Analysis Overview
Threat Level: Shows suspicious behavior
The file http://rb.gy/hzjhlb was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads the content of photos stored on the user's device.
Resource Forking
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-12 02:51
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-03-12 02:51
Reported
2024-03-12 02:54
Platform
android-x64-arm64-20240221-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.180.10:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.213.14:443 | udp | |
| US | 1.1.1.1:53 | rb.gy | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | rb.gy | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 52.203.241.203:80 | rb.gy | tcp |
| US | 1.1.1.1:53 | 0sg0vat0.com | udp |
| US | 104.21.24.18:80 | 0sg0vat0.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.16.234:443 | safebrowsing.googleapis.com | tcp |
| US | 104.21.24.18:443 | 0sg0vat0.com | tcp |
| US | 104.21.24.18:443 | 0sg0vat0.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | xafwpyl | udp |
| US | 1.1.1.1:53 | ktdauwq | udp |
| US | 1.1.1.1:53 | mvvpzykjz | udp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
Files
files/dom-0.html
| MD5 | 16b6228429e525fea695c38bf7c2c6b2 |
| SHA1 | 63b3389f855ff21b4a8edf9c924f979544836c9b |
| SHA256 | 9e18db81d088ae9254a5c2caf36350dddc4c5776d2e4a7c1c3dd7faaad5ac1e1 |
| SHA512 | 01d69f746f6658a929a0e22aa18bc5fd3524cfc76ac38e8aa727ba9c089454695a132212fbe3389a43e4f49a312885ddbc53bad1952e84a7619d357909fda312 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-03-12 02:51
Reported
2024-03-12 02:55
Platform
macos-20240214-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd | N/A | N/A |
Processes
/usr/libexec/xpcproxy
[xpcproxy com.apple.pluginkit.pkd]
/usr/libexec/pkd
[/usr/libexec/pkd]
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://rb.gy/hzjhlb"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://rb.gy/hzjhlb"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://rb.gy/hzjhlb]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://rb.gy/hzjhlb]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2481EFE7/OneDrive.app]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window http://rb.gy/hzjhlb]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=19]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=295809449 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=58]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=295858791 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=58]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ViewBridgeAuxiliary]
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=299696921 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=72]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system]
/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 --system --database=/Library/Application Support/Google/GoogleUpdater/122.0.6234.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=122.0.6234.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=9 --launch-time-ticks=311712480 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=71]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=104]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=315894454 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=105]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=316652027 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=105]
/usr/libexec/xpcproxy
[xpcproxy com.apple.speech.speechsynthesisd]
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=13 --launch-time-ticks=328089661 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=105]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=14 --launch-time-ticks=342352874 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=105]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.cfprefsd.xpc.agent]
/usr/sbin/cfprefsd
[/usr/sbin/cfprefsd agent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=15 --launch-time-ticks=357983817 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=105]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=113]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=20 --launch-time-ticks=380570552 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=23 --launch-time-ticks=407088868 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=112]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=25 --launch-time-ticks=432248290 --shared-files --field-trial-handle=1718379636,r,16799263631708408958,6162552151403481832,131072 --seatbelt-client=113]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportCrash.Root]
/System/Library/CoreServices/ReportCrash
[/System/Library/CoreServices/ReportCrash daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 31.courier-push-apple.com.akadns.net | udp |
| GB | 104.84.95.239:80 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| FR | 40.79.141.154:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 29-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 52.203.241.203:80 | rb.gy | tcp |
| US | 52.203.241.203:80 | rb.gy | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.251.36.35:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 22-courier.push.apple.com | udp |
| NL | 142.250.179.138:443 | optimizationguide-pa.googleapis.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 104.21.24.18:80 | 0sg0vat0.com | tcp |
| US | 104.21.24.18:443 | 0sg0vat0.com | tcp |
| NL | 142.250.179.138:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.21.24.18:443 | udp | |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | udp | |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 45.courier-push-apple.com.akadns.net | udp |
| GB | 17.57.146.12:5223 | 45.courier-push-apple.com.akadns.net | tcp |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | 41-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 10.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 27-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | 21-courier.push.apple.com | udp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| GB | 104.91.71.85:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 104.91.71.86:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| NL | 142.251.36.35:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | 16.courier-push-apple.com.akadns.net | udp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 17-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 47-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | 39-courier.push.apple.com | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 18-courier.push.apple.com | udp |
| IE | 17.57.146.88:5223 | 18-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | 49.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 29.courier-push-apple.com.akadns.net | udp |
| IE | 17.57.146.88:5223 | 49.courier-push-apple.com.akadns.net | tcp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 43.courier-push-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | 37-courier.push.apple.com | udp |
Files
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/bb550bcc-7d5e-4b84-bb02-0ba65e770a54/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.aFPm9r/obedbbhbpmojnkanicioggnmelmoomoc_20230916.567854667.14_all_ENGB500000_lemirj6o5bo3eidbttdtuebyxm.crx3
| MD5 | 9e04a1169f7b4672cf74ab3cd95089eb |
| SHA1 | c659c4628b5ce7727bc02fe882874bc2e3115601 |
| SHA256 | b9685d1e3054ce061c8c804b6e8983c6f62deb37d3882c2de2ef300666e91af3 |
