hxxps://cdn[.]discordapp[.]com/attachments/1133375959530229840/1243283053036441720/ken_n_lone_4[.]29_5_100_shots_v2[.]mp3?ex=6650e912&is=664f9792&hm=232b25847420366e6dbb58e7bdb65c3f05c9e032aa9ac1f0d8c8beabc8adc7d6&

Analysis

max time kernel
68s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1133375959530229840/1243283053036441720/ken_n_lone_4.29_5_100_shots_v2.mp3?ex=6650e912&is=664f9792&hm=232b25847420366e6dbb58e7bdb65c3f05c9e032aa9ac1f0d8c8beabc8adc7d6&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4836	vlc.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1700	msedge.exe
1700	msedge.exe
2400	msedge.exe
2400	msedge.exe
3704	identity_helper.exe
3704	identity_helper.exe
3156	msedge.exe
3156	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4836	vlc.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	860	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	860	AUDIODG.EXE
Token: 33	4836	vlc.exe
Token: SeIncBasePriorityPrivilege	4836	vlc.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
2400	msedge.exe
4836	vlc.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of SendNotifyMessage 37 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
4836	vlc.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4836	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 3032	2400	msedge.exe	84
PID 2400 wrote to memory of 3032	2400	msedge.exe	84
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1568	2400	msedge.exe	85
PID 2400 wrote to memory of 1700	2400	msedge.exe	86
PID 2400 wrote to memory of 1700	2400	msedge.exe	86
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87
PID 2400 wrote to memory of 1736	2400	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1133375959530229840/1243283053036441720/ken_n_lone_4.29_5_100_shots_v2.mp3?ex=6650e912&is=664f9792&hm=232b25847420366e6dbb58e7bdb65c3f05c9e032aa9ac1f0d8c8beabc8adc7d6&
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0f1e46f8,0x7ffa0f1e4708,0x7ffa0f1e4718
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3156
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ken_n_lone_4.29_5_100_shots_v2.mp3"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4836
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ken_n_lone_4.29_5_100_shots_v2.mp3"
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6552 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10354385946159440920,12787236296274865276,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:1060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f48c7cb883fcbac978e294adbdbfc329

SHA1
75226ba9167f424106ce8e69cee889ca6bbf8bee

SHA256
d61c7503b82b6dadea09a4d5ab9a60fc30dab45a1061a1ae98d8936da92480ea

SHA512
da3ff9882ce8bdec4d5fff7bda1dbade5c822470d862aebb376603b9a63fbf7b455eaf935c5e2188a8fcb86e608c7019cbb81d91318ab4bc0a2c4444b8f02f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b45634c8f9685862741bc8002ab9c85

SHA1
1664fdae69cd60f72212ffda77f1038e6967b450

SHA256
d826de51456678adb14dc8809b85230ac708b7ad03e5cc3e180ad1ec160e4f71

SHA512
d4dd0362d51fd177aad95e9850adc790b10cf8f1b430e5e9bd84b0a51f40c23f09c603ea8b689c5a843051fb7035708815623f4394ba918a7dcbaa8ff9f04632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e8d4ab721672f4f4201469d4348b267

SHA1
e20dc57e573de504b77044f7a3c54735ade469be

SHA256
9d82e5907d46a0442840ddd1192d58a5b467b124c8d5407913b72bb44495789a

SHA512
a7ec2b610b4006c5633476916909be22599e99ec63918d2e9e2fdcdb79b211f95c83dfad14e78bdf4eef6243a10bb7e2a5ff8052f1ff1e84ac6720df8f14e2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa5675da70937361ab9022665d15da76

SHA1
12d3021aee303cbae1ccbd0e8fc5ba5ed40d293b

SHA256
2a49740da45a59c84b85a044d7c8afb94a6b4447262b5dd7ad1016dbd94945be

SHA512
9d827ea82332c9a82bfef2a18ecb9def1195156b79bd13f2c008c95553130f0201acf14dc16287472d7c8f35db75e829ed41890c2e266a35a5691e41884b1100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a04237b8f652e80aff60910537f39071

