Analysis Overview
SHA256
d24c3bb8ff45b4a385d2341904b583aaf1122ce20cf6731fe03986f86c6ca7a0
Threat Level: Shows suspicious behavior
The file DIM Premium Primismatic Precision Select.ani was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-14 04:17
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:20
Platform
win10v2004-20230831-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-528036852-1341495193-1175965888-1000\{2463067A-8718-4884-8D18-ABF3C2C36877} | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\DIM Premium Primismatic Precision Select.ani"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd4657e1bh4697h4dc4h917fhef02bd1afdd4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffd93946f8,0x7fffd9394708,0x7fffd9394718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.0.759805213\1413576483" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c666d157-52f1-49ed-b49e-40d948c7d693} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 1960 211deaefa58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.1.196118824\643843401" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad971e9c-c313-44e8-8fc2-8eadf5abfbc1} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 2376 211de5ede58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.2.938801411\718649172" -childID 1 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a36b8c37-a882-4a2c-a1da-2ea37c3f51b0} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3660 211e28fb258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.3.461360292\122578841" -childID 2 -isForBrowser -prefsHandle 3124 -prefMapHandle 3456 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {565537c4-7038-4836-9a7a-d2111d30a844} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3056 211d1f5eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.4.1697160883\1090562487" -childID 3 -isForBrowser -prefsHandle 4048 -prefMapHandle 3688 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3201acc-2e52-4a34-bd57-3a0dc8171f82} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3456 211e3a30158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.7.526367101\426379855" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5092 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4644bc12-a0bd-49f0-be4b-4080a02d58cb} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5324 211e4d1e758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.6.461643745\575117958" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1cb3373-bac9-42aa-9aa9-fc5576e0c21e} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5108 211e4d1db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.5.2033365707\2060594608" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c6f674-ce4c-4f5b-bdef-0da640b6a9c6} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5092 211e4d1d558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.8.143788051\587295151" -childID 7 -isForBrowser -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a6808ff-29ec-4715-a9dd-98a244e738ba} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5092 211e632db58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.9.1064057725\1566027140" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6132 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab46cf3b-02ee-4aef-abf5-210372fa47ce} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6100 211e6672e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.10.1349814850\1255495229" -parentBuildID 20221007134813 -prefsHandle 6228 -prefMapHandle 6236 -prefsLen 26575 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43e111b-efbd-4ba5-b7e9-54cf6caeb812} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6252 211e6911058 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.11.1240456482\250337474" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6384 -prefMapHandle 6380 -prefsLen 26575 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f88512e8-e5c5-451a-b4d5-fd4ff0cd4810} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6392 211e6910158 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.12.1020964572\2009205231" -childID 9 -isForBrowser -prefsHandle 4292 -prefMapHandle 4280 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f01bc8a-d013-4c3b-b0b1-9f0b89336cd7} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 4900 211de5eff58 tab
