Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://we.tl/t-XdcVKxPZkS was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 16:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 16:59
Reported
2024-06-01 17:01
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
147s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\AmazingGame.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://we.tl/t-XdcVKxPZkS
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcca3d46f8,0x7ffcca3d4708,0x7ffcca3d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5680 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x2ec
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,6097588534535928587,17249397207058013665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6620 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\AmazingGame.exe
"C:\Users\Admin\Desktop\AmazingGame.exe"
C:\Users\Admin\Desktop\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\UnityCrashHandler64.exe" --attach 5860 1774103105536
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | we.tl | udp |
| GB | 108.156.39.54:443 | we.tl | tcp |
| US | 8.8.8.8:53 | wetransfer.com | udp |
| GB | 18.244.140.54:443 | wetransfer.com | tcp |
| US | 8.8.8.8:53 | cdn.wetransfer.com | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.140.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tagging.wetransfer.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 18.244.114.107:443 | tagging.wetransfer.com | tcp |
| GB | 18.244.140.54:443 | cdn.wetransfer.com | tcp |
| GB | 18.244.140.54:443 | cdn.wetransfer.com | tcp |
| US | 8.8.8.8:53 | public.profitwell.com | udp |
| GB | 18.244.140.54:443 | cdn.wetransfer.com | tcp |
| GB | 18.244.140.54:443 | cdn.wetransfer.com | tcp |
| GB | 18.245.143.55:443 | public.profitwell.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | auth-session-caching.wetransfer.net | udp |
| IE | 52.17.16.241:443 | auth-session-caching.wetransfer.net | tcp |
| US | 8.8.8.8:53 | privacy.wetransfer.com | udp |
| US | 8.8.8.8:53 | analytics.wetransfer.com | udp |
| GB | 18.165.227.57:443 | privacy.wetransfer.com | tcp |
| US | 8.8.8.8:53 | experiments.wetransfer.com | udp |
| GB | 13.224.222.63:443 | experiments.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 55.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.16.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.222.224.13.in-addr.arpa | udp |
| GB | 18.165.227.57:443 | privacy.wetransfer.com | tcp |
| GB | 143.204.68.7:443 | analytics.wetransfer.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | e-10220.adzerk.net | udp |
| US | 8.8.8.8:53 | 2.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.68.204.143.in-addr.arpa | udp |
| US | 54.236.95.6:443 | e-10220.adzerk.net | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.95.236.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | privacy.basis.net | udp |
| US | 8.8.8.8:53 | privacy.audienceproject.com | udp |
| US | 8.8.8.8:53 | collector.brandmetrics.com | udp |
| US | 8.8.8.8:53 | site.adform.com | udp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.beeswax.com | udp |
| US | 8.8.8.8:53 | www.captifytechnologies.com | udp |
| US | 8.8.8.8:53 | www.celtra.com | udp |
| US | 8.8.8.8:53 | www.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | di.rlcdn.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cdn.treasuredata.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | nolan.wetransfer.net | udp |
| US | 8.8.8.8:53 | s.pinimg.com | udp |
| US | 8.8.8.8:53 | js.adsrvr.org | udp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 18.172.153.129:443 | cdn.treasuredata.com | tcp |
| GB | 99.86.116.119:443 | js.adsrvr.org | tcp |
| GB | 18.245.162.93:443 | nolan.wetransfer.net | tcp |
| US | 35.244.174.68:443 | di.rlcdn.com | tcp |
| BE | 104.90.24.194:443 | s.pinimg.com | tcp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | pixel-config.reddit.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | insight.adsrvr.org | udp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 52.46.155.104:443 | s.amazon-adsystem.com | tcp |
