Analysis
-
max time kernel
117s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
20/02/2024, 19:15
General
-
Target
https://betterdiscord.app/theme/GGO%20Kirito#google_vignette
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
-
Suspicious use of FindShellTrayWindow 41 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://betterdiscord.app/theme/GGO%20Kirito#google_vignette1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9af4c46f8,0x7ff9af4c4708,0x7ff9af4c47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8508 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9048 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8750468219284062139,12388988687398071482,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2772 /prefetch:22⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\GGO_Kirito.theme.css1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\GGO_Kirito.theme.css1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5efc9c7501d0a6db520763baad1e05ce8
SHA160b5e190124b54ff7234bb2e36071d9c8db8545f
SHA2567af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d
-
Filesize
1KB
MD5d731fecb293f56dfdd7310e5bdcdc23e
SHA1b713134b35e22c24c3b818b26c55f6ee08291ff9
SHA256a0de2455b46ed31dc939378bf5c67c35ab362c4f25368df7f33878dc79d3b109
SHA512983a01a1fdf1c6a88c593757d0f6fa54ed15b8648355b93889c148121714162b0e7ff590f05e8431c60aad6a10fc1ae6cb3905042ac998c5477e745da90bbf28
-
Filesize
241KB
MD5bb21f0142660167a7221733e1d8c52a7
SHA19601d6b174ddec3a2d9226e35c3667b5f2384cdc
SHA25619ab2be029a03c15dfa56da1d466920d96d832ec989b447e0f44328496d2be22
SHA512910be468b61fe5303303be94831cb58e10896a1c0e408eb367a4e8ca01c0e6183c491c77c20aadf5a4fc90808de90ad70511ccb78a8ab8fcd501e37ac970d432
-
Filesize
233B
MD5b4018fe7c004de34540b69d54217a2aa
SHA1372feb89f05fec61a3f90ed8e673bbc9d3030d75
SHA256c926b7d3527169aff3cc584b43efee8ddd852950760f53ab432e4f88226ba59a
SHA5126e99e440382ac4d4fa66258923cb823c32f24a687dccab316277ff0922e4a46e07213387cf1453b79533d33249b44c34c1ad4355421927716c006f2cd74920ad
-
Filesize
39KB
MD5c5f158637254b037347587255b48406b
SHA1faaf2b253623ce6858d1d916568a6de10477f142
SHA25663d9b771baf44626f443169a08855171532c7b08be9e18af83f5739ed34c1083
SHA5123027c4c13241290ec0873b118c0dc6ce1769b0910fe41262a50de362dfed1e45d73e072dda5591a39981d30af1f1cfb8c1371ff1aa7b8e8ed7c5834b8f941955
-
Filesize
1KB
MD569f215cb7ce6911a15f2a418f9af5977
SHA1ca98824987725188c612cf1b240a6889318fad20
SHA25612db9fa9c33b3b423e09fc869d8348065018903ee7627d84f2e9d1e2fb6d51b2
SHA51284134bdd735cfe5dfadb0e37ede7eba237805e49b3a16b80628655b02821893cf37afc5f5fbe671b3dc7382980b78dbc0e4be53dbacd42b6fcfcdf64beb6629d
-
Filesize
1KB
MD5d13ec373a45cc27b68862822b9909cb4
SHA10d30242d5cc10757d5f8a6283457e93c5f012bcd
SHA2569ccd1c1a06b29d044d5e8af947cf0a35033fbb289b4fca28e5d58dc3691a55a3
SHA51249e538bd857174e006ce778fd1268f55604faf6474c52789ed367abed11eabbba29e43c399d9d3abd61d2cb8afa5dfd80f711b7cb76ccbc363f3c2d0beed4fba
-
Filesize
1KB
MD589ed6ff21960a64bd42887f1a911362d
SHA140683c81d3e034a890c8b92e320d5c4fd78d547a
SHA25665fce1b9407596c211311225a74a00efc2cd1ac81fdb8456285b0380105f2542
SHA512e00904be927dac02391cb4cf07d5aff9411d7f9b1d757b4ceb2e98709e1a39091d3196c8b9ac90a85f2626fd45267b1a2fb458df15b69f26467c4bf354df00c8
-
Filesize
11KB
MD54971c6fa26f545df341f247c5af2b469
SHA130ced8e142adda0514d7ff1083183337b071508d
SHA2562068f06b5efedec5f9c2ecf362d6ef2f230ad67ee7e9f3d75d30a88aa88dc2e1
SHA512bc267e65612974ff8a6cca1218557d8e72857a6da915736f24505810623810e17bf02970e8f8372c0cc3f94207146dc9cb1c2214a4365da7eb040463b9a9fd35
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
12KB
MD55a4cb8cc6287335b87a0990868899a51
SHA165b815d15426610a68a25109af31ee11b0add9a0
SHA2567b4fce9c534455ec25ed171d6018c7136c8026f77dad2ca7220c3f562f6eafd5
SHA5122c7b70f0e7aef1378181f0c6dd4dc4aaadce7224ae7c3ec7f5955a99e8c6585b3475d7c3ab5aa0b587ece25d1c1049764eec46179c22b50d4968131badecffa7
-
Filesize
5KB
MD599b3137daf4949cfdc50cc40f9e6cbf5
SHA1f34c6fe7ed44e701ebe7de7d0093b79c601bb147
SHA2566b1cb4da5fb9c9429e4d4f9caeec4d2ef5f76fe60dd124b6cd6bff6cc6d14de0
SHA5127ad32b1b6fb01f17b639be76c7229e89324e0e2f53be0e22282b8d45d390ccbfc848d526c229d79d2772e86dff6d2820c2394c6b0219f4bdee2d9f25fbd2440b
-
Filesize
6KB
MD5b17fb3b9bf3dab15df4db87853b6eb1d
SHA12e56ff4c133a17d52ec0119d5478a130933a333d
SHA2564a081c8f53004fe2e01a20cfe811327f5c24083e8aaceeff73f894d16cc43d6a
SHA512f47db166021f717057fad8ddbd2763b6ac9de7b2ed391bd69bdaf934ed92c9b63937a478b133e48ff4f978815743c522b7b4244e94f2862acce6bd44c69fa054
-
Filesize
7KB
MD5601a81f5a0c77dbcba96625c2f902651
SHA105ba85b849fb6f06c2ca24233bb9427066fae5f8
SHA256df759b85b13bc3434438bd5647edbca12c8e182e4ffe2441a0c961f80a4b1da5
SHA5124ea64769358a469297f5b4a7cc850d87ed80bc0809b087dd5be5ef14034ac8a92fbef149d36be4ef203b91dc4b43223838afe61bb11dacef5ae2b69712cc210b
-
Filesize
12KB
MD56ae8396e30d96a81f85a97f897e21338
SHA1730ae8ec140244c9a96dccb3b4765e2d2fad7b53
SHA256d72f81e8f2f0ba8dc4a4204f1d9309631ce5a7113c0380e2ef6266c02fb608f6
SHA512d92bc1942cf53c304abf6698390181fc8a444824b6a7a1ef19b2172c4df8ad1528ea9993d23005ef9f35dd08788a5ba78813b2a70bd85f5dcce5b755799f0430
-
Filesize
24KB
MD5121510c1483c9de9fdb590c20526ec0a
SHA196443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81
-
Filesize
3KB
MD538a9ab7fdd9289357ecea2e6240cf610
SHA16b6cd8001fcb9e92757a456e6b3c58f473e90fdb
SHA256b98f7f0e2a5e92c3576879d3888e4b95961d2016711ecaa222346e8c88b07b29
SHA51298e474fac21d0b223b0d180eed17c39143a86db6034f88a98599738955e9eabf05be8ec33941f4463f80d7d1c2c5113574506cace3d224dd8faef56257d15a13
-