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.209.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 23.46.65.50:443 | cxcs.microsoft.net | tcp |
| NL | 88.221.24.9:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 50.65.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:55486 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| N/A | 127.0.0.1:55492 | tcp | |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.23.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | photos-ugc.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | photos-ugc.l.googleusercontent.com | tcp |
| NL | 142.251.36.1:443 | photos-ugc.l.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | i4.ytimg.com | udp |
| US | 8.8.8.8:53 | i4.ytimg.com | udp |
| DE | 172.217.23.206:443 | i4.ytimg.com | tcp |
| NL | 142.251.36.1:443 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | i4.ytimg.com | udp |
| DE | 172.217.23.206:443 | i4.ytimg.com | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | udp |
| NL | 142.250.179.138:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| NL | 172.217.168.206:443 | suggestqueries-clients6.youtube.com | tcp |
| NL | 172.217.168.206:443 | suggestqueries-clients6.youtube.com | tcp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.168.217.172.in-addr.arpa | udp |
| NL | 172.217.168.206:443 | suggestqueries-clients6.youtube.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| NL | 142.250.179.174:443 | i9.ytimg.com | tcp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| NL | 142.250.179.174:443 | i9.ytimg.com | tcp |
| NL | 142.250.179.174:443 | i9.ytimg.com | tcp |
| NL | 142.250.179.174:443 | i9.ytimg.com | tcp |
| US | 8.8.8.8:53 | i9.ytimg.com | udp |
| NL | 142.250.179.174:443 | i9.ytimg.com | udp |
| US | 8.8.8.8:53 | rr4---sn-5hnekn7k.googlevideo.com | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 209.85.226.73:443 | rr4---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.73:443 | rr4---sn-5hnekn7k.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-5hnekn7k.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-5hnekn7k.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2---sn-5hnekn7k.googlevideo.com | udp |
| NL | 209.85.226.71:443 | rr2---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.71:443 | rr2---sn-5hnekn7k.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr2.sn-5hnekn7k.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr2.sn-5hnekn7k.googlevideo.com | udp |
| NL | 209.85.226.71:443 | rr2.sn-5hnekn7k.googlevideo.com | udp |
| US | 8.8.8.8:53 | 71.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr4---sn-5hnekn76.googlevideo.com | udp |
| NL | 209.85.226.9:443 | rr4---sn-5hnekn76.googlevideo.com | tcp |
| NL | 209.85.226.9:443 | rr4---sn-5hnekn76.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr4.sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr4.sn-5hnekn76.googlevideo.com | udp |
| NL | 209.85.226.9:443 | rr4.sn-5hnekn76.googlevideo.com | udp |
| US | 8.8.8.8:53 | 9.226.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hneknek.googlevideo.com | udp |
| NL | 74.125.8.136:443 | rr3---sn-5hneknek.googlevideo.com | tcp |
| NL | 74.125.8.136:443 | rr3---sn-5hneknek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hneknek.googlevideo.com | udp |
| NL | 74.125.8.136:443 | rr3.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | 136.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hnednss.googlevideo.com | udp |
| NL | 172.217.132.200:443 | rr3---sn-5hnednss.googlevideo.com | tcp |
| NL | 172.217.132.200:443 | rr3---sn-5hnednss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hnednss.googlevideo.com | udp |
| NL | 172.217.132.200:443 | rr3.sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | 200.132.217.172.in-addr.arpa | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4---sn-5hneknee.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-5hnekn7k.googlevideo.com | udp |
| NL | 209.85.226.74:443 | rr5---sn-5hnekn7k.googlevideo.com | tcp |
| NL | 209.85.226.74:443 | rr5---sn-5hnekn7k.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr5.sn-5hnekn7k.googlevideo.com | udp |