| US | 52.223.40.198:443 | insight.adsrvr.org | tcp |
| US | 8.8.8.8:53 | eu01.in.treasuredata.com | udp |
| DE | 18.194.71.31:443 | eu01.in.treasuredata.com | tcp |
| DE | 18.194.71.31:443 | eu01.in.treasuredata.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | lebowski.wetransfer.com | udp |
| DE | 18.194.71.31:443 | eu01.in.treasuredata.com | tcp |
| US | 8.8.8.8:53 | cdn.brandmetrics.com | udp |
| US | 8.8.8.8:53 | ct.pinterest.com | udp |
| IE | 99.81.134.164:443 | lebowski.wetransfer.com | tcp |
| US | 104.26.1.90:443 | cdn.brandmetrics.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.116.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.155.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.40.223.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.71.194.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| IE | 99.81.134.164:443 | lebowski.wetransfer.com | tcp |
| IE | 20.107.224.50:443 | collector.brandmetrics.com | tcp |
| GB | 18.245.162.93:443 | nolan.wetransfer.net | tcp |
| US | 8.8.8.8:53 | www.datadoghq-browser-agent.com | udp |
| GB | 18.172.152.36:443 | www.datadoghq-browser-agent.com | tcp |
| US | 8.8.8.8:53 | backgrounds.wetransfer.net | udp |
| GB | 18.245.143.40:443 | backgrounds.wetransfer.net | tcp |
| US | 8.8.8.8:53 | prod-cdn.wetransfer.net | udp |
| GB | 18.245.162.46:443 | prod-cdn.wetransfer.net | tcp |
| US | 8.8.8.8:53 | 164.134.81.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.1.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.224.107.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.152.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | donny.wetransfer.com | udp |
| US | 8.8.8.8:53 | z.moatads.com | udp |
| US | 8.8.8.8:53 | cdn.lamp.avct.cloud | udp |
| GB | 2.21.189.220:443 | z.moatads.com | tcp |
| IE | 99.81.134.164:443 | donny.wetransfer.com | tcp |
| IE | 99.81.134.164:443 | donny.wetransfer.com | tcp |
| GB | 18.245.218.104:443 | cdn.lamp.avct.cloud | tcp |
| US | 8.8.8.8:53 | measure.lamp.avct.cloud | udp |
| IE | 52.212.16.196:443 | measure.lamp.avct.cloud | tcp |
| US | 8.8.8.8:53 | px.moatads.com | udp |
| US | 8.8.8.8:53 | 220.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.218.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.16.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ekstrom.wetransfer.net | udp |
| IE | 34.252.149.120:443 | ekstrom.wetransfer.net | tcp |
| US | 8.8.8.8:53 | safety.wetransfer.com | udp |
| US | 8.8.8.8:53 | 120.149.252.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.wetransfer.com | udp |
| GB | 108.156.39.42:443 | download.wetransfer.com | tcp |
| GB | 108.156.39.42:443 | download.wetransfer.com | tcp |
| US | 8.8.8.8:53 | 42.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 127.0.0.1:50392 | tcp | |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eaa3db555ab5bc0cb364826204aad3f0 |
| SHA1 | a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca |
| SHA256 | ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b |
| SHA512 | e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4 |
\??\pipe\LOCAL\crashpad_4920_DGJLUMFCHNFCNIZH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4b4f91fa1b362ba5341ecb2836438dea |
| SHA1 | 9561f5aabed742404d455da735259a2c6781fa07 |
| SHA256 | d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c |
| SHA512 | fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0877b0fec8246a0864ad9678e3fa2938 |
| SHA1 | 2dea0afc9bbd6731c1afe4f033f8366e3cd82832 |
| SHA256 | 5843922c6e334ade888bb12ab900ae5784366bb5c757813184a578d1dece8465 |
| SHA512 | 51f206b36226ab588e5f1424dae6cd009c2bf899f83b7ed51796a2b6fa5bfb63accdb1fd20c5be8366c1889a90f0b0d4b1d1c57edf487c08f341890a305a4f48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bb8283fe4c7326a62d80e5087ac99d79 |
| SHA1 | 46e7d800fb36cd4acf49194e6653e402a341021e |
| SHA256 | 60b8b70c4b500bc943acb97f9715dff5b8d631236cf38174a5758309d77e4204 |
| SHA512 | 8b2602f4cb8e7b97251b1d2a41af4c47366c1cfd2dd141b2086b2ebf05c11cf5c1928d3f5a9e69e69c1a62e0c2d17544cd8f3e85d90a60e2f480dbcc01db970f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb3ac89f87514e1da6bae4031af9f3a8 |
| SHA1 | 2e7cd9a7018c77ff948366de1662c85a2c12581f |
| SHA256 | c56a807890931cde47ed09d7e293f47a112cb3b7f84850c2c643680dbc035c81 |
| SHA512 | 4b73340d4a25d2707ca0a705a53e303f8063c976eeca1ecbfcd008025ca473b84425ddf59dd36641ccc250381a3bf8883626050f0ff9ee42cd59b6296f4ea4b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | e26c9941c83a7050d5d3840e0fec69ad |
| SHA1 | 16e50e7f1deb07fb7557895061dfbfa846f541f5 |
| SHA256 | e432f7a425029939607585e5c9de240b749ec205b02b3bc9799fe4a1a01fa088 |
| SHA512 | 8dc5fbb60f4f4bac8ce46569fe2f5ef81671994573f7bd92cac2e1bfc8150eb18909d0673e0c617918f5b11134d893e62e0ce4e6725b60d07cfe1e9f081c7c2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | dc1f7ba3725be6424bda3b2d740ec8c5 |
| SHA1 | abbb422528a417e89d3dee422b268d0eef368e56 |
| SHA256 | 038bc25211e6cea99bd1d1bb8213c7134ccf003fd3d91d8408beacf6bd966995 |
| SHA512 | 11514d5a7f5a43cf496cf8f6f03da2465cf732b0af210327453e8eff9a75c33d71ed7a302cf342dadd6979bee783da6983ef356a053f453a5501e7ff246c7b46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 77297ea482319a25a95011273d5ebd9e |
| SHA1 | 810afdd7d380d93ff1f24707292e33e66e887bd7 |
| SHA256 | f83a7f02bb4b8b141ac1568e2be51c0fe792191ce19cba204e50b3eb603fcaca |
| SHA512 | bd4fb323a322a95f5f5fe853b8e8278f569aa5cbe25ebc68fc95eb0eee41aa9d16c92e2c4d8cd84b4416e163762623c45672518d382c2dbde5e7781de7026ad5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a940.TMP
| MD5 | a1939a6659f8d21dc17a8fb018719bfb |
| SHA1 | 7fe108d54ebad71905ea1ea07e83843e4f4c5693 |
| SHA256 | e5a142f27c872d6b03d7fb52158d2d1e762247303c94673b84c5af6d3c1a8a03 |
| SHA512 | e2e5a91ed36cc8784d89f1e042332b1a4386681cca9212c8ac5a1167471099ffe5478d21cd7c95670b0f1844cb58f53e6b2a44234d2faf46311e762f7f807d77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 92abe55c14175c039014436319481a2f |
| SHA1 | c118e0097d581e94e057fa1470a84311463a8b6a |
| SHA256 | 55db84770a98e4494c2fc4ad97a8e558b5eebaf6f71e75b3d65170cbbfa62073 |
| SHA512 | 1804e47809576600882b327d143c145396e6cbbdf9e226e7ffbf4dba6a0313af7b2b83785430eb7f15d5b02c81ff070da6d94b9285f9d12440af79e8f8e4c7d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a58957fe33700ccbc90ffb84ff43971 |
| SHA1 | a73ac253af93950d03f26ea4d21c7799cb9832b1 |
| SHA256 | 69183c58d5e62af6f898b2b6448fb4d01a8f942a2f532d4da559882ba1ac3f83 |
| SHA512 | fbcfca1e626f40adab8faa59ca7f39d5464ca28438a781f6449572580852283a74008f9f5c95310d66bc33246688c4c8674b31ab8af6cbfeb67191028360ee68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 402b578b2eda8847c8b4f2d82e64c364 |
| SHA1 | 42259056f7a5bcbf7f7a68aac30fa111f7af1983 |
| SHA256 | 1541a810878e91389f0d3db9b212349ce152898c1cd6e6b46a51d2af2a263150 |
| SHA512 | d0fdde6b29923e56faebc1bf7c8b1991aedd5eb1ffefda5fc0714f26014bd4cdb89040437969d81e82e544fe560554a4e4b2dd130077e039cd0b8e30e150f9c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 509d351d4df20c65b390e9897c83efb2 |
| SHA1 | 7c0a024566837ddac41597681cccf7b7f718739b |
| SHA256 | 88178032e1d45561f87f8378060e1e411d91f62590928eee1d754d32ad2fbbdf |
| SHA512 | e529a1a69bbf067ce4c843010bb9e7466d588dbae041409c6a9438b0cbedc1d8012cd2dd78781d09bc4542fbb6b7869c9e19959ff9d281263c3ad3ea62cb9bbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9a1b88afe2e6675f0f2d7d2d0b3233f1 |
| SHA1 | 0b406a1ae8dbd56ba83a42d5c82ce29e9535c9f8 |
| SHA256 | 8ec43c88cfa70453a4fa7d092f781670790a17afc806e1f9101e75de88debb40 |
| SHA512 | ca2a5afa1432c86713b69be0a8cbb1394bfa94756defdd69def72d3c753bcc4bb104dca6ed9f87fad8fdf8849cbcc0ce798c2c9113327e6579ef7a00d927e8b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 509e1760252d468dd339a7026f753819 |
| SHA1 | c44095acc87ef62053cee7b4abddee0bded459e0 |
| SHA256 | 28e30868077a7cc3bcf9cedbc5ea0a2be0fb8885472f23147418ac81349bc1eb |
| SHA512 | 01d79c7421602a4f98282db4d4a0e9cce43236080fcb7cbec20bb883db4bd30f6c9025fb9211ad02b6d652cd328a7acd7de2f7e8d69ce9e8ed391a31b58fc931 |