146.TMP
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  5eff9152573a2764b45d7edff55ebff6

                                                                                  SHA1

                                                                                  57ec103809203d8f8543b448450f05dd83c3a882

                                                                                  SHA256

                                                                                  f45225849b703920f84e9a38909cc7515384bb3173410fb6341a12107d8a5196

                                                                                  SHA512

                                                                                  86811cfe77c3d15a5da0b249435abf619d86e58863dd850169910d5e4bbb680064ee3e9ef6c4a20b20ce99e959a8b4360ca5113e952f5c43053a372e897521e9

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                  SHA1

                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                  SHA256

                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                  SHA512

                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  11KB

                                                                                  MD5

                                                                                  b45b6e4c31da86a6e944681dc43ff560

                                                                                  SHA1

                                                                                  d092d18821eddedc6cb9717f8b5cb2bf174c806b

                                                                                  SHA256

                                                                                  b1e5d2a2abb26a9ba737bd9014aa7105cee86d43f22cc50a8006231fd2591010

                                                                                  SHA512

                                                                                  8e6120347520eeead8227cfed96240c1f1c5fe7f8df9342826fcb7e4f317cdc9e2d25a0723b73d7d241bac3bb37ca91579bf4f7b1486783e5233421eefdb454b

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  11KB

                                                                                  MD5

                                                                                  f5022c3411e153fd2e9ad5c8db93d722

                                                                                  SHA1

                                                                                  65d66ef25dab46ec7c72016f3f707a33c200b3f8

                                                                                  SHA256

                                                                                  d82125b6fe53ad9bef75163501a67d3b921a45cbaac56c749f2f657c5f594c13

                                                                                  SHA512

                                                                                  3d96963ef3f7a6cb69b9b08b1efa8eb10a1c90ee9782bc5ae99a8795586b40aa43be03a4b13b4429724a0a18d478ca3ad4c1404a5449bc6a2c448eb36a1c7410

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\C13AEGIS_1.78.zip
                                                                                  Filesize

                                                                                  23KB

                                                                                  MD5

                                                                                  40123b8a0f73fcb705517ba64d2d626a

                                                                                  SHA1

                                                                                  b57173e5addc5ac46711f0c01fb39b0b0eb15d09

                                                                                  SHA256

                                                                                  c1211d81cf6dd8b9e7f55e8d41e38484811523fdf429130ae2010638dc96b10b

                                                                                  SHA512

                                                                                  20433a2cbdbb33462a6f28b7822880f140ca510397616f9abb5b79953b4fa8c628485400435dbd877b128d9f6bb1847bd1121258799b4cd4748e8f52106059dd

                                                                                  Download Submit