| US | 8.8.8.8:53 | r4---sn-ab5l6nr6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr5.sn-5hnekn7k.googlevideo.com | udp |
| US | 74.125.172.169:443 | r4---sn-ab5l6nr6.googlevideo.com | tcp |
| US | 8.8.8.8:53 | r4.sn-ab5l6nr6.googlevideo.com | udp |
| US | 8.8.8.8:53 | r4.sn-ab5l6nr6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 74.226.85.209.in-addr.arpa | udp |
| NL | 209.85.226.74:443 | rr5.sn-5hnekn7k.googlevideo.com | udp |
| US | 74.125.172.169:443 | r4.sn-ab5l6nr6.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1---sn-5hneknek.googlevideo.com | udp |
| NL | 74.125.8.134:443 | rr1---sn-5hneknek.googlevideo.com | tcp |
| NL | 74.125.8.134:443 | rr1---sn-5hneknek.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-5hneknek.googlevideo.com | udp |
| NL | 74.125.8.134:443 | rr1.sn-5hneknek.googlevideo.com | udp |
| US | 8.8.8.8:53 | 169.172.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr1.sn-5hnednss.googlevideo.com | udp |
| NL | 172.217.132.198:443 | rr1.sn-5hnednss.googlevideo.com | tcp |
| NL | 172.217.132.198:443 | rr1.sn-5hnednss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr1.sn-5hnednss.googlevideo.com | udp |
| NL | 172.217.132.198:443 | rr1.sn-5hnednss.googlevideo.com | udp |
| US | 8.8.8.8:53 | 198.132.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.72:443 | rr3---sn-5hneknee.googlevideo.com | tcp |
| NL | 74.125.8.72:443 | rr3---sn-5hneknee.googlevideo.com | tcp |
| US | 8.8.8.8:53 | rr3.sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | r3---sn-a5msener.googlevideo.com | udp |
| US | 8.8.8.8:53 | rr3.sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | r3.sn-a5msener.googlevideo.com | udp |
| US | 173.194.8.72:443 | r3.sn-a5msener.googlevideo.com | tcp |
| US | 8.8.8.8:53 | r3.sn-a5msener.googlevideo.com | udp |
| NL | 74.125.8.72:443 | rr3.sn-5hneknee.googlevideo.com | udp |
| US | 173.194.8.72:443 | r3.sn-a5msener.googlevideo.com | udp |
| US | 8.8.8.8:53 | 72.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.8.194.173.in-addr.arpa | udp |
| NL | 142.251.36.1:443 | googlehosted.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea03d9602828b2d8f2b8817e89b06960 |
| SHA1 | 80b3dad92c2312b04b2a4fae005e9cd0bf6d4e71 |
| SHA256 | e116c715af3149df19bd1b776adcac0979f08efc2568690dfa0d068dd8d6209c |
| SHA512 | cfbc15f519e58578f2a25d6eb75784f64e836f93c78d72c4c1b06f4e47016135625ea5d8db1540a6aec3e1c60732d45f1e1f2ac6c007c552835fb4d71c474a08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7bd0e7f49dddea849f50b27d5d897b2e |
| SHA1 | 524e70733f1e3017f9c5907bc02a64a207e7aca2 |
| SHA256 | 2792efc2d905006549a1dfbc8d72718e62c0292d352f03d39d85ca1ae4fe5f36 |
| SHA512 | 179e5614dfb8bd59a8f4a91dd36675c8bc48b8eb6b2003c1147ce02ae521ce6d70acc2b523972a74439fd0c3a660b46d80e2275c1d7d74ca05ecdafd49cf84df |
\??\pipe\LOCAL\crashpad_2576_SIOXVYLXLFVAFQKO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74cf55477c1a293cab304c71e45d0534 |
| SHA1 | aaabaa5bbd1da4b215acd9d5fd9d3a9ef7953fd5 |
| SHA256 | 29893f25b45d55fad5bea3fd2bad77630ef35efd4cffffaba23ff0c1f80f8c17 |
| SHA512 | af874d1ba3f8c6689f0270d3f032be595fd815f6bbad92f558acf98f6d9978360727951f74a1731b8066b5a8991d3e359880c827e6e54c539e3fd3fa939f84ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\prefs-1.js
| MD5 | a7ebbcff282fde1ce52e8b1d59d7e4b3 |
| SHA1 | 3212867d1adc0fb0721039829fedddfe4ab01cc1 |
| SHA256 | b9dd8de7c5f4950ef878632cd9d43baa3cd194f66b7d5960c33c04ffb0b719fa |
| SHA512 | 4d43654686ff1c791d1f2e995a503eac9850f979e2098837e31666db1a80cbb66d34c772f3605adba113fb625995b11524dc7f0ce95647e88d5f7a30b3a2e523 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a6367ca1c0ff9866476de0f7e8193d9b |
| SHA1 | 9ac0743eb1494114e3290d37498ad68a1da30ee2 |
| SHA256 | 84591af9b0847495a4057c7dfc4268f77afc3ebe62e05fb96d6a58151f00dd06 |
| SHA512 | 6bffc72dfaf2490ebfa4730073ae4ef56340f7ce4b82619c7a42482a3eb2af8f0a046e7582083c9adf17b836f8efc4d3e6aeda7e129bd944b39c143a5f32dbaf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\103\{f3cff47e-2f97-40c1-8e35-1585730c7667}.final
| MD5 | 8677d18d21f99a25e4c5f5f852df9510 |
| SHA1 | d20cc94ab8b02dfde9f446856ca0d8b25285c2aa |
| SHA256 | f0dee5e3e26ca9ccc7f69498ccc13cd4b1a701e39cff179e487b160ed4055014 |
| SHA512 | 0aedc76bc3bafede69ab68587352ab26f3341054a040600438a3dbc121be3f422c814d5c6c493fba6f2e843a826482dd4f9ffa34032e24272fa9741eedf5ee4d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\idb\3831057489yCt7-%iCt7-%r2e1s7peo.sqlite
