Malware Analysis Report

2025-01-19 00:42

Sample ID 241206-fse65s1qf1
Target https://sharedocumentfile.vercel.app/#[email protected]
Tags
discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://sharedocumentfile.vercel.app/#[email protected] was found to be: Known bad.

Malicious Activity Summary

discovery phishing

A potential corporate email address has been identified in the URL: [email protected]

Looks up external IP address via web service

Browser Information Discovery

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-06 05:07

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-06 05:07

Reported

2024-12-06 05:10

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sharedocumentfile.vercel.app/#[email protected]

Signatures

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ipinfo.io N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4604 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3228 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 1264 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 4060 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4604 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sharedocumentfile.vercel.app/#[email protected]

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad17946f8,0x7ffad1794708,0x7ffad1794718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4527170281343300629,10808799614292305445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3372 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 sharedocumentfile.vercel.app udp
US 64.29.17.1:443 sharedocumentfile.vercel.app tcp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 1.17.29.64.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 kit.fontawesome.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
GB 142.250.187.202:443 ajax.googleapis.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 logo.clearbit.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
FR 3.165.113.58:443 logo.clearbit.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 68.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 image.thum.io udp
US 34.200.110.203:443 image.thum.io tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
FR 3.164.163.127:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 223.26.21.104.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 203.110.200.34.in-addr.arpa udp
US 8.8.8.8:53 127.163.164.3.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 devtools.azureedge.net udp
US 13.107.246.64:443 devtools.azureedge.net tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.59.81:443 ipinfo.io tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 81.59.117.34.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp
N/A 127.0.0.1:9229 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_4604_YDQRCWFXIMEWIAZS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea4747e97b27f88e18461b2fe44f9003
SHA1 75059c89f71422e42131f192b1c2829bb51ea6bd
SHA256 c0ba9f2f73ab5f9bcb8469c5e3b7451f831b607b0855baaba9c6a9564a8d0676
SHA512 33c811cfe325982f3402f7c8f05415e8276885ee9f64a60ea3fec0ab836efefa5681d8f1bf29d2619e07ad02675660f7a6a24fc8bdd0db36cd9a7bbe3e52b9a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fe0b379f1fa5afadb98bb3cb6ca635bd
SHA1 04846845069275ffa746cfb7699dd1339f57b429
SHA256 e91d8a992225d7d14febfc543a5caa50bca41ca7db6ab6883e1c302ee1ae2cbe
SHA512 6ed4a534feea57ec57436c1e358d1ae3b01c1862adb6ffc343087539b7554eeb4bd8031b0cabb01baab86c901c3a235174f6566c37fb881fb17e0f57de996797

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53456741549facd2393947fcae9bcbac
SHA1 7a9d0e9b0542dd181e2b1f5662b2ef5960e92716
SHA256 38a8439a4acc799081b017ec802e0b7e47555b84f58e1f9bda94cf2a132fb556
SHA512 89554c421a73f7f8c786037a017b4259c5ec9a3284381b82337f1898e467ef137ce888dea04f94a7f13941cf92b47c16807b68db74e556c71ff17636429619bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 3fe7f2034bf1d2c9090e7a2a34ab5803
SHA1 92c6b8dc2ede3b0a0c969c36e1c659f82ea5c761
SHA256 89200a2c6e7cc2ec2cc9f53f6ca1d55d59efd3d4673780ebfd03a44e1ef3e403
SHA512 612f98fda52f790d9a5653f53a2832998295305e3fb27c9dec34f5aadcde8aed441d74b23d91d6dcf8234018260cc485ae4f08ad5f9002d2d3469e833cbfda9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 013b57dff13f809ba9be2bcc0398be2f
SHA1 86968313a1ba496a40c4cec9c327924d23806c2e
SHA256 1e5f5728edd2bc3e29b170cd383cf37487144582753c45fb8a6c4e764210b231
SHA512 ac471b0fd0163a6e1fb95d4f0cf22e767e6dcc7de63072ece7fed85ba0b5a88137a5d229ac7d7f79a80f918f33c4951733db76bfe2fa2d323d1a874789f5f71e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 32fa03a3c50f632a2ce5a05256214aa4
SHA1 b78fe084c80e84ba5176b1e544ec13e6ff6e0e01
SHA256 4e7efefdc3628c2a16aba2f99a3c58cae1fa7ae45f00d4708c7aada004cb7e19
SHA512 2b3e0d940dc1ed60686f6ec1ce4f21d13756f0f5bf8ea03ff5f67d8c41ba5a19a0dd3482719e24704000573f66d79d4103d33848d8f905eb4d7902d8b6670448

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f60af588bc84faef14175ce6103574f5
SHA1 9e7485e4eca4328bd1f8e9e589c2850ccdb2c91b
SHA256 1ed9beab873a216b9a051d5d10fa6d0ef2c0498a82bb404050c80692e31cf264
SHA512 762ee2120a2b7028c3ac4a705f0112fe9c6516e225e8213f596ba6f0bdfad99eb3e3e2469760fe16fcc87ddd5a229ec72341a8c71ee134fef71462b284acec07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581335.TMP

MD5 09795475369ca7b577d5d747b9ebd712
SHA1 5564aa483f4e8711bfa8ec2bb1b96b67133f53e6
SHA256 2d219e473600e515a0982cb71cf607e725f091b46608a1ded4cdef3058255459
SHA512 00d32125b4031ba6ba734f1e70ffcd1f8ee86dbf46faf78b6160eb09733d2a3e778c65165c6c678636edd7f215b644d5ef352bc0733072620f6d2572143d86c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e75745f81857eab8c077774d20319d7d
SHA1 134c805da07fe939601862b29862995cf5ab3d83
SHA256 d548b0523e1dfb31aba334c39618213d70958f741d406e3f07617fcd50d029c0
SHA512 962e2f013dcbcf5ac1002c132f821c0f63bcec67ad1b1fa253e7ca9aafa9b9d63ebbf63b2ab1a3e6f10378e9ed0d15aaf4ddd607cb5417e5025b312654775099

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ac938d7def66cd24224cc5fd206a3714
SHA1 cd460aa6a6d11e90fe47fceace5497f9812ed089
SHA256 95c2ff15ac8a0a9ff23ec200cb41c759f8ae7bc8b441a086ecc3f1115a61078b
SHA512 54d2729acddf4afaec3195220379dec033482922820340e2fbcd11b5a4eb0213170b39a4e05bc93b3e7f899cb1a65e7f3663abe5cb53f9a3cf4637815bac31d4