hxxps://lorvu[.]com/

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://lorvu.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-857544305-989156968-2929034274-1000\{B9F1CD34-D3F9-4E41-81D3-577D12AB1ABC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
792	msedge.exe
792	msedge.exe
3496	msedge.exe
3496	msedge.exe
820	identity_helper.exe
820	identity_helper.exe
3708	msedge.exe
3708	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe
5060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 1832	3496	msedge.exe	84
PID 3496 wrote to memory of 1832	3496	msedge.exe	84
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 3140	3496	msedge.exe	85
PID 3496 wrote to memory of 792	3496	msedge.exe	86
PID 3496 wrote to memory of 792	3496	msedge.exe	86
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87
PID 3496 wrote to memory of 2340	3496	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lorvu.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9cdbb46f8,0x7ff9cdbb4708,0x7ff9cdbb4718
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16757631923858604715,16858241854289122129,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6352 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8d8ccfa6a8b1b15db876b848b8fdc102

SHA1
dc7d92c35e9c84d8d78ac0aedc926214cee68135

SHA256
b48f98046030e23b843422251481c3f19cfa0cf71fb36a8ff89dfcb152761f86

SHA512
6ae61b6cf236082b9930686ad2650c3ce3fa337550363e0858062dbb399093b0ac6bbca3d4c40101e222ce764fa4fb704bfc591e6d5b0a6c165f170cd6c9d5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e22c2898ac78c14a840076a8446b9d

SHA1
ff5b7cca3ff2c4e77e6330e2c5e2b62bb56e9fe6

SHA256
a5e570fc8d3a52027db48adf1301fe8dffc500a4bef04d0d6bff15fff78ade8d

SHA512
19381615be8f53ccae56a21c29c314c3247ac78fd3cf838f52ca98757b54f945f0d178cfb44ea5ad42fc68b3d3e6e7ce4e4f40eb69f791fa5132f591c62388e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
4d6e25c9a33614c145b379cd58008719

SHA1
b1c33c4660bdad409a8ac4709ed35483be6021b3

SHA256
e107e0004fdab04ec911aae7b0bfa9af975975eb40814ddfb06679ee5a3858e1

SHA512
c71443a4cc39d29df567d8ef6a739ce1bdc1aea88a3cd8ca25d3f466a052db2c982b879b7630e84aca2edc455d81149deed36feebae73a61df8e2a1dcbfff9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
72eecd5906fb8619e30a3c82906c0348

SHA1
c69285272aa67a03039cf5a3edd2af2108a5bc8a

SHA256
552ee9a8fb089ef1dbdd2b0c997304e9bf635ff85c0d3113d73b7f414f188cec

SHA512
9a456ca3461b2445b07d15db6b76057d200c816d6b6ca1e2b3ee0fa55a232024ece243f981ecf0766ad75ce2ff61177b993f8a8c87d3e28206ea89cb9b2855b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
9e2b50d433fc1845b0789bb2c78c9474

SHA1
0286329c717f52352172f1d64624dcdc3efe7ac8

SHA256
5c55eacb98bc83df062c5da70437c006b8c53d1ef4ab1a976577da71b9a81730

SHA512
c49f179ac1f0301a43a09661c890b23947e8e25f0a3d6a7191ed464478e5978463c3bafee545fa22eff686ab5c8bcc94189d33ea66c8934224feaeaaba7fac29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_freedatingero.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
17aefac2838bf1384429bbc9adf06d88

SHA1
ec2f3d332f20f14cc18b7f99775619420cd4e2f1

SHA256
c68036d3ac3753c17b6f660c9094a65250f25dee027bc4ef01cfe8f64b192f9c

SHA512
100584e2af4fdfa89985fa50b0bc40b021f87291f9f1f2f83d83784d6ff75ebf69a9018edd0fbf0173d61b28f06585f92f208c631e221462c6d08b600fd02fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
349fbd3cc900bab91a1363932e19a0f4

SHA1
e96d2455d8ee80a7a6854c173547100564cf17dc

SHA256
ecd1271cc54722d9466b4c173aba7b969638449927e95ea676c8621a612aebad

SHA512
68f906b672b43a354b775f1639cbdbbbe65b02646caddc89daddb2a6d2cb7d8c772182b5b36cbb1cb78f06b13cf2acaefb9bd9fc4ec1f4783daba5deaf35e11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33ac4679b36c9b3740fe1906063c5a67

