Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://dialpad.com/?utm/source=product/dp&utm/medium=email&utm/term=footer-dialpad-link&utm/campaign=dp-product-emails was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 07:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 07:44
Reported
2024-05-29 07:47
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
150s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dialpad.com/?utm/source=product/dp&utm/medium=email&utm/term=footer-dialpad-link&utm/campaign=dp-product-emails
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa12ce46f8,0x7ffa12ce4708,0x7ffa12ce4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9688619309379629668,5262747592976044878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dialpad.com | udp |
| US | 170.10.222.20:443 | dialpad.com | tcp |
| US | 8.8.8.8:53 | www.dialpad.com | udp |
| US | 104.18.32.54:443 | www.dialpad.com | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.222.10.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.speedcurve.com | udp |
| US | 151.101.2.217:443 | cdn.speedcurve.com | tcp |
| US | 8.8.8.8:53 | 54.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.segment.com | udp |
| US | 8.8.8.8:53 | edge.fullstory.com | udp |
| FR | 18.244.28.10:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| FR | 172.217.18.219:443 | storage.googleapis.com | tcp |
| US | 35.201.112.186:443 | edge.fullstory.com | tcp |
| FR | 99.86.90.76:443 | cdn.segment.com | tcp |
| US | 8.8.8.8:53 | hello.dialpad.com | udp |
| US | 104.17.71.206:443 | hello.dialpad.com | tcp |
| US | 35.201.112.186:443 | edge.fullstory.com | udp |
| US | 8.8.8.8:53 | us-east.dx.dialpad.com | udp |
| FR | 13.32.145.17:443 | us-east.dx.dialpad.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | s.yimg.jp | udp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| US | 34.215.86.13:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | app.koopid.ai | udp |
| JP | 182.22.25.252:443 | s.yimg.jp | tcp |
| US | 2.22.144.159:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | cdn.bizible.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | j.6sc.co | udp |
| BE | 104.68.89.134:443 | munchkin.marketo.net | tcp |
| US | 8.8.8.8:53 | rs.fullstory.com | udp |
| FR | 152.195.15.58:443 | cdn.bizible.com | tcp |
| NL | 23.62.61.152:443 | j.6sc.co | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 35.186.194.58:443 | rs.fullstory.com | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | js.qualified.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.16.5:443 | js.qualified.com | tcp |
| US | 8.8.8.8:53 | analytics.tiktok.com | udp |
| US | 8.8.8.8:53 | tag.simpli.fi | udp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn.bttrack.com | udp |
| NL | 23.62.61.57:443 | analytics.tiktok.com | tcp |
| NL | 35.234.162.151:443 | tag.simpli.fi | tcp |
| JP | 182.22.25.252:443 | s.yimg.jp | tcp |
| US | 8.8.8.8:53 | js.zi-scripts.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| BE | 23.14.90.96:443 | cdn.bttrack.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.112.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 219.18.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.90.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.71.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.89.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.194.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.15.195.152.in-addr.arpa | udp |
| US | 172.64.150.44:443 | js.zi-scripts.com | tcp |
| US | 8.8.8.8:53 | 13.86.215.34.in-addr.arpa | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.16.18.104.in-addr.arpa | udp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| FR | 99.86.90.76:443 | cdn.segment.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | repository.secomtrust.net | udp |
| JP | 61.114.177.151:80 | repository.secomtrust.net | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | cdn.bizibly.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | w3-reporting-nel.reddit.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 172.64.150.44:443 | js.zi-scripts.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | 838-zlq-213.mktoresp.com | udp |
| JP | 61.114.177.151:80 | repository.secomtrust.net | tcp |
| US | 216.239.38.181:443 | analytics.google.com | tcp |