| MD5 | 2964678fdfa02b9773a7ddfaa11890b5 |
| SHA1 | ac01c0b61bd664d52334bf44b3fdc1dd6b6cbe6d |
| SHA256 | 6bc835cd4762da4cfb58af3888a77b28c0764371c2e7439dad372a3ff2fba491 |
| SHA512 | 5500d6ca81da2826cb242518e5b21546d2ef87b7701c22e6b51c6b947ad42212718b1a6864b4e46b4bb43b2c3346d4b19c398239a96ac308397d9bba2573fbea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
| MD5 | 612d78aae151d857a7a8620a24253e0e |
| SHA1 | 1a54fded5579844f36dd043c098bfeb6f8becebd |
| SHA256 | 2d01741ad51b43012f56c0f8334407f0ec9f18a2fdf130b7a55f3874e11df376 |
| SHA512 | 0288448d67fd12b29c35368129c672e301d7b516d689e621a1475f7eb01ee27e5897ff511883ac77d2cacb99dc914a3ab795d022b638d09fb9ee6ae0c03b1ee3 |
memory/7084-641-0x00000225EE940000-0x00000225EE950000-memory.dmp
memory/7084-657-0x00000225EEA40000-0x00000225EEA50000-memory.dmp
memory/7084-679-0x00000225F6FD0000-0x00000225F6FD1000-memory.dmp
memory/7084-681-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-682-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-683-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-684-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-685-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-686-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-689-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-690-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-691-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-692-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp
memory/7084-693-0x00000225F6C20000-0x00000225F6C21000-memory.dmp
memory/7084-694-0x00000225F6C10000-0x00000225F6C11000-memory.dmp
memory/7084-696-0x00000225F6C20000-0x00000225F6C21000-memory.dmp
memory/7084-699-0x00000225F6C10000-0x00000225F6C11000-memory.dmp
memory/7084-702-0x00000225F6B50000-0x00000225F6B51000-memory.dmp
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
| MD5 | bc88d96e24442fc1ded6baa172c7484f |
| SHA1 | be3afe848a225862b995209c1f2b9ff15e685ffd |
| SHA256 | 36e36d38f994ec0f9ab85042ebb7782d6b82c1041bf7f63bda287f0f5ba0d335 |
| SHA512 | aec4b145e81eb51d6b4ad09795a73f17e822f1dd437852ba56b2900f251348ce5b8950fb962bc16d0277138d66e464d12ab3e096820297ddad1e55736625b6e4 |
memory/7084-714-0x00000225F6D50000-0x00000225F6D51000-memory.dmp
memory/7084-719-0x00000225F6D60000-0x00000225F6D61000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 94ae46fa8270f654af794841840acae8 |
| SHA1 | efa747051fe7f2f9f709ba2bb9013df72026811e |
| SHA256 | c02761a1a72df4c9bd24e0ec701bc2cfd206bf29f7226febf2857174bbf56099 |
| SHA512 | 1d2b1b77ed84a54fbde7448ac74b739c9edf2274f6827b9e7cb29d4268d01b86bdaf380f8b1e609d04e2107e56d6521a5cd023d99b1c64e84a556e70f09729ba |
memory/7084-725-0x00000225F6D60000-0x00000225F6D61000-memory.dmp
memory/7084-726-0x00000225F6E70000-0x00000225F6E71000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\prefs-1.js
| MD5 | 9ec10ebc0502e4ca5e0a8e7d13e7be0e |
| SHA1 | 790cedc7f577a666864c212cb35a97c1262d36ce |
| SHA256 | 464ee8b9105261b99d3f9e2f81965147805796c4eb1c36ad47e32e645cbf9402 |
| SHA512 | 2058b26aa7745a73c9e2564f6516a1918e10682cf4c560e7107c6145b1de5e320ce5e476c7a576d4e860d25660f530572936721bd54963f030eba9d12114c931 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d5205c20d7c93f25f1200b547dc95c98 |
| SHA1 | 5ddb095dfdc770c98fdf4dd68e5ae3e6dc97ac6d |
| SHA256 | a1ba2b1d5b9758b1165cc572c83547b1a408d51dd1ff8c5edf83d57e9789b8e7 |
| SHA512 | ba158b805537278f7be25ee58e969db465e52890d58e52b25e13ec2dedda00fd83fb3f37b0fc35e44f3e938a173ff3ad4c5251b6ae9ff3d3f54dc4ca36b6023b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\prefs-1.js
| MD5 | bee7a582daf19dbaed4643567f244dd8 |
| SHA1 | 37ec6fd247c77ca3c3d1315de24f67b1aa32da01 |
| SHA256 | 47c40719469d4c62831dd36f081d4b281438f774770b16c84dcd20e07700eb21 |
| SHA512 | 465bebd78be90923db4c0cd7839ac6a2174ca5b455ccfe3cf7481c4112f6ed2843304cda3a2996d3dca062ec6c17383fa28a1521f29b51d46affda0adf78a0c8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 41b54af506b9e1d4db44be53169833e2 |
| SHA1 | 11f1160fc4d2d996b7441e7a548a268ca678c75c |
| SHA256 | 83f4c91032b1ce768b62037093cdfc5e16329c5014a1918bbe1ade6c7657f76d |
| SHA512 | 3e5d5039cb6c12884afda0d4c5eab0d0c4eadfd53da91917477a9d6da4cc7da39021bda9866a4449251ce801fe83a57d89b15d3ef60f281b553366668f2b8ef4 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:18
Platform
android-x86-arm-20230831-en
Max time network
4s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:18
Platform
android-x64-20230831-en
Max time network
5s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:18
Platform
android-x64-arm64-20230831-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:20
Platform
macos-20230831-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/DIM Premium Primismatic Precision Select.ani"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/DIM Premium Primismatic Precision Select.ani"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/DIM Premium Primismatic Precision Select.ani"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/DIM Premium Primismatic Precision Select.ani]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/DIM Premium Primismatic Precision Select.ani]
/bin/zsh
[/bin/zsh -c /Users/run/DIM Premium Primismatic Precision Select.ani]
/bin/zsh
[/bin/zsh -c /Users/run/DIM Premium Primismatic Precision Select.ani]
/Users/run/DIM
[/Users/run/DIM Premium Primismatic Precision Select.ani]
/Users/run/DIM
[/Users/run/DIM Premium Primismatic Precision Select.ani]
/usr/bin/rsync
[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.a0jkzsfSB0/m/Google Chrome.app/ /Applications/Google Chrome.app]
/usr/bin/rsync
[rsync --ignore-times --links --perms --recursive --times --delete-after --include=/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current --exclude=/Contents/Frameworks/Google Chrome Framework.framework/Versions/* --exclude=/Contents/Versions/* /tmp/KSInstallAction.a0jkzsfSB0/m/Google Chrome.app/ /Applications/Google Chrome.app]
/bin/rm
[rm -f /Applications/Google Chrome.app/.want_full_installer]
/bin/rm
[rm -f /Applications/Google Chrome.app/.want_full_installer]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CFBundleShortVersionString]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSVersion]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSUpdateURL]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info KSChannelID]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]
/usr/bin/defaults
[defaults read /Applications/Google Chrome.app/Contents/Info CrProductDirName]
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister
[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]
/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister
[/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f /Applications/Google Chrome.app]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin
[ksadmin --register --productid com.google.Chrome --version 116.0.5845.110 --xcpath /Applications/Google Chrome.app --url https://tools.google.com/service/update2 --tag universal --tag-path /Applications/Google Chrome.app/Contents/Info.plist --tag-key KSChannelID --brand-path /Library/Google/Google Chrome Brand.plist --brand-key KSBrandID --version-path /Applications/Google Chrome.app/Contents/Info.plist --version-key KSVersion]
/bin/ps
[ps -ewwo comm=]
/bin/ps
[ps -ewwo comm=]
/usr/bin/grep
[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]
/usr/bin/grep
[grep -Fqx /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/]
/usr/bin/cut
[cut -c 1-108]
/usr/bin/cut
[cut -c 1-108]
/usr/sbin/lsof
[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]
/usr/sbin/lsof
[lsof /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69/Google Chrome Framework]
/bin/rm
[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]
/bin/rm
[rm -rf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/95.0.4638.69]
/usr/sbin/chown
[chown -Rh root:wheel /Applications/Google Chrome.app]
/usr/sbin/chown
[chown -Rh root:wheel /Applications/Google Chrome.app]
/bin/chmod
[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]
/bin/chmod
[chmod -R a+rX,u+w,go-w /Applications/Google Chrome.app]
/usr/bin/find
[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]
/usr/bin/find
[find /Applications/Google Chrome.app -type l -exec chmod -h a+rX,u+w,go-w {} +]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/bin/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/bin/chmod