Filesize
3KB
MD509c2c9b12d3b0c90033df9efe08c3caf
SHA10f2d96b1be0c6c9fc56c2fb4a06227ce8d985493
SHA25667067a0a4694dc9e915899ab97a3385c840d07cd4af9199224f584bdadf2d403
SHA512cfc2077c6279fe5fe608972183cf87d4f8f8c292eaa726a40f8a3b5b142229213223f2cfb52c140ea47a180448eb8f30b91e8107b19214dcd492e69b4bfa55e4
-
Filesize
2KB
MD5483c2265519f8446a55a8543d55e677f
SHA1647f0d368f4b57803d79d4c7a6ba63a12078372a
SHA25658144d134674355100663ee3856bbc28b4ea13bfcefd4637710a2c0ffbb483cc
SHA51234483bdd9d0ea4c23136de941b47e8b14893812535d2ef6f7ca9fec45bec4a1ee488439264ea0da414d31987820e3777bdb22f5b43645f7fd1751179ff3a9360
-
Filesize
3KB
MD5a1269819aa0fb066538ea6f50bee0c1e
SHA1904da5f8532b8dea3f82e2a5a56389cc183c9ad1
SHA25691f052373bba0ed4d92c4e0196f1c8a4f6541172fccd959c3db20ba7d4129f3c
SHA51240dbe5e4b2e4626dec8f28d6a38f4f421cac9ae6979c3f6cad62e941bb5824a00b4f8eebc880fc2ac1efa8bd7e9df69ac39af6326193ffb40a4f6b7999099b51
-
Filesize
1KB
MD5aa01a196d5b4e74b490ed3960ca8edf7
SHA1bae9d66d04946f532ccfcd4fe0743fafac5c4b71
SHA256708e1d661847bd7894717d11d045c55db905c2cde1369964f63c8234df7ac87c
SHA5128b0b51f4f119cef80bf5540aff88933f4e76afb5dabd9544d64341af7feba9198962f5e0d7fc908a7f206c58f8c36dab5050c4bc1ff2b1174fd59407c1ed08b0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d3b190bd75535010c3d5e7501d58bb92
SHA169b14f98feac45fc968dc18142af101290a0cc93
SHA256ca54c7d869b24804ef82abfbb8e43a4deb01032ed906f288b3e977a48fff91a8
SHA512ff059752d2b76c0a345b2ec918b504c42a0794962fbd8f62280b64b15b1a4ae325b069fc0a3d5cd530d37d04b779806184cbc85245053983a99c7e2bd378e0ba
-
Filesize
10KB
MD5f05381165d7eedab73c4ad64ceb9c664
SHA1efa7002851ed9e4efca8c32360980e83a2d1d16b
SHA2562e0cfb4c3d358897c7caf27cd80d0b00412e2646153f7595d876423c45a426ae
SHA512d0f0df175fbb0e2a35e6a373e036e34149663e258abb75dde3a92214fcdf332bea0b25911c09a2f27686627b2ecf4a79f96ae4134fda5d75f2b25e43398316a6
-
Filesize
10KB
MD5b0d8b179d4d056b15e7654357cede090
SHA1240dd0bf5427dc8001c84124fed902ac62a1865b
SHA25611bc1b44ba47583acb1693c44441460fa6dcaeb88a36404eed26f531eb553a0e
SHA512f370bd566687e20f884ee81f5f81ec350f4c71d161368095900526c4aed4690762c5140b3d96254e6efd9bb07eb61242eb3269267ad0e9b80bb83ba0b29b7998
-
Filesize
10KB
MD5743d616606d328b5082aa150d55dc5eb
SHA1c92714d871f01f794ae2df6879e8fe73a5865706
SHA25696ed29f7ba3f7441fc4e8c247f063e68653c6b82b3503f461dcbc8df94b7eb3e
SHA512b1e607e267eb234b306da173a768fd4f591061c460d0f09a0ccf31f3bff4920e785416648f57cb812d0265bae356bff667dc6c573778f7d244ff483dfa2914db
-
Filesize
1KB
MD526834d3900fb08d9c34e950755e05d1b
SHA1a223166b846dc6ac49b8aa14ab32339794a7bd78
SHA256812fe4db1f5c9e3e60b3a0b518d030bdfada817a8d75277afd71ce451714a804
SHA5120fe13a36289cf3c018db3538bf9cf03f456b68010bb5eb9e8352cc50a38c129f7c7a9657fda904d98ab267cdce24ffce95ece1bb3fe0f16d9218d3f9dc0d071d