| US | 192.28.147.68:443 | 838-zlq-213.mktoresp.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 192.28.147.68:443 | 838-zlq-213.mktoresp.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.162.234.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.25.22.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.177.114.61.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.147.28.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.qualified.com | udp |
| US | 52.70.81.117:443 | ws.qualified.com | tcp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | ipv6.6sc.co | udp |
| US | 8.8.8.8:53 | c.6sc.co | udp |
| US | 8.8.8.8:53 | ws-assets.zoominfo.com | udp |
| US | 104.16.117.43:443 | ws-assets.zoominfo.com | tcp |
| US | 104.16.118.43:443 | ws-assets.zoominfo.com | tcp |
| NL | 23.62.61.155:443 | c.6sc.co | tcp |
| NL | 185.89.210.46:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | b99.yahoo.co.jp | udp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| JP | 182.22.30.204:443 | b99.yahoo.co.jp | tcp |
| US | 8.8.8.8:53 | am.yahoo.co.jp | udp |
| JP | 182.22.31.252:443 | am.yahoo.co.jp | tcp |
| JP | 182.22.30.204:443 | b99.yahoo.co.jp | tcp |
| JP | 182.22.31.252:443 | am.yahoo.co.jp | tcp |
| US | 8.8.8.8:53 | app.qualified.com | udp |
| US | 52.7.109.205:443 | app.qualified.com | tcp |
| US | 8.8.8.8:53 | api.segment.io | udp |
| US | 34.223.74.168:443 | api.segment.io | tcp |
| US | 8.8.8.8:53 | 43.118.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.117.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.30.22.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.31.22.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.109.7.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.81.70.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.qualified.com | udp |
| US | 104.18.17.5:443 | assets.qualified.com | tcp |
| US | 104.18.17.5:443 | assets.qualified.com | tcp |
| US | 35.186.194.58:443 | rs.fullstory.com | udp |
| US | 8.8.8.8:53 | 168.74.223.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.17.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fast.wistia.com | udp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 151.101.2.132:443 | fast.wistia.com | tcp |
| US | 8.8.8.8:53 | fast.wistia.net | udp |
| US | 8.8.8.8:53 | 132.2.101.151.in-addr.arpa | udp |
| US | 151.101.2.132:443 | fast.wistia.net | tcp |
| US | 8.8.8.8:53 | embed-cloudfront.wistia.com | udp |
| FR | 52.84.174.52:443 | embed-cloudfront.wistia.com | tcp |
| FR | 52.84.174.52:443 | embed-cloudfront.wistia.com | tcp |
| FR | 52.84.174.52:443 | embed-cloudfront.wistia.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 52.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | i.simpli.fi | udp |
| US | 8.8.8.8:53 | distillery.wistia.com | udp |
| US | 8.8.8.8:53 | pipedream.wistia.com | udp |
| US | 104.18.32.54:443 | www.dialpad.com | tcp |
| FR | 99.86.91.13:443 | pipedream.wistia.com | tcp |
| FR | 99.86.91.13:443 | pipedream.wistia.com | tcp |
| FR | 99.86.91.13:443 | pipedream.wistia.com | tcp |
| FR | 18.155.129.7:443 | distillery.wistia.com | tcp |
| FR | 18.155.129.7:443 | distillery.wistia.com | tcp |
| FR | 18.155.129.7:443 | distillery.wistia.com | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | um.simpli.fi | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | qualified-production.s3.us-east-1.amazonaws.com | udp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 52.216.168.46:443 | qualified-production.s3.us-east-1.amazonaws.com | tcp |
| FR | 172.217.20.162:443 | cm.g.doubleclick.net | tcp |
| FR | 142.250.179.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | pixel.tapad.com | udp |
| US | 8.8.8.8:53 | simplifi.partners.tremorhub.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | aa.agkn.com | udp |
| US | 8.8.8.8:53 | sync.intentiq.com | udp |
| US | 3.90.19.228:443 | simplifi.partners.tremorhub.com | tcp |
| US | 34.111.113.62:443 | pixel.tapad.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | loadm.exelator.com | udp |
| US | 8.8.8.8:53 | stags.bluekai.com | udp |
| US | 8.8.8.8:53 | fei.pro-market.net | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | sync.bfmio.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ce.lijit.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 107.178.240.89:443 | fei.pro-market.net | tcp |
| FR | 18.164.52.116:443 | s.ad.smaato.net | tcp |
| US | 52.4.77.65:443 | sync.bfmio.com | tcp |
| IE | 18.202.122.123:443 | bcp.crwdcntrl.net | tcp |
| IE | 54.195.194.200:443 | aa.agkn.com | tcp |
