hxxps://valkyrieofficial[.]vercel[.]app/

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16-09-2024 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://valkyrieofficial.vercel.app/

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
107	raw.githubusercontent.com
108	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{8EAF4F02-D18A-45C7-AB49-0F1FE8CB6F10}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
1432	msedge.exe
1432	msedge.exe
624	identity_helper.exe
624	identity_helper.exe
3600	msedge.exe
3600	msedge.exe
2236	msedge.exe
2236	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 2212	1432	msedge.exe	82
PID 1432 wrote to memory of 2212	1432	msedge.exe	82
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 1560	1432	msedge.exe	83
PID 1432 wrote to memory of 4284	1432	msedge.exe	84
PID 1432 wrote to memory of 4284	1432	msedge.exe	84
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85
PID 1432 wrote to memory of 4948	1432	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://valkyrieofficial.vercel.app/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe15eb46f8,0x7ffe15eb4708,0x7ffe15eb4718
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4478908926998045569,14365213198251022254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4420

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\readme.txt
1⤵
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e4b5eeedf83a70e601abc17acf16783c

SHA1
9b62817a5b00fadbcd8173043c1f3134d027f106

SHA256
0300f9cfc4275dc47ac9951cebcee51e9f7225d0de219a850f564ffb555f8159

SHA512
799e57cec90a261dea290d3f981f9bec0afb2bafa54044c682dc47bfb207820f86cd51287678e009c9eb9409ee512d36e8a875cc6e5cf916598fc652151ab5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
195838164a548adc8f21467e4f441f75

SHA1
8adaab7051dcebbfb2c714e136fef6b7893a83b9

SHA256
9c3ce91637d900a13e783896904588dbcad6e5b057b1827a10d13e175c542956

SHA512
25276b0dd6d5862add88b818c34021cd2594ffa4097fcbe6f8dc6d331cb9886c64f3fa610944ed17af5370636104a7e5ca581fe2fb92b9102aa7f1e81efd750a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17a2a25f0323693cd2a7e9e3d6fd2f6a

SHA1
e973f0e62b57ce0dd25ec94605a7bb3936c11e77

SHA256
92c964a97b0f7a48a368bc858e24d492293a4cb206748957c060d03df7a077af

SHA512
8d5139ebc0b866292c531a75bd3a24c0b4a329582e98da1928798ccb51554824732df765ddb40199965614d3f51caab898392e6391d931aefe4015e7058a3db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8a4ea9c9002414b0279ef1762d2a480

SHA1
3ddecc2e9ba9dc4e3d2e06e5c696b3653b48230f

SHA256
f07cb51ac09d6e33dd8dc10064fa8c602344837b109c19ef52b806b7e724e188

SHA512
96902326f3fb06cdad1af07f3da24286182c3a49374a615aad7fe63605658e819ad55960b7485aedbfcc1c175011d748fef3b0346377e400ecd767e2987ebf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
618ce730ca722f3f64ef975985b1ba3a

SHA1
25051b29ff36f5a7f9c0eb95a5bc7d526f9d4bc5

SHA256
f90e7d9498c8f77abd883f4724a742efb86434a0cbd3548066aabf2511325d89

SHA512
14418b4ec6b27197e6544e9fa5221c2f68af7f0427971759b37b38bb6434cc83ed24a7a36095540cfd2c533a62f1c99d3e597dc3ed2a2a0111365b5bc5c6729c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39fc434f7166a49a6a2469af3d34308f

SHA1
dd5a90417fdd02514c8b0c5dcbc0ebff52b5d410

SHA256
f4488a20a7b45b30a97e8dcb7f12e291add8539badeecdc96a9549a9da4a1378

SHA512
591b5c891e0d5bca8e6ef1220bc27c1a8266ed329fbb08d48c3fd580c17f049a664c45b698b58c8e540b1fbdd8adf698fa4f56b9368ba1c8707a5195826361d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
687a5a50bd9791568394065b59a9d688

SHA1
7f00570cae7ed0080519b79c0563be988cbf6e65

SHA256
9357dec69da36664f3c10b51c7d47215c8bc58fb988b9699307a6ea0e83acc43

SHA512
7f3962d2e35ce63384190d2dc89120832568ac415dc09912e53fe9621e435f4a9f98becedde49ce738eb2cde4fd0a48294042e948e82ed530363cbfa2c6887d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f90e4bc9bc5a32dce8293353c8ad2e8

SHA1
bdcab09c9f690cd3755bcd2994c2b8c41e317b66

SHA256
a5afef56d9a9b584719afb057f392f8514ac5050063a5d6ed8df1a8865ca1381

SHA512
8df678e53c01bb25389b17c5bdee9b3776bc5b01bf7908943bf28f47277746d1f0e5d1ce688062cfd6773910e49347d76ab5cd0532654256842399e2493218c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581122.TMP

Filesize
371B

MD5
e470c9040c1bd93680044c9c7965e8ac

SHA1
00a3cb44c4cc44e946f60ea13fbf10b277ba5e10

SHA256
cad151bfde61d483bd9274e969c5949be95a537465c32be9cf7e70f30160762d

SHA512
3fa3483735856874e7fdbcc04dc322d135fb052620e74110a23456f6bb63a98b33d589c236b37dc5fe1064e4bd75e294708c8a15e17eacf6bcf693743de230fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f354973c-d86e-4577-b403-c0419f931c6a.tmp

Filesize
5KB

MD5
f578370a67c2759d736c61e133514c23

SHA1
1e46b8696ebae28ef1ef53a224c89375b5435dac

SHA256
3f106bb7e57af1a7d82f3dcef951cb9e4dabbca71651602e9668bb0638689d5d

SHA512
0ca3925a40a9e805ab3cefc753801d3d58931a1c74c7b0f1cdac536f3a9b36870fb31a22afabcaa2f6ae535f0fee531d8dff907a1d8952c3a4697a2192bf4a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a3baaa1a48f5dc9c2f9a9a620d4e2ee0

SHA1
f33b3413f8a7e7911547a914a21be8ed75da1af5

SHA256
72b367e8469f04936a62ad882c825d19875987cc5c96fa6ddd270d00a584292e

SHA512
c4e5f15185a45778bdbc10c7b9460820d4bcdd648ec46477c59960cfd80a491ae614cf2b7c8d72f984c09b7892389e1d99863c33028911cf5816d4119bd5aec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4473a20de450112683c36697ea1566aa

SHA1
87d31ce42954d5e262f6d1f5f0db2ab4f468a52a

SHA256
6779ee37884af03ec9e1d19df70a39990544bf02ac3e9f59c85f25186395ba0c

SHA512
db3e59c83b6a0d172b9f2a5c60be9e478ff8072f06ec510d5ce9eb0547618f62f39f30d3e4bd5decf392262b373cdf208443baf83744606cacb86855690bdae5

Download Submit
C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip

Filesize
9.7MB

MD5
914fadaee197d1f71082a7bd95e042e6

SHA1
3356ffc83b5edb82940a04ce067d9e7ae7fd248c

SHA256
07bb2b15e3e6a2711ab2290c1f4a10f89ce193657e64f4e92190b7139ffec6ac

SHA512
b9aa1390283b3003b264531ed50edeeae1922f25dca5fce0bcbfd5b72815ef7040fa8c024276e234286b76f46a4c69292b45b8250679f686f329ed9edb042026

Download Submit