SHA1
24e1c0b8c1f17070705810fc53fd09d3df931e81

SHA256
e958526ebea60722f22a3879d71ce5e21267725e19446ddb480d07b2d4365888

SHA512
04c7220ffbe31443cd16d69b1a770e02af82807a80a81209db4b0aa2f269d26d24e8b17886824171ee219078d6a266d2520662f93e3cf357bb68e927a89451fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a1902b03cbae8b1d150e23ff5fb065c8

SHA1
c70ac57e60fd08a41fbbb68703719187876097c4

SHA256
2e8260896cbb342cd4b64d379f69dde7922e864e08295ffc8a61770958f4ec0c

SHA512
0e9a3b147f090ab9f044fbed02cb8f15104de3d35505d481589d26d9b4c4167f9555d685b71775624b53e4bc09d81313130720da99b6fcf75f706f760af29506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fbca540e28d59cfb3d465a4b3a78c2d2

SHA1
0353de1dda2b9bac1e89d2f3b2ccd74c89e26558

SHA256
f394a3c5bd5ccf609bf08a7ef5885f116b82c58c23c92ecf31906efb8e6cc29c

SHA512
168fda95eabf904794b211a52ee9802e12de18d0ecb8a6f99e5acb85d5a98fbeba75e1426bf749e6f77c58be17620376087e949097e159b9c58edb21a637ffc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b5b4e6cc12a304d236b841a52f41ff58

SHA1
966b9fb5e3ec21009facc206494626adecaadfbd

SHA256
e1c727e91d8cde365492fe1fc8bf3bfe0a0ee188104375b77f1516562a8d4238

SHA512
7432b9ee7c877674fc7ba93f809413022b716066a02415a1978d174dd2f195a80939caf63decdfdaf7d09f80e86e0f2380dbce67de251afabf1e2983691bdb04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
dada84e3d6372ded54495b7f7bfe1983

SHA1
e00bd7eed9b285217f24390bcf69b8d6e756a92f

SHA256
3c0079bffe0fe9dfe7520a8d3e1acd7c768b7d755e8602b923870313e8e2789a

SHA512
9ea691acdfe538496b32c5c90d52a6bc22f78e1f14ec0bb769f0e8a1c9177aa7a8a9b03edc8d6866f5f7a3306049d9b8de5440f0dcceff284145a096f72b844b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587450.TMP

Filesize
48B

MD5
d7bf3e8043511bfdcbce2c0f0ccc0f5c

SHA1
d34e554bcbfad47b04f9cccd655f32017220d836

SHA256
406936816ab33b6bf50655d8f3440d5885702c1f21c22a9852eb2683183476c5

SHA512
41e7308471e2752b0c40d69c37ba0007942a56ef3a07ee7e014d0beba6dd5c8d8f8f02b733a787a03af76095caf3e43cebaf2e0a45abe7d66c4fa77e042b385e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f17635518a7b11e8fad13c74c69bb424

SHA1
072f994f164fe16f5350450496937eec66843933

SHA256
691d9f0e6d4c4d045f8d0c7105cefd3a02199e02bee5810372dbe6186c3adb52

SHA512
c0cd4c20180c2eb8ce3895a78869f27bc514fb3cb22b0eee3d09795fd97c6c75ea0cddea96ae8ee406f229318cab982f830157ea61f7e80386ad36428e3dca6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08a8fb5cd52b32a64270f3d3273dc9d0

SHA1
f87ecb0fb06dbf6751efaa9da13feb3b6a92cd8e

SHA256
c2ed4ec90b1d829620f11fb4a191e695886562ecb74cd01b5d91aea1f34987be

SHA512
69dc6606553f48c7a044c917174cf5f452f30d20df0457067295e02e8b58cfa031ef34993ee4c4c1d8c81ad33b5556e173692b52910ece3fdddb4a68280af26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
958e124d3b3cd3d45565c8e5abe9a7fa