| IE | 54.76.246.110:443 | ce.lijit.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| BE | 23.55.96.210:443 | stags.bluekai.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| IE | 34.254.143.3:443 | loadm.exelator.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| FR | 52.222.149.58:443 | sync.intentiq.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | d.agkn.com | udp |
| IE | 54.220.25.0:443 | d.agkn.com | tcp |
| US | 52.216.168.46:443 | qualified-production.s3.us-east-1.amazonaws.com | tcp |
| US | 52.216.168.46:443 | qualified-production.s3.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 186.62.91.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.168.216.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.113.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.240.178.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.52.164.18.in-addr.arpa | udp |
| US | 192.28.147.68:443 | 838-zlq-213.mktoresp.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.194.195.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.246.76.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.149.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.19.90.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.77.4.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.25.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| FR | 172.217.20.162:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_2996_KIKWLEDQUDMOMQVD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bae142574c969ad00c438052ce7a9dac |
| SHA1 | db629aab094d5ee7e93f0a9053273f138cf58026 |
| SHA256 | d1834b6d1d2dd5ce054a7d5bc1166a9eccc3b60d0315f09ca6b6cbfe68fa0057 |
| SHA512 | 438e9432c5c66ab8b9839681a12c33595d51bba06445b1ebc689ae61cae2e4e648f2180794d147e13b0184a5d4c65925ffc66e33eca14069e96a009d872693a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ba758bd820dc5c39f31e0042f364996c |
| SHA1 | 51ffb189e44435b0afa9f5a7093bd5c729379cd9 |
| SHA256 | bcfea742d9e8a037d48175d510310f53ec731b47562ade383a4c8a5ab2176010 |
| SHA512 | 22754503625b5c41c13c530da7f63b2adbca8a4930280400d3dcc46e009a6350d281bef49416bfca9592eed6ec3838f4403cb4c37a24f066bd3384ed98163f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9b489db0fb27d860b65e6176924c5804 |
| SHA1 | 19b5330b6aa7697779898660dede1576c00e3028 |
| SHA256 | 2bf1ef07f87bbc8fc14e5d82889c5026c3f404694ec9ee8c4e7da320a7c5afa4 |
| SHA512 | 1747c3f506b040cb507f635efe17d8c9c3ec995661667ef5ff3d35f1bad9e80ae961100a45e4750a96e6d5d6902e930b35113200fdf78cea278e311adf2accbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82806655c2b41b90bc957c466ab38559 |
| SHA1 | b6e100d3b22045e1aed26832bfbf68e7754c81d2 |
| SHA256 | cc37036da856c28fe6feabf99e5bec624cd86247799df3c3bf381e7323cf203a |
| SHA512 | 92b62db4e1c03a585534736c1d74752bed33ed9818ba245e37433a7181b8c0b1e032ae043adb098efd308582e59fe47ed0bf76a80efd7b4ebb7161f05995e650 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90f18860451b05a57f55ad7d5e578d15 |
| SHA1 | 67e73ae21035371050ed6da6dadddb19fea70dd0 |
| SHA256 | 30be3c46c01d33854564b1a35b7441991ed361cffac02edd6443e42b85dbfaa7 |
| SHA512 | 7eac9b3573c52e5f5983a0a25c59d8fbdc8aebca59374aad542b7800679bf82268c9c2c9cac0bd0368c9e0d3c4f17a78636e70bc0900757b144fbfed29b572e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57954b.TMP
| MD5 | 10665335c551496e15695aa02d202f61 |
| SHA1 | fc8824e991927ff2843767d491d79bcb4350bde4 |
| SHA256 | 8cc5af01794dbd6c830dbc7f65b00b4d4e7681b9f021746e8fb2049b8213bf4c |
| SHA512 | 3cf0fec1cb52f30c61741efde8ff843689d407ab1b5e50a95e2604b189bb566b7bcf35cc37a5e714e29f0598c71bbc39b6fa826ba9fc51ceb24c8b0789862bba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7cd9e123980550f733aa6e6794470721 |
| SHA1 | 9e1992cab7533c7c2f141b9d365ee4982081dfed |
| SHA256 | b7189c7b385ac3cf5a6d6401cc6dbfa707cf15b11a9e60c1eb952ecedc119083 |
| SHA512 | 4ff778b4e6bfc603a8328d62af83aefc9afa7f61d632d4a3a21a616efd50c3fad47a0fa52b5e4039d8ecc702b4f61009e7112e44152e5a853a58ae8333e1ed2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 744a95f84db1fcd2c5d898b81ef0078a |
| SHA1 | 9115e476fd2bace571117c6a5389a6bb6968188f |
| SHA256 | 6278c06430586e8a33e30edcf06da8b0e3689dd28284e17fa438bb141d0f0ae4 |
| SHA512 | 60d830c4645363b879baef19e75c47b6b89fe327beec25465bd2e7c84c49a5b1541be202160b5005a82c2343547b2333ece82c9b51dfa1af30c49c3b164aa4c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0151262ab414d2276c25e5dd10dfaf05 |
| SHA1 | c04fd51274133edb242de20bea06845f01be532b |
| SHA256 | ffe4f10f781031f86570953b995c180dfc7ef5cb22c08224a07513b8c7ed0594 |
| SHA512 | 757d74c75dff189bbd307af1e0b7404168f0f3b4b2c7ad837257c9ad4bb012478a1132525617eed76ebbae052d7c9770361e248b07084bdca9511b5efeb0deab |