SHA1
b0e4c675dcd6bfc5b0fe21183a416f53e18fa45e

SHA256
0a89c803792d7f1154c058eaf1df43a324e0c07f090cbe3d8f18258c81f334c3

SHA512
f82ab896eff4e68e5538a36cecf92c52241612fc98f304f708e784f2bfd042cd0cf35be369dcaebef14503acd65fc967aef7ba3e17f4a574795faeaa922ffa6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
1e59bf7697d2f8ecf06bf9b1fbcdf4a4

SHA1
cc04b0ede76b1139e1ed429a221e4ca9afeee8dd

SHA256
e6294f95003f2f2f4dd4e6c3a000ebbf5c45ce31cfc7bba840a4da3380dc343c

SHA512
5dc692fcebda065e6b9e836e9162e2816c9eb2dab1c2a518e65e75bcc5c14ce324d43ad4bcd8b95492d26bd76a75d06892cfb46954f54d442204d98c75697aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
37f458f04138c85cae08add4c11ca306

SHA1
3a1e15d2294aea8e9972849173ff0094f471c8e9

SHA256
9cc94f18e56b9f7a2c91154f9c11b9e743a4b27ea0604cfe0f0fc9e1996d78c8

SHA512
fb39c227efaf0e40a98d357597926743dae37593eb9ddca0fe7cc1ac7fd557a56c889c3af0eb329757746e9e8567352d415021809a0f0ca820df1e76b8117bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
84e0e2d999f540901232a2e5e5fd3b46

SHA1
872ae1a7e2216ae340262233e9c30bdb8f5950a0

SHA256
6178073c3e25b528ea6f83e28d0db6e69991c1dcaa2acbd357c277b0509250ae

SHA512
d72ae4dcef67cb425cbd60f1cd3e3a01e6b19d62feebedd7098ccdf9efb18e0fbad607e131dba0af0cd5348910a63ab6ae9fd907346478f654cf3217e3b06201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2b0baff8420313a9b048d09a5f43be63

SHA1
a60991fba5cde810372d0df396972ddee17437d5

SHA256
ed4bb75deacc0beeefc22ed4d952f4c4fe1c7e01a2f5c0fce86034001a6df561

SHA512
cbe4178cd73a95d4ee476c44b7d6c2d7387ae72e8398c295923e1b1390e31cbc51c35b780e8c01334ef21bea2d241f6b55ba8641efb4dcffd4ce3390ca397ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585ba8.TMP

Filesize
48B

MD5
1bb1098e7efcc76071b9fbdd8629377b

SHA1
af0a05069c5085e55dd8fdf59ad3c5040d3945b7

SHA256
6e6ead9341fd8deb5eef01a3bc64c8fb2e7fc682cc39b0fd275213fefa002681

SHA512
5ed1caea76fea9ff93135fdc786a43c8f9ea945bbd591144f5b766027aa015bce070995bbeeb9c58ae33178d4af6d6063e6968daba2f5d12bab187fcab8abf06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0cf6e250796e38b4175452fae0ecff8e

SHA1
b5ca617490156ffd0738d5d3439fc4989d433dc4

SHA256
f51bf0e456920e44a972dd58c711d8c3d18259adfb36f7ffb0df2d88db56c659

SHA512
a5762b53763d42dd9144b6ab5e332e677ae22b4e0082dca5951a4eb8e48d8772283ca92a1da9d66035af401ba32c182b29a167872e9ff772e5d4864bd0993bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c2f54102b8d7eb64333102ed23def61

SHA1
571f689bb47ca7365fb5f10f76a7ec7f413d8445

SHA256
e4b6ed5d0c9895ba807c55b5326f82016f56237b643c6e6da540a64fa92dcd5e

SHA512
00adff544c531331b00c8bbac43f805805a517e901d037fc9eb7e0fb00da2d9f5f899e2408b022186bb68e1c539a5691f1d7a747083ae3831d67bf0898780ccb

Download Submit
C:\Users\Admin\Downloads\ken_n_lone_4.29_5_100_shots_v2.mp3

Filesize
9.3MB

MD5
8a11037753099a90538da461826a42b7

SHA1
e08c5025b384b8169dd7e39acb6cc29f24b11dc5

SHA256
d0a648a1d1371a37ec6952d1f3f590dfd5ea5a6b7def2c5a73f4d8505b61e923

SHA512
4f75464f8b27dbd495b152d1f5db3fcd34d7c22a8e792e2a0839516434810d6e31ce26ac95360d9a0e0aa6b1cfc0e53e3241bff5f34c2b15ae756ac40cf110b8

Download Submit
memory/1504-55-0x00007FF9FC830000-0x00007FF9FC848000-memory.dmp

Filesize
96KB

Download
memory/1504-56-0x00007FF9FC810000-0x00007FF9FC827000-memory.dmp

Filesize
92KB

Download
memory/1504-57-0x00007FF9FC7F0000-0x00007FF9FC801000-memory.dmp

Filesize
68KB

Download
memory/1504-54-0x00007FF9FC850000-0x00007FF9FCB06000-memory.dmp

Filesize
2.7MB

Download
memory/1504-52-0x00007FF635600000-0x00007FF6356F8000-memory.dmp

Filesize
992KB

Download
memory/1504-53-0x00007FF9FD210000-0x00007FF9FD244000-memory.dmp

Filesize
208KB

Download
memory/4836-79-0x00007FF635600000-0x00007FF6356F8000-memory.dmp

Filesize
992KB

Download
memory/4836-100-0x00007FF9FAB00000-0x00007FF9FAB17000-memory.dmp

Filesize
92KB

Download
memory/4836-99-0x0000012E75710000-0x0000012E75752000-memory.dmp

Filesize
264KB

Download
memory/4836-98-0x0000012E756B0000-0x0000012E756C6000-memory.dmp

Filesize
88KB

Download
memory/4836-97-0x0000012E75680000-0x0000012E756A4000-memory.dmp

Filesize
144KB

Download
memory/4836-90-0x00007FF9FB4B0000-0x00007FF9FC560000-memory.dmp

Filesize
16.7MB

Download
memory/4836-96-0x00007FF9FB3B0000-0x00007FF9FB3C1000-memory.dmp

Filesize
68KB

Download
memory/4836-95-0x00007FF9FB3D0000-0x00007FF9FB3E1000-memory.dmp

Filesize
68KB

Download
memory/4836-94-0x00007FF9FB3F0000-0x00007FF9FB401000-memory.dmp

Filesize
68KB

Download
memory/4836-93-0x00007FF9FB410000-0x00007FF9FB428000-memory.dmp

Filesize
96KB

Download
memory/4836-92-0x00007FF9FB430000-0x00007FF9FB451000-memory.dmp

Filesize
132KB

Download
memory/4836-91-0x00007FF9FB460000-0x00007FF9FB4A1000-memory.dmp

Filesize
260KB

Download
memory/4836-121-0x00007FF9FB4B0000-0x00007FF9FC560000-memory.dmp

Filesize
16.7MB

Download
memory/4836-80-0x00007FF9FD210000-0x00007FF9FD244000-memory.dmp

Filesize
208KB

Download
memory/4836-152-0x00007FF9FC850000-0x00007FF9FCB06000-memory.dmp

Filesize
2.7MB

Download
memory/4836-83-0x00007FF9FC810000-0x00007FF9FC827000-memory.dmp

Filesize
92KB

Download
memory/4836-84-0x00007FF9FC7F0000-0x00007FF9FC801000-memory.dmp

Filesize
68KB

Download
memory/4836-85-0x00007FF9FC7D0000-0x00007FF9FC7E7000-memory.dmp

Filesize
92KB

Download
memory/4836-86-0x00007FF9FC7B0000-0x00007FF9FC7C1000-memory.dmp

Filesize
68KB

Download
memory/4836-89-0x00007FF9FC560000-0x00007FF9FC76B000-memory.dmp

Filesize
2.0MB

Download
memory/4836-87-0x00007FF9FC790000-0x00007FF9FC7AD000-memory.dmp

Filesize
116KB

Download
memory/4836-81-0x00007FF9FC850000-0x00007FF9FCB06000-memory.dmp

Filesize
2.7MB

Download
memory/4836-88-0x00007FF9FC770000-0x00007FF9FC781000-memory.dmp

Filesize
68KB

Download
memory/4836-82-0x00007FF9FC830000-0x00007FF9FC848000-memory.dmp

Filesize
96KB

Download