Analysis Overview
Threat Level: Known bad
The file https://u48431706.ct.sendgrid.net/ls/click?upn=u001.0jtXymQrrP8zUA-2F-2BsChJQ8lprVbTFv4YX-2BokjfrITU0Y-2FWzLEyvng4u3imI-2B2sbASciNnh265TjHL8bmKWdg2vIbJAlJsx5jq6JVB9nipZcfPKdTBaWesbk-2F-2FgTJ86p1aIzoQduqmccpeRA4rHjHyv8fUbJYSkdOtbJ9YWc-2FjIlw2JOPhjC3LbKxrIpGUZrnRFtVcFUF-2F0uHsUfjnAzOsqG3ilZtyXiU-2F6cTlybGWnXNKfp0qQSsUEexX7xJEDvGaTYRRwM-2FIzR320AexC9-2B4dtxlaW3ZoFQ92wqsU7B3iviU0FQONyLlQ-2B-2FWSDdeyRP7BVDc9wbSa341kus1LMNEmVI8Zjf2qtdZcYgixpQXY9WHsi5b9kSypaoWvGZqbSc3cdcWiMf1mpAy23QcgwRRrCjfsrzLsZFjE-2FbAkjCgQWrCsRlz91Vr4KZyHOue9kt5lJcsdTPdw9sx2Bvu-2Ftg-2F6ngDmR-2BPQb5hL7xkbR0-2BOn6041L7rFHHBezXb7c4ZgmqtnL9V8Or82JE-2BHhZoDIVwjtnKROZkTJsxZoOdwEFM8SQSAhpKbORaEZeaxrx9X2zmFn1nQAON7QKGfPRx79MqYVqflhfc-2FdzfyIJWInP6vXNWgb1XU7GbkqxwAcRM-2BiAgzO0AsP6qX6mTRhPVYoaXr1PzteDcCrF2S9t89x-2BDj7a-2B2yJ1nBxJHKtC1TVvUtV9LvEGTTdr2VCUiYKiyuYVbufGL-2FQWllhme6IZm6K-2FPasYtIHvQNd0IAoMMmayWpDZeG0238GYeR2lwwq-2FoLugqUu-2FXJ36JOTxGUD3T1xBXYZBAAVwjPGRZf0ufWFaGXNEjO8b-2F53pkbvf81PTL-2BoJ24-2F9pI02MZGRJWo9Th2Ehu0gfcDmlaUb-2FgCGsUIQEmg1sdGc5FT5V-2Fda6ms77RA87mXvlaqjdWGTMvAne0Auiz7d2LnAuwpVcNA4CJN5I4Uop5a7AeGCsIkNTQZ0-2FKJ5BAurYzLKvmEba1nEt6K4KA6Y8nKd4RC3xQUGcjOn7uQEUfJ3U0WgDEAZZpieQxEQ7UwnMw9xWr-2FxnNw0MmewvOsQGuEBzWLP0CFIY7EDiEbCRJznGKtnN5IJwXn1PU77tnjrFCA2ekk671eyclQnPm4Im7DMFRmvRzSjJp4MqKeabz8vB2cUTOm-2FA5J8jdz5-2FF0ghw9TkSQB4gci2CE-2Fr2zs-2B1AaHAvS7v2FnFs1iHhvjEv5XauSP8OZFVk57Kzw3Q7O-2BOgppNJyFIse-2FJz-2B66UGRUjDIdsIaRh7kxAvCnWG48wKC12EoGhSmD3EYjNAq7fpohkufXiAwe52ymJfe9tm5s2Yc-2FATiaiV8m4IlI5ms1_XOkdRMx-2B9QZGLuCdmWUx71VSlWTKMAHZ96QJAx6HQ9UvZ-2F5kMK3EVUjKshM22IqKMVUePKd-2BNCcPj7fFDl6GSUJQOKkRNwvOQ7Tn6JS-2FUZuEqV-2F2UeYk74dnDQru0QgrDMqNMR4MIbUQSATlDzCPa5Rqp82PBbE-2FUpjdP6cV8hv5k-2BGKpiNrpeduxgN6172Utl6G-2BsvCc-2BQhUY4xr1yX21LFODOmVoNX9jWoIpQOmGe5HeBilvNyhYGTHI92W-2FDUZ-2BuSZe2RWU9YPHOXyvNLDObkAIThFj5MQcT1-2FJQ8R8p2zgariCkNtbGGPFNiJRGVpkgXGnQRaGM3IK5gWRJ89sNe8hSqk0cW963ID5XowP4jThQOuZJHPycCjAlIO96qIVSTcZe5EB-2Bld67OPf0DeZQ0EW0X4Tm2HanzhCYr3Ee3VcHyYScdV-2B8l0zlKAWFZ4rC0f4pHtvOPQ9njkYAtdY4fC5UE-2FCsy4Jtt5Gz-2F-2FolHHzxHmqeXzYOJFAUvxK5EmcCjmHsote7fxdQFTyl-2Fs41F7Tsd6j3CSrMFnjxZ-2FKbHQ6RVgvFbCDMG32c2k6epv2ArFEAaZlXHi9o5CNPMsZGtTyRH98lM7EHM3kW1hurrSyYufB7S8UMevBJtkE-2F5gRPa3AVj0ZpR8dggwQmmmcTUistL9LjlQ-2BNzoCDKrZxdJJS-2BMzQrOCZjaUT1s8L8qbG07GWskMbnVBUxdjZt5aI0VmNtG-2FaHgZx3-2FWKyhw5EHDreXxSDWCCpq0X4CNV7Y9dizRdjW6UHFqwmN2Y-2FrSMnsJtTZx5aQI14yd0xF69AFde-2FuFeYJADCXhwrk72ZcV2iHWgyqJzQSej43GszeRX0hV6Rsggc3UbXdRYyAwuKCZgy5xVKWavveRe8-2B63a was found to be: Known bad.
Malicious Activity Summary
Looks up external IP address via web service
Browser Information Discovery
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-05 15:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-05 15:14
Reported
2024-12-05 15:17
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u48431706.ct.sendgrid.net/ls/click?upn=u001.0jtXymQrrP8zUA-2F-2BsChJQ8lprVbTFv4YX-2BokjfrITU0Y-2FWzLEyvng4u3imI-2B2sbASciNnh265TjHL8bmKWdg2vIbJAlJsx5jq6JVB9nipZcfPKdTBaWesbk-2F-2FgTJ86p1aIzoQduqmccpeRA4rHjHyv8fUbJYSkdOtbJ9YWc-2FjIlw2JOPhjC3LbKxrIpGUZrnRFtVcFUF-2F0uHsUfjnAzOsqG3ilZtyXiU-2F6cTlybGWnXNKfp0qQSsUEexX7xJEDvGaTYRRwM-2FIzR320AexC9-2B4dtxlaW3ZoFQ92wqsU7B3iviU0FQONyLlQ-2B-2FWSDdeyRP7BVDc9wbSa341kus1LMNEmVI8Zjf2qtdZcYgixpQXY9WHsi5b9kSypaoWvGZqbSc3cdcWiMf1mpAy23QcgwRRrCjfsrzLsZFjE-2FbAkjCgQWrCsRlz91Vr4KZyHOue9kt5lJcsdTPdw9sx2Bvu-2Ftg-2F6ngDmR-2BPQb5hL7xkbR0-2BOn6041L7rFHHBezXb7c4ZgmqtnL9V8Or82JE-2BHhZoDIVwjtnKROZkTJsxZoOdwEFM8SQSAhpKbORaEZeaxrx9X2zmFn1nQAON7QKGfPRx79MqYVqflhfc-2FdzfyIJWInP6vXNWgb1XU7GbkqxwAcRM-2BiAgzO0AsP6qX6mTRhPVYoaXr1PzteDcCrF2S9t89x-2BDj7a-2B2yJ1nBxJHKtC1TVvUtV9LvEGTTdr2VCUiYKiyuYVbufGL-2FQWllhme6IZm6K-2FPasYtIHvQNd0IAoMMmayWpDZeG0238GYeR2lwwq-2FoLugqUu-2FXJ36JOTxGUD3T1xBXYZBAAVwjPGRZf0ufWFaGXNEjO8b-2F53pkbvf81PTL-2BoJ24-2F9pI02MZGRJWo9Th2Ehu0gfcDmlaUb-2FgCGsUIQEmg1sdGc5FT5V-2Fda6ms77RA87mXvlaqjdWGTMvAne0Auiz7d2LnAuwpVcNA4CJN5I4Uop5a7AeGCsIkNTQZ0-2FKJ5BAurYzLKvmEba1nEt6K4KA6Y8nKd4RC3xQUGcjOn7uQEUfJ3U0WgDEAZZpieQxEQ7UwnMw9xWr-2FxnNw0MmewvOsQGuEBzWLP0CFIY7EDiEbCRJznGKtnN5IJwXn1PU77tnjrFCA2ekk671eyclQnPm4Im7DMFRmvRzSjJp4MqKeabz8vB2cUTOm-2FA5J8jdz5-2FF0ghw9TkSQB4gci2CE-2Fr2zs-2B1AaHAvS7v2FnFs1iHhvjEv5XauSP8OZFVk57Kzw3Q7O-2BOgppNJyFIse-2FJz-2B66UGRUjDIdsIaRh7kxAvCnWG48wKC12EoGhSmD3EYjNAq7fpohkufXiAwe52ymJfe9tm5s2Yc-2FATiaiV8m4IlI5ms1_XOkdRMx-2B9QZGLuCdmWUx71VSlWTKMAHZ96QJAx6HQ9UvZ-2F5kMK3EVUjKshM22IqKMVUePKd-2BNCcPj7fFDl6GSUJQOKkRNwvOQ7Tn6JS-2FUZuEqV-2F2UeYk74dnDQru0QgrDMqNMR4MIbUQSATlDzCPa5Rqp82PBbE-2FUpjdP6cV8hv5k-2BGKpiNrpeduxgN6172Utl6G-2BsvCc-2BQhUY4xr1yX21LFODOmVoNX9jWoIpQOmGe5HeBilvNyhYGTHI92W-2FDUZ-2BuSZe2RWU9YPHOXyvNLDObkAIThFj5MQcT1-2FJQ8R8p2zgariCkNtbGGPFNiJRGVpkgXGnQRaGM3IK5gWRJ89sNe8hSqk0cW963ID5XowP4jThQOuZJHPycCjAlIO96qIVSTcZe5EB-2Bld67OPf0DeZQ0EW0X4Tm2HanzhCYr3Ee3VcHyYScdV-2B8l0zlKAWFZ4rC0f4pHtvOPQ9njkYAtdY4fC5UE-2FCsy4Jtt5Gz-2F-2FolHHzxHmqeXzYOJFAUvxK5EmcCjmHsote7fxdQFTyl-2Fs41F7Tsd6j3CSrMFnjxZ-2FKbHQ6RVgvFbCDMG32c2k6epv2ArFEAaZlXHi9o5CNPMsZGtTyRH98lM7EHM3kW1hurrSyYufB7S8UMevBJtkE-2F5gRPa3AVj0ZpR8dggwQmmmcTUistL9LjlQ-2BNzoCDKrZxdJJS-2BMzQrOCZjaUT1s8L8qbG07GWskMbnVBUxdjZt5aI0VmNtG-2FaHgZx3-2FWKyhw5EHDreXxSDWCCpq0X4CNV7Y9dizRdjW6UHFqwmN2Y-2FrSMnsJtTZx5aQI14yd0xF69AFde-2FuFeYJADCXhwrk72ZcV2iHWgyqJzQSej43GszeRX0hV6Rsggc3UbXdRYyAwuKCZgy5xVKWavveRe8-2B63a
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda8d446f8,0x7ffda8d44708,0x7ffda8d44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16882897267419240966,10465284568834372441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u48431706.ct.sendgrid.net | udp |
| US | 167.89.118.35:443 | u48431706.ct.sendgrid.net | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.118.89.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sharedocumentfile.vercel.app | udp |
| US | 76.76.21.142:443 | sharedocumentfile.vercel.app | tcp |
| US | 8.8.8.8:53 | 142.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| DE | 13.32.27.44:443 | logo.clearbit.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 54.174.1.1:443 | image.thum.io | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 92.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.27.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| IE | 3.162.140.85:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 1.1.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_1580_VSCLIVJSUBZJQOJI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe91358333f3ae4908f69b68730e4b2d |
| SHA1 | a72d69f7f5d120003a120f026ac818b0596555de |
| SHA256 | 45695c311aed83e7d1811c637e823f8faedea9e571203bb6e7620bdb1d7e8961 |
| SHA512 | ba821b52827e8a473c16066fa55782f354dc35f72ed5c9f3e937c94fbacec9092d0877058a5d7982aac9fe1a9b353a7478b926908e70b8dab14acc3a7a3d2c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea89040f176f992fa98b571eb8324915 |
| SHA1 | 1083ef1e7c165d0dfac9c4d3f8b86f946da09333 |
| SHA256 | 6b3f9d5613ae5ccf0543a43a3e8e940838e5f0f0c76dd0bc1a310c85fe2f1899 |
| SHA512 | 5d4805f674182813f7312259197de54c69184f404f2c3be03ddaed451fcd67e370976355e6643c0163c15cb05784832d15ead9e6496ddac647531df31644f52d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0ed80660cfaa9f9930910fe2f4b9d615 |
| SHA1 | e2c4a5ec968f4af69d67649193492ec94bea5c09 |
| SHA256 | 0835f3982b8bd7d08ea721d2e5c163bbf5adfb9cfd4a434995601275e8cebacc |
| SHA512 | bdc176980e6b9cb9cd694b6f4954b37495ac543f5312a06b0ef8f2cca03d82f1fc247340972f97ddd67dd7412b6554d7fc4d63106900cdbfcfedd17dafcb839f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d444df8da12e58e63941042d004e6e45 |
| SHA1 | 67bbd441c1e5afb978ec07d415c329b51c67e23b |
| SHA256 | 9e118d55137ab09aeca20db125e80c137ece7884254dac03da5c903405ee38f8 |
| SHA512 | 9624c90cf4beab43073109614a0197e7283b02a9e158967df071a6398fb2cb4c963cc7dd8d5fdad064c9288ae018b3415278a36c77d96bc8cd5012d527ced42d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | 47985aac7f9bb2c19dc7debbc8834902 |
| SHA1 | 24ee4b7554339d85e00561a04ae444ad7115e174 |
| SHA256 | 6b61ccee822a914239c17f7cc1ab2d33939eeafecc3b0ba7e3fcfeed63a3599f |
| SHA512 | f4a55a28c2a7b68f544b5f141ab307df96853320d312c2b182c33634f6cef78d2f920b26a371fa66daadebbb24df63fea02815eceb0d9508f013b47b273a953d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8e560091a96700b988a34233fbc7a76f |
| SHA1 | fe518fe7c5bf40a241f1e05f2850331307894ef9 |
| SHA256 | 5b0f14acef63c304c6a6b7b349ed2ad10c4766a124e4ee959f273f539688bcdc |
| SHA512 | ee928bf4165610a110492e0ebc34b5f92c06e1e445b123fdac0a8277d5bda2169dd89aa8d907e081ff4c40acce9f4f86c5592e1348e30f7438e02fc130ef6534 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 71de8c373be4873ffbf64693ee0d684c |
| SHA1 | de882e6b3be22a3283337e690bee728f9733fb6a |
| SHA256 | 7dc3dac94e47e1919e7da9859d6e1dce8d8ff559b6d1e965a569cba210623d27 |
| SHA512 | 68828eead3aef87f962d0d01fa8cefc72a07776d10404b07cf43267c9a1a9f1d8eef647469038f2f870eea4171398acda89f2c4b72a2b4a439cb7e8e69e6f4c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5891cb.TMP
| MD5 | e01f533ac7ac2e1dc5f989851f914ee1 |
| SHA1 | c5addbc88a51b4ac3e0c7c90028b48a4fdadf947 |
| SHA256 | a1cd8ab3a992ac22c649418b18e145f8d57ea191a7ccfe5158a105062890f8df |
| SHA512 | daab251fdb539acba930af8629ff5e05db8273e94f17d1f5be58aa81b9d5ac305fffb467552fa8fb529921a08997406010dadb600e15470f5a9d9b0781de99aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5775649da4953e6eac28a34b87b737ef |
| SHA1 | 1cdd6d2aa8860830f6a3648c61bbb7b3ead87290 |
| SHA256 | 9893b5755b56ed1b37c941f2612b106919e10c7a82c5d11a4ba15055e2d3f3ba |
| SHA512 | a720e5edd5ee8ee60faeb63f010b741190166cb64504dd608366d40ba50764aea567ab7079ccd4eaa0cfeb717e2263128473b02e959945a3d8235fd56cc722cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 683aa549f9870b8a0add3b6d3fb3f994 |
| SHA1 | 17bd9802021af45efebc76f7dd836aa7c6e4f305 |
| SHA256 | db0c480d353d3f2f3385a0db8cf1b83254f701d1f0e1c070e666259d53efe4a2 |
| SHA512 | 8aff4ff64054bb2869cb4600e5b37500832c5397a35e12afd21f42ea230d2c1d133d154dd7a27785d141b3d75b3dcfe568251a24f239d35d1a56855a42e8cd2a |