[chmod -h a+rX,u+w,go-w /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Default Apps /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/KeystoneRegistration /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Resources /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Frameworks/KeystoneRegistration.framework/Helpers /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/116.0.5845.110/Helpers/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksadmin /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/Current /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Libraries /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Google Chrome Framework /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Internet Plug-Ins /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Frameworks /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Helpers]
/usr/bin/xattr
[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]
/usr/bin/xattr
[xattr -d -r com.apple.quarantine /Applications/Google Chrome.app]
/usr/bin/hdiutil
[/usr/bin/hdiutil detach /tmp/KSInstallAction.a0jkzsfSB0/m]
/sbin/umount
[/sbin/umount /private/tmp/KSInstallAction.a0jkzsfSB0/m]
/sbin/umount
[/sbin/umount /private/tmp/KSInstallAction.a0jkzsfSB0/m]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]
/sbin/mount_msdos
[/sbin/mount_msdos -o perm -o nobrowse /dev/disk1s1 /Volumes/firmwaresyncd.rCvGRA]
/sbin/kextload
[/sbin/kextload /System/Library/Extensions/msdosfs.kext]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash.Root]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mediaremoteagent]
/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent
[/System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.imfoundation.IMRemoteURLConnectionAgent 488]
/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent
[/System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteURLConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.1:443 | tcp | |
| US | 8.8.8.8:53 | 40.courier-push-apple.com.akadns.net | udp |
| US | 17.248.236.68:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e673.dsce9.akamaiedge.net | udp |
| NL | 142.251.39.110:443 | tcp | |
| US | 8.8.8.8:53 | pki-goog.l.google.com | udp |
| NL | 142.251.36.35:80 | pki-goog.l.google.com | tcp |
| NL | 142.251.36.35:80 | pki-goog.l.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| DE | 17.253.79.201:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 23.44.233.108:443 | help.apple.com | tcp |
| GB | 23.44.233.108:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.65.88:443 | tcp |
Files
/Library/Google/GoogleSoftwareUpdate/TicketStore/.dat.nosync02bd.3CjH7E
| MD5 | 89b8d39274ab843763802b1bab057355 |
| SHA1 | ecbd29c0aecef8dde1d3c63d24fcf0c52ada6f4b |
| SHA256 | ce282b49b174defe931185ce29d236a9a9abcd635591e9b190287aa58ae18a49 |
| SHA512 | 6e2ed7f0a1111dd6d80e0a7c770e7d187e607ee04108d057e45e1fbaf9f361f6f03cc13a04fa193e8044745ce4c3ddba8a27a9345419de2f3aca4a84f0f4d6cb |
Analysis: behavioral9
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:18
Platform
debian9-mipsbe-20230831-en
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/DIM Premium Primismatic Precision Select.ani
[/tmp/DIM Premium Primismatic Precision Select.ani]
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:18
Platform
debian9-mipsel-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/DIM Premium Primismatic Precision Select.ani
[/tmp/DIM Premium Primismatic Precision Select.ani]
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:20
Platform
win7-20230831-en
Max time kernel
117s
Max time network
120s
Command Line
Signatures
Enumerates physical storage devices
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\DIM Premium Primismatic Precision Select.ani"
Network
Files
memory/2416-21-0x0000000002200000-0x0000000002201000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:18
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
3s
Command Line
Signatures
Processes
/tmp/DIM Premium Primismatic Precision Select.ani
[/tmp/DIM Premium Primismatic Precision Select.ani]
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2023-09-14 04:17
Reported
2023-09-14 04:18
Platform
debian9-armhf-20230831-en
Max time kernel
1s
Command Line
Signatures
Processes
/tmp/DIM Premium Primismatic Precision Select.ani
[/tmp/DIM Premium Primismatic Precision Select.ani]