| SHA512 | 334e2b1655943d4724ddd3c5df588853edd1c526706178aedf216524cd506f1423e7538fdfe327c10080d49d8eedd7208ea4c73cbae02ce7f6ea5d851cf9ac01 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.aFPm9r/obedbbhbpmojnkanicioggnmelmoomoc_20230916.567854667.14_all_ENGB500000_lemirj6o5bo3eidbttdtuebyxm.crx3
| MD5 | aa9a8b1658afb35c176d23267db90003 |
| SHA1 | c4231e67faf598d325580d5fb156b1894c0aaac5 |
| SHA256 | fc11c3f797153027494aebf869d62d81319996b0e2b888f190539fcf164cbc88 |
| SHA512 | 2dc6e7a03f187021f2b4ce6576bdd35447ffd6823b0c2f2c44e8b71a0e5ee57281d045d115964c16c0b433bf5035d0fa2466584c2e5bb65ad9a278c378efc9dc |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1202.xml
| MD5 | f627cf4820da06be8e6ff3fdec6ebfee |
| SHA1 | 993d8ec88721b9e76c3fe1f5987338a61b452bf8 |
| SHA256 | f1d2905b871b9b80172b7c9dc298c1a3dd355e6ae633f77562f4e06ed52a54e7 |
| SHA512 | bf698aa0eee296df872b91432670af719bda88be3b6d210a567b500da1cedc0e07055a805c2331ccacea0a8a17396e2e37b4bf70894b9052723049c96083001f |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.aFPm9r/obedbbhbpmojnkanicioggnmelmoomoc_20230916.567854667.14_all_ENGB500000_lemirj6o5bo3eidbttdtuebyxm.crx3
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.LFkAwv/lmelglejhemejginpboagddgdfbepgmp_437_all_ZZ_cfzwzjuh24lqzad3sg6skj2w6a.crx3
| MD5 | f59ad66729a27ade3909b9969fc27650 |
| SHA1 | 73c3948813c29a4228533e29e814a078478392de |
| SHA256 | 9709a308be6e46e5a9f1bb7eb2326bff44513fd18ab834db660480aa0052a409 |
| SHA512 | 2a67545470b4bf6d7d557697b4b2d8c53d8215ce8beb479614c65c60d71fbe45cb168694dfe7604146d481cd3f118bb29b6359d9ee816ea7a7387054c2654289 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.RoXjhN/ALzUVHP-vRgKCzqwbtGugSE
| MD5 | 0bf5369cda2102f7a1f1fec9ae6f69ff |
| SHA1 | 1a6b9c07dd6cf2aa5d969499ddff8a0dfc15e86c |
| SHA256 | fd515ec0dc30d25a09641b8b83729234bc50f4511e35ce17d24fd996252eaace |
| SHA512 | 39c131142cecb88eedf7f74bac4dfbc50c1de88f3ffd10d1cca79b154a95c59d6f09c78580367e39dbc648fa0a87a74a4e9a336d691f68388e43b7e2efd40f71 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Ln1Cj5/khaoiebndkojlmppeemjhbpbandiljpe_63_mac_acj4pge7wnngtgdmbzd4p5k36luq.crx3
| MD5 | dd093ee4be8228581afa24a12c4ff5ae |
| SHA1 | 744b07f0920111293fd8614a8c08b91a7a9fbd51 |
| SHA256 | 458d41f9ddcf8cb983af99e4765c6653d1e70a30d15491f5b1cbee0ce4b07907 |
| SHA512 | 4fc4a8453804b44d9e2bc54c01fa68e7b69a21a2ff0da8bc73386bd94ac9b173fa84f26fa801e13e384ac2842e44c69ea9443e509418ebe385ebea1df3ec205d |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 1dde5be7b6612dcb0ce5e2d3df0cd3c2 |
| SHA1 | 6062e91b443be0608b6bc74a073b7802267b438b |
| SHA256 | 8b0780f121da1a0b039990293113e8669b61b9a621727144604b5537ca44bbf2 |
| SHA512 | dd264c271d8271554bb7040634daa9703915442f9ab966ec0c5b2ecfa3a661722559cada8a0c42bf2ad425a798a9f7fa0ed943d5af3037b77e2830a446c9745a |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.P3sxBB/hfnkpimlhhgieaddgfemjhofmfblmnib_8592_all_ad64tbejt4zzasdnomzlva3fbimq.crx3
| MD5 | 98ecf2af98308eaf05e10b9e4530e4f2 |
| SHA1 | 8b39cbbfdd61c595b7a1b26a871ffe64d10e78ba |
| SHA256 | 3e51a65d05422d0d3d4146ad8254045e3ea9d7e8e527f04311a3b6568ece32af |
| SHA512 | cbe22e8d04e5300cc7712faeadd7e4b8b2ff329759af37e8f6bde15944962e335faf6b5a2f3d06afbe6c452568371d8aa88a46868d261c012243b2f117a520b9 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ROXYUG/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 39fbc1bf4c6c8f919181e3e72630f974 |
| SHA1 | b73f2394a2c1ac341df75ba63eef4e5e9830fade |
| SHA256 | 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96 |
| SHA512 | 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.f6HZvi/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
| MD5 | e680384ae7b493ec85db2773c8a38bd2 |
| SHA1 | bfd75547a8b6d6138c7db86233417c7de4100577 |
| SHA256 | fe55c63d67784ce2376505c6da2d14657c934b80db41fb2459b2b7dff20e2e5c |
| SHA512 | deeb6d009a4bf007091234c53576c2c8f0fa4e955227b226ab88f42585d7d6a25ac500528ddad08dda64af4a158591547e775434666621bf37f65063788f40bd |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.f6HZvi/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
| MD5 | 5c51b3e19a79a4d4ff4d0586c0acc9a4 |
| SHA1 | 8c003ecc3a2b7326587af32fa9d0d44add2498e3 |
| SHA256 | e7d813b81cf55d79ae178ad76ef9799c44b9ccfc066aaf36b9d80e29e3be5bb7 |
| SHA512 | 7c1601913019b49d464f4ad7f33057b6cfdf63bbfb10fb910b8ba1995673e76eced6ef932c777c3086d3f9c587b18b75231756594688c6e995b2abb08b6e68fb |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-12 02:51
Reported
2024-03-12 02:57
Platform
win10v2004-20240226-en
Max time kernel
329s
Max time network
334s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rb.gy/hzjhlb
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc04d746f8,0x7ffc04d74708,0x7ffc04d74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5942123074077677744,14276056857332623198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | rb.gy | udp |
| US | 54.243.202.67:80 | rb.gy | tcp |
| US | 54.243.202.67:80 | rb.gy | tcp |
| US | 8.8.8.8:53 | 0sg0vat0.com | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.202.243.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 172.67.216.76:80 | 0sg0vat0.com | tcp |
| US | 172.67.216.76:443 | 0sg0vat0.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 76.216.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 184.3.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 211.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 279e783b0129b64a8529800a88fbf1ee |
| SHA1 | 204c62ec8cef8467e5729cad52adae293178744f |
| SHA256 | 3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932 |
| SHA512 | 32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cbec32729772aa6c576e97df4fef48f5 |
| SHA1 | 6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba |
| SHA256 | d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e |
| SHA512 | 425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0 |
\??\pipe\LOCAL\crashpad_3536_HQJEBURJVTABCPLK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49a8ef04133f0587edb968e6827e5e9f |
| SHA1 | c51ab05ed2c9b60ee2e72a426f62efc8fc0a0da6 |
| SHA256 | aa2c1d0ff7e1fbdc2ecf63b92db727c5a1f7b0bf7f448b8a41987b202bf23eb8 |
| SHA512 | 0cabf4f25aa18ad6ea7bc094b99856f2771a64e948a7bae151214e9fec8215918252aa80d0eca2ffb7f7be498fd62e2bcd8e8b68b446823bc9b9d1c458b9cc35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 14af913ca5c9b647d700669cf9e25f2a |
| SHA1 | d6566a77aae327dcacc185c1d6852f0b630e6c8c |
| SHA256 | 403947483ec071f4ed25a4dde6b0812d0fecef02df2236a97997e7b5d925b582 |
| SHA512 | 988a5307efe80b811f2687abbcef9673a90de95ee187c33ac68dd9babff49a0b83157e5475d2b3dc92c3261b77606768f294dfea440463aab7916de3a78fd58c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c650113e887008d65bd39535792ac953 |
| SHA1 | 40a978e305b0ca21dd03326bc7dd62bc38f9f694 |
| SHA256 | 404a2d2c7c45d5d6c0648742b699c7fdffd74daaa8d5dc6ef708160bacfb4730 |
| SHA512 | f73b2c9be86d8bd52450cabfb283c760b5cc6f3fa7a38e56c09eaca0164a551494488abade5f01361615049d5cc7e7fd21c8c43f52c8fe6f1cb71edaf207430e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a14c2969ada420622695ba103865b623 |
| SHA1 | a6715f16531b1bf5c821ff212d070ef4e5c19a3e |
| SHA256 | c05ad58047c45311674c0f31dbe496f97490ec6bfc8155cac50081260e21bb24 |
| SHA512 | 3855a4968bd06f55616fd2554fc4f37ad119cee3eb0bc72c514474294e81bc34dca55d197cf89cecfd3ac1cdb1312163488dc2dbdc15485d07d682d5af1304e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 645d8ac683c48122a1201af64921ed56 |
| SHA1 | 143fa55659762861533acb8ea96db957d3fe8a3e |
| SHA256 | bc356a1889182c56e1617f8fb211c4cee48526b6c0d592734234dd05d6361b0c |
| SHA512 | dfa989f8c09f825a6bb2836e643a8375d5ea9246332ffb3028b54a833a28cd4da2039e8aa48518cc1e9583663a675740e6979510ddd2b23607da1fb9e3f1eb23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | af3edaaaddcb4d44040939c2d2793693 |
| SHA1 | dbe97f38b477ad2e8904a1ea195689b531979881 |
| SHA256 | 58775b4c42e1152e2ccf623dc062d846bc50827750e02abdf5cc88e8ab003bce |
| SHA512 | 91822ba227b152b44d0e8fd3a3ed4600048770d94fe6895ddd73629ec420be00489c40ad5e0f75a662fcc6a6c38c25eafa1be075eb51f701e3870ac03299f345 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6a14d4dd7b393373ee8bdd1cce24b8a9 |
| SHA1 | 493a3dd88d42f722ad1f9142c5e5dc1c9c569ec7 |
| SHA256 | e21db1f4f47be723a464a5770802555bc0aaf66a56c774a330521563cbb3fd59 |
| SHA512 | 0c36121c19a8c413895dc286284a56d6aa30f4e13220c9a1fc1912de695a8b1e1bb50beda72ceedb8437a7f72318716ef8bc35dd24ba9f3ee7f937d0f8ff5d54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | abe64c528afa7b43c069409225255128 |
| SHA1 | df63ea74733d28e8e31782dcc48e15b04432bad3 |
| SHA256 | d5e4a83f58727631ec69742e25f1aa128bb9c573594d621af1f30f78557284b0 |
| SHA512 | 855c46e7667aa2e3b51d6f2e8e49ee5db9e1bd82fd842d34723ffc8487e9e5ee127238df6596f9f591660846fc60abe3abe2f038b0b1cee032a0c99d5c7ec8f2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-12 02:51
Reported
2024-03-12 02:54
Platform
android-x86-arm-20240221-en
Max time kernel
118s
Max time network
134s
Command Line
Signatures
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | rb.gy | udp |
| US | 54.243.202.67:80 | rb.gy | tcp |
| US | 54.243.202.67:80 | rb.gy | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.212.234:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | 0sg0vat0.com | udp |
| US | 104.21.24.18:80 | 0sg0vat0.com | tcp |
| US | 104.21.24.18:443 | 0sg0vat0.com | tcp |
| US | 104.21.24.18:443 | 0sg0vat0.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | ckuezcwtlpssyd | udp |
| US | 1.1.1.1:53 | jrexfeocmomdv | udp |
| US | 1.1.1.1:53 | fsqvbvra | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | jrexfeocmomdv | udp |
| US | 1.1.1.1:53 | jrexfeocmomdv | udp |
| US | 1.1.1.1:53 | ckuezcwtlpssyd | udp |
| US | 1.1.1.1:53 | ckuezcwtlpssyd | udp |
Files
files/dom-0.html
| MD5 | caa41a877c0802dfacad2b969ca87bdb |
| SHA1 | 9c6f26ed1a1ec8d7abe332cbb6b0c3da6b7100a8 |
| SHA256 | 72711b28283c6f8bde1d9e2f0b13845300dbe46ace4d8efd4a5dcd26ef9af7f5 |
| SHA512 | 44acc877064dd3bb0f7f8882b5557b842e43339b2b1c58bb9498d266edbeaee9873cc8d7892d20fcd36c818d0dd67d325fef0a7563aff06ccbe90bfecc161a48 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-12 02:51
Reported
2024-03-12 02:54
Platform
android-x64-20240221-en
Max time kernel
146s
Max time network
157s
Command Line
Signatures
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | rb.gy | udp |
| US | 1.1.1.1:53 | rb.gy | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.178.10:443 | safebrowsing.googleapis.com | tcp |
| US | 3.210.221.128:80 | rb.gy | tcp |
| US | 3.210.221.128:80 | rb.gy | tcp |
| US | 1.1.1.1:53 | 0sg0vat0.com | udp |
| GB | 216.58.213.10:443 | tcp | |
| US | 1.1.1.1:53 | 0sg0vat0.com | udp |
| US | 104.21.24.18:80 | 0sg0vat0.com | tcp |
| US | 104.21.24.18:443 | 0sg0vat0.com | tcp |
| US | 104.21.24.18:443 | 0sg0vat0.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | challenges.cloudflare.com | udp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| US | 1.1.1.1:53 | nigjtpopfr | udp |
| US | 1.1.1.1:53 | wvfxlmwmit | udp |
| US | 1.1.1.1:53 | fhcgynrtgi | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 104.17.3.184:443 | challenges.cloudflare.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
files/dom-0.html
| MD5 | 67b9d02246520cea00f966cb7e2adadf |
| SHA1 | 986b16c54342ed6527b117ab465adcfc2f3760d9 |
| SHA256 | 683c4f0dfd12b0f92c960e9fb919e211f5736c49c8e68b8ead2ff6839953cc01 |
| SHA512 | 20b8e45ce52bc43927fde4aeee1ef4791b8e0759ac6cdb112b02fa7cbde02adc3f094587fae541b860cdac63f3e682ea730e6fa23e8752d5caccba344132c83e |