SHA1
51ec9257966dbd31f6b6e12d59c525c6da123e67

SHA256
98ceff288d3d91918fa2ead35bf7ccdb38f5fab42e1b44f56fc608bcb24cc797

SHA512
43cf9da95b5f5aa5f5e558c5232ad44772ff337c32f3c3cd93b7934e1ca8d6941a543d6aebcaa589d7711bdcbcde22d5b42bb65b1f3ca5d6f5275c65b55e1ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e3fbcb76e56fa31831441d11e51f8ef

SHA1
f200e1f546ce91082ffb796abec37f78d2327b75

SHA256
2fca1cd50e176a94cd36a3084d0a4ad3c9cf6f7eea5f9f1086e9d52ae6a1b9fd

SHA512
d0ce38e7abe02441e26bb2ec6c1b38c662a62eb0a4f0c2cb0cd7dad8e01033465b37eba7d87b976bef241a41dff21bb5cb4b2b45c0ec96471425814773bb7a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b244c84a4c0c95d21fb793261c97da3c

SHA1
29f197e4bad2131b691e908822864f52de8dc85f

SHA256
b504c78ca42e3a74e26e428e7cab72b80b1401d698b888a336fa630632164fea

SHA512
000f764b3154700671ed89c69a6315e3453a41ecfece47fe00399f517255696f776c0bb448534c7753bd94bd3c2f885d37bbc8bf23731ac1c6cb95717860e143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
289b71824f193b4a0a665b02e3e12f67

SHA1
7d9d91abcdc474f67fc0618279490790f19e6ff2

SHA256
86e3103a9495d16d559c538b633f54476f08f7605075f83b91619d510bae3139

SHA512
636126e27adf72d942bcc7520cf1ddb65aa32c76342b2b0f87eeac51a64a56ea4c644d3a63a88dcbafcf78b2369dee51fe58aebd96e6dac7d636d3a0544ee2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
55c2b7048c6265eaead178b4a0c4ef4e

SHA1
569bf76cba9afdad325a6da2d5066d47889d1289

SHA256
eb1a96a25b45c5ea9993ec2aa912785387bf39fc3a9bbb1ce9825d4d364e05fc

SHA512
a077408417e4b857f5887d877ff0792e0d9453971f7456699a071c0e4bda6182e58d54b3d96c12724d137293d25b4339b42a6b6e4926ad9d64c03b3b3b6ee067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
455364b688d17382fe963df74330ba9f

SHA1
c75d1413b4fa117a8aaefda2436071b4f4a7d0c8

SHA256
8bc7f93e200eeb3fe4dbb3f4e55cd1cfdeea5cfcdf1c611699ea5f81ea1b3a90

SHA512
609327205382924a335ce4f0315201c4b70dda2e16b58d3c5a0ec060a12d495ac586870dcb62c3b55a88031ca29a27a94f53844ffb7112a39f8adbb865166dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1cc4ff1de965fd34ebbbd3555ef06476

SHA1
9c1141d57c499dafc4f101a94e54cffd9495e0a1

SHA256
462265fc2fe78ba84a8e79e10472e3bd88d749a07e71353af79de90237a24796

SHA512
a4c77ab4bae3fb721b87c93ef915dabf060f8c1f040434218d9c9bebce9c1b8fcad4f174cae676e66263ce4cdcb04e540bfc94a9d3b95df42c20ede343bf9b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582035.TMP

Filesize
1KB

MD5
4640ef3d5c5c86cd09fe639778b865b3

SHA1
92d058ce55f9324bcc5be953a6f889ce7c878f4f

SHA256
81af27d2b2e2c6ebedc45bc1112001d7144f1f271e709f8b854d0e501f4d9d57

SHA512
a6c2837286bef4ef3307f0215a435abbe09780db5c77b307b63eed73487fc9a3e555e001d4a5f0a9a55c646d0eeae393236cbc8bdefd32fe220cb53f21a21b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
367d4aabd7cd4173b92584c2165a7bac

SHA1
76f869e262c8e962a7fdf362ebea964ad00767af

SHA256
82c05996193c1eaa3f911b039640ce291883e943815a8c0841fcad4f65f7465d

SHA512
f6ccedc4263a2dd8866c70340d66f1c260d50c69abf4ccd8ce5d246ba4f9317e872f0ffd2538da10daf4bbf2c27e58e74a1976de2ec0b23e16dc1dde03a070fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit