Analysis Overview
Threat Level: Likely malicious
The file https://strikeout.im/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Browser Information Discovery
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 21:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 21:39
Reported
2024-11-09 21:41
Platform
win10v2004-20241007-en
Max time kernel
100s
Max time network
106s
Command Line
Signatures
Downloads MZ/PE file
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{23CD09E0-7E69-49B8-9C10-3CF6D8A7AC53} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://strikeout.im/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4cd146f8,0x7fff4cd14708,0x7fff4cd14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7092 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,1898372424913744274,4277818982576793114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | strikeout.im | udp |
| US | 8.8.8.8:53 | 72.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| CH | 45.178.6.104:443 | strikeout.im | tcp |
| CH | 45.178.6.104:443 | strikeout.im | tcp |
| CH | 45.178.6.104:443 | strikeout.im | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.6.178.45.in-addr.arpa | udp |
| CH | 45.178.6.104:443 | strikeout.im | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youradexchange.com | udp |
| US | 8.8.8.8:53 | rddjzbwt.click | udp |
| US | 8.8.8.8:53 | cjbyfsmr.life | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 172.67.177.214:443 | youradexchange.com | tcp |
| US | 172.67.172.206:443 | cjbyfsmr.life | tcp |
| US | 8.8.8.8:53 | si.iceocean.shop | udp |
| US | 104.21.25.224:443 | si.iceocean.shop | tcp |
| US | 8.8.8.8:53 | 214.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.25.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pubtrky.com | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 172.67.188.110:443 | pubtrky.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 172.67.188.110:443 | pubtrky.com | tcp |
| US | 8.8.8.8:53 | 110.188.67.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | offergate-apps-download26.com | udp |
| NL | 88.208.46.156:443 | offergate-apps-download26.com | tcp |
| NL | 88.208.46.156:443 | offergate-apps-download26.com | tcp |
| NL | 88.208.46.156:443 | offergate-apps-download26.com | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.46.208.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.pretrackings.com | udp |
| NL | 34.147.21.42:443 | tracking.pretrackings.com | tcp |
| NL | 34.147.21.42:443 | tracking.pretrackings.com | tcp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 8.8.8.8:53 | 42.21.147.34.in-addr.arpa | udp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| CH | 45.178.6.104:443 | strikeout.im | tcp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.adsco.re | udp |
| US | 104.17.167.186:443 | c.adsco.re | tcp |
| US | 104.17.167.186:443 | c.adsco.re | tcp |
| US | 8.8.8.8:53 | adsco.re | udp |
| US | 8.8.8.8:53 | 6.adsco.re | udp |
| US | 8.8.8.8:53 | 4.adsco.re | udp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 104.17.166.186:443 | 6.adsco.re | tcp |
| US | 104.17.166.186:2087 | 6.adsco.re | tcp |
| US | 8.8.8.8:53 | 186.167.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85tnl1nxhlwv.l4.adsco.re | udp |
| US | 8.8.8.8:53 | 85tnl1nxhlwv.s4.adsco.re | udp |
| US | 8.8.8.8:53 | 85tnl1nxhlwv.n4.adsco.re | udp |
| US | 38.132.109.186:3478 | udp | |
| SG | 185.200.116.90:3478 | udp | |
| GB | 185.200.118.90:3478 | udp | |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 8.8.8.8:53 | 5.214.252.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.166.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.118.200.185.in-addr.arpa | udp |
| US | 104.17.166.186:443 | 6.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 104.17.166.186:2087 | 6.adsco.re | tcp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ver.tubroaffs.net | udp |
| US | 104.17.166.186:443 | 6.adsco.re | tcp |
| US | 104.21.62.26:443 | ver.tubroaffs.net | tcp |
| US | 8.8.8.8:53 | theirtooads.azurewebsites.net | udp |
| US | 8.8.8.8:53 | 26.62.21.104.in-addr.arpa | udp |
| GB | 185.200.118.62:443 | 85tnl1nxhlwv.l4.adsco.re | tcp |
| GB | 185.200.118.62:443 | 85tnl1nxhlwv.l4.adsco.re | tcp |
| US | 38.132.109.126:443 | 85tnl1nxhlwv.n4.adsco.re | tcp |
| SG | 185.200.116.60:443 | 85tnl1nxhlwv.s4.adsco.re | tcp |
| US | 38.132.109.126:443 | 85tnl1nxhlwv.n4.adsco.re | tcp |
| SG | 185.200.116.60:443 | 85tnl1nxhlwv.s4.adsco.re | tcp |
| US | 8.8.8.8:53 | 62.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a0486d6f8406d852dd805b66ff467692 |
| SHA1 | 77ba1f63142e86b21c951b808f4bc5d8ed89b571 |
| SHA256 | c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be |
| SHA512 | 065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a |
\??\pipe\LOCAL\crashpad_752_SJWBXMRTGUYYVHCG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dc058ebc0f8181946a312f0be99ed79c |
| SHA1 | 0c6f376ed8f2d4c275336048c7c9ef9edf18bff0 |
| SHA256 | 378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a |
| SHA512 | 36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e5ecb659263ac5901270212bd555ea1 |
| SHA1 | 19e9365884931c2089ef67de35967be488331919 |
| SHA256 | f6f7afebc9acced178fcc6be1a6d2aa5ec1b7717e320b59875cf0088001f5bb0 |
| SHA512 | 63c02873e17602e0398a4340f25a4297ad1ad0fb47db82e396aa4c0c03161ed186c8cfb7286283abef6c6623f4f66d45fb3b071df06ceaa2b23a4f7b19b5d5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | df4543bca465626904980b3e6dce1096 |
| SHA1 | dc581a3dd443faa90e09d2d4bfc42d95c7364732 |
| SHA256 | 70457226810bb5a03ce99ab0e1998f574d1118434572c9ffca713143c77bd1cb |
| SHA512 | 60235b74736c93e0e874f90301d6cc7abee436b8e827c50e910641d4e86a4df823490a8726b882d46e39665a88581037b1205ace0991aa1405bb402a92dbdaa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 149e18f5fd9692728fe859054bacf97e |
| SHA1 | 7d9f94b7968fc865bfb7f9c874986b177992758e |
| SHA256 | 7bf1bb9d7a3398881168b20a289ba22975b55c82e27d2b79c7c6f1efea137feb |
| SHA512 | ec632031687ebfcb8da5a7961c6d1232c69a15573fcb1b0c0785ea1e3b5dc2d235e4f5354228b28391a0b882b2d652c059c586075104835b47960c66d0684f8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9ba8c34bd7bfceb79697c37d21808105 |
| SHA1 | ae6fe76f0b44895369487e9e605bfeb7a26af5ff |
| SHA256 | 63181dbc7a69f2cbbc85b70395b9cfb730233cccc457a4e47ae7f7f160dd9439 |
| SHA512 | 88fe23b44876c9474038ffbf951d60fd85bcd30e99e5e297a0333ec3592e30eeedade9dea5eb23ff4b38cc71548662aa08e91cfb6fd564f32933d0777b80ea74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ecd1.TMP
| MD5 | c78680a877ca6ccedf96d7edbadff509 |
| SHA1 | edc2cc8f16e4c341295027fba2fa3272b45e9ff2 |
| SHA256 | efbc5ff87ee510ab0ecfeb10a5abe549b1c8e087d83bd2ec98d932540a99edc5 |
| SHA512 | 2d24adeb49b1e8c5b8318c17d5cd71965656bc8c3c3f4f453a55b5e5f5abef8d844a4b3e7e5a74a9a98b547d8ac56666019b09502b9e4c9bd3dc247fc661fdf3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 84f323e15e5f7de1165bf58aa4f2f565 |
| SHA1 | 24fd4a9f82545a6e76834a0762f5d85a6b845f9d |
| SHA256 | 68a9a2d5abc57bd2d04fe4cf6f2dd1ba11aa056b8366120799eadf26ad85eaa8 |
| SHA512 | 4cc342d26d8b7c41e6d03745e35f46be5268b5a54f60facefd82141b6d91c884e6cd7616ee7f9fb9fc7dc110accb39707d07becb786df2a3964c0bbd51a2ed5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3f5f40a2fceb24fece1e280b08f0f9a3 |
| SHA1 | 9e0c256153d52487f6bf35c51ad003372e59b9e7 |
| SHA256 | 5e67f9ecc8b28e8ce334ad41d03ee1159117b98f74937198329b761746166291 |
| SHA512 | 3819c602d27ca21e05dbc2e3df57e18dcc2b1f76414db185258f0de921bf17cdccfd9449c8892fee8200db2eab55be83736c276c5793115e47b3306ab5724c00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a3db4da9a69d84c96d68e52a395094c2 |
| SHA1 | e5fe2ab852f41dcdea9f250ade46e97bd634e31a |
| SHA256 | d4ea79deb3a35940029de76078be26c41d4c503869634b24f6e0efedfc05b0eb |
| SHA512 | adc7556f6f324d4404778ec3610814f886a795b61dbc7e4e3a90b2062119901cef165584842a41e3812593fcbaf1a3252a0811fd32e90be59d6cbab2cfa10fba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f86a.TMP
| MD5 | fc985ad33b1b3f786aee4cdb5e0f7561 |
| SHA1 | 20e0a1db9f56b1acab855cfb579a1d6f360ab9fb |
| SHA256 | c59eb9923855be94feac5e0dff3dec949832c5870ce9e7cdc5d1d1b602bf423a |
| SHA512 | a33f0c0dc1bb9e379b1409b2ba0736e388f352c0a8730d7faaa1075ca0317ae6caab1ffd56a1cbf30260e735e3dd99f6d9ba55521c265d0e32f5491c60ade0e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 56dd61a4f5672a5d33ef677407ada76e |
| SHA1 | 258590cef7529b472ed4caa522f5bd7226c2a4ad |
| SHA256 | c85b0270bd373f42453e07b5c7661ced86ef1c69ba7bb9b3eec59f6b0fc3735a |
| SHA512 | bc5353dca23e37185d020bf17e2b42cc062fe233a76c0d3d7edb50301ca174bc89c1607afcbe07057c00f38abacdc0890c4d3e9f1958a71eb61d47374e42d8aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 618237d805730af4e864d8a503913552 |
| SHA1 | 4c9477735b49694432f38641cc96e8e48b2310c5 |
| SHA256 | a46be90827f8cd250646a3e229641f4322c50e9d40ef771cfd455b2802d89cbf |
| SHA512 | ac84e25fb16ee632939375b0dc3bbf28592c07c4e351aaf18d840db4ebac6d7eed6ba258b6bb0a67f88135146e25b6cb9b1af95c369dee6b1e2a5f9d41ff70b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 92fcb3ffc4f0928fee736e450812b8b3 |
| SHA1 | b3bfdda598e6b5a09d1c3e1e27b0e87dfb4b309a |
| SHA256 | b9daa54af3c09224e870634e4a6b13ee203c87e5c4f287800951a35eed56dd27 |
| SHA512 | cf15aec6fbaca52fbbfe3e6678af94af121efb8203cd95ce0e182afb3ff3b5c2b1f5544868d0281ea4030a6a2093543556ab6647caf645e1a36761126cab8ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87e29c2eb3ef6f360da24539cccc9858 |
| SHA1 | d755e2844bfbc364eca791bda6054c2148caf093 |
| SHA256 | 2d01322d67f201763028c81cd00944b94fe8ff31f8c328979c534033fb4108a3 |
| SHA512 | b6a43f96ae06d2d8198c63476dffa25aa08066b00a65b63ecf755939d5ba5ae39cf3df82b3206ad9dcebb017f1b9c60ce6bf8aff98d8ada77e8a7ec6dc27dae3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_c.adsco.re_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |