Analysis Overview
Threat Level: Shows suspicious behavior
The file https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks memory information
Checks CPU information
Reads CPU attributes
Changes its process name
Resource Forking
Checks CPU configuration
Reads runtime system information
Enumerates kernel/hardware configuration
Writes file to tmp directory
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Analysis: static1
Detonation Overview
Reported
2024-05-18 11:58
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 11:58
Reported
2024-05-18 12:04
Platform
win10v2004-20240426-en
Max time kernel
240s
Max time network
284s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{9069E98C-99D5-489D-A0CC-657DE314F197} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc374346f8,0x7ffc37434708,0x7ffc37434718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.dangotoons.com | udp |
| US | 172.67.186.228:443 | www.dangotoons.com | tcp |
| US | 172.67.186.228:443 | www.dangotoons.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dangotoons.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 104.21.43.234:80 | dangotoons.com | tcp |
| US | 8.8.8.8:53 | 228.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.43.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.21.43.234:443 | dangotoons.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.15.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.visariomedia.com | udp |
| GB | 89.187.167.3:443 | www.visariomedia.com | tcp |
| US | 8.8.8.8:53 | visariomedia.com | udp |
| US | 8.8.8.8:53 | c.adsco.re | udp |
| US | 8.8.8.8:53 | 3.167.187.89.in-addr.arpa | udp |
| BR | 216.21.12.16:443 | visariomedia.com | tcp |
| US | 104.17.167.186:443 | c.adsco.re | tcp |
| US | 8.8.8.8:53 | adsco.re | udp |
| US | 8.8.8.8:53 | 6.adsco.re | udp |
| US | 8.8.8.8:53 | 4.adsco.re | udp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 104.17.167.186:443 | 6.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 8.8.8.8:53 | 16.12.21.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.167.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.214.252.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 104.17.167.186:2087 | 6.adsco.re | tcp |
| US | 8.8.8.8:53 | xawgnkxefivo.l4.adsco.re | udp |
| GB | 185.200.118.51:443 | xawgnkxefivo.l4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 8.8.8.8:53 | xawgnkxefivo.n4.adsco.re | udp |
| US | 8.8.8.8:53 | xawgnkxefivo.s4.adsco.re | udp |
| US | 8.8.8.8:53 | hqq.ac | udp |
| US | 38.132.109.115:443 | xawgnkxefivo.n4.adsco.re | tcp |
| US | 38.132.109.186:3478 | udp | |
| SG | 185.200.116.90:3478 | udp | |
| GB | 185.200.118.90:3478 | udp | |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| SG | 185.200.116.51:443 | xawgnkxefivo.s4.adsco.re | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 8.8.8.8:53 | global.stun.twilio.com | udp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 104.17.246.203:443 | unpkg.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | stun2.l.google.com | udp |
| US | 8.8.8.8:53 | wss.commentsmodule.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | vkcdnservice.appspot.com.storage.googleapis.com | udp |
| US | 8.8.8.8:53 | deliver.vkcdnservice.com | udp |
| US | 8.8.8.8:53 | a.labadena.com | udp |
| SG | 185.200.116.51:443 | xawgnkxefivo.s4.adsco.re | tcp |
| DE | 94.130.130.77:443 | a.labadena.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 216.58.204.91:443 | storage.googleapis.com | tcp |
| DE | 94.130.130.77:443 | a.labadena.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| GB | 142.250.187.251:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.118.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.19.115.190.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.109.132.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.246.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.202.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | commentsmodule.com | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 172.67.198.57:443 | commentsmodule.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 77.130.130.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.198.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | correlationcocktailinevitably.com | udp |
| US | 172.240.108.76:443 | correlationcocktailinevitably.com | tcp |
| DE | 51.195.4.167:8443 | wss.commentsmodule.com | tcp |
| US | 8.8.8.8:53 | videocdnmetrika.com | udp |
| US | 172.67.221.128:443 | videocdnmetrika.com | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | videocdnshop.com | udp |
| US | 172.67.199.179:443 | videocdnshop.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:53 | 76.108.240.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.4.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | marazma.com | udp |
| US | 8.8.8.8:53 | xml.popmansion.com | udp |
| US | 172.67.128.55:443 | marazma.com | tcp |
| US | 104.21.87.102:443 | xml.popmansion.com | tcp |
| US | 104.21.87.102:443 | xml.popmansion.com | tcp |
| US | 8.8.8.8:53 | 55.128.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.87.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xml.poprtb.com | udp |
| US | 174.137.133.17:443 | xml.poprtb.com | tcp |
| US | 8.8.8.8:53 | xml.cachegorilla.com | udp |
| US | 8.8.8.8:53 | xml.xmlwiz.com | udp |
| US | 173.239.53.20:443 | xml.cachegorilla.com | tcp |
| US | 174.137.133.17:443 | xml.xmlwiz.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | 17.133.137.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.53.239.173.in-addr.arpa | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_1360_XJYJELWOEJEKFNLC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 79844a3248fcbb93d83118fdb9b36206 |
| SHA1 | 8339d3a009260350a84a21c168a0350b131671f9 |
| SHA256 | 957560c5f71d982981a2e5d427c4031164f53198249360831ab8fc2a76e112a3 |
| SHA512 | 476da4cf1bd3757c75e4585b49a270a47c315431b1951ad76c5a6e09a376d4282f21295acf6895e33322ef0bf8f448c2f729af31539852d8bf2ee22edbf19d03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93911bbac2db9583628d8bb5b1f5be9f |
| SHA1 | 32dbd16f287a10f92dea6cfaf5ecc6f4fa41cd50 |
| SHA256 | a78837f7ff916bf94816b27a7bf49e8edbaf62b4d4ba8b58ab98fe64e36364ba |
| SHA512 | 1181be8e3b40b22246923ca8d8bb1dd383fc49be55180b2144383701b2474964b3ed651f5b9753ac834566b83cf24d39fcbfb1660099680ab4b07ea8ee2f8cce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1476e2959fa1ab148d6ca79b6dcb6d42 |
| SHA1 | 558c4e74a4aa3b63206900e2c89db5f7bc09a608 |
| SHA256 | cf6c9d4c208737222853690c2ae19bd2000c1b6f29aabafff4298753de6b4833 |
| SHA512 | abb48626fdaefc5e125e2b27646216928ca6fb9254551bba1a3439087a22b4a394c5ffb4b9615b8a79f10aa88875cd1fd5819d1acece1b87d79c52a27f1241fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0ee13065f131e661b8f51879017ac7fd |
| SHA1 | ba7832b41ed29f309fa7728ab18dd2bd86bb74e1 |
| SHA256 | 7407abe69c5d6a65113dbc8f3bd3e5d5bf4eaa9f29159bd60a21ff467eacbcf2 |
| SHA512 | ba059b72c36b48ceb39c2aecba627fcc8391aa5b04da829e88e4aba6e88a92305bb764fff0f858628e3faedd414d0bd68f16b642708452c6c48e1ef926b3b980 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 0990403b1d11de4917dc998ed0cf168c |
| SHA1 | 4f3811ca98c919888a571db32e1c0575c91069d7 |
| SHA256 | 63faf734d19752e9b44b38dabb934beb540eaece32f9bcbe0812966e60de8e00 |
| SHA512 | 3c752d63f7201273faabb2194a4e756da47d1c7b1454580affedb0538fc0cc0bfe2d290045f0d94911747cdee7fc35f91ce2466a6a4c2683049ffb47e5212d23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7307c2a9-6ad5-4196-afd6-70e48c673523.tmp
| MD5 | 341302271b703997c96c73faddde60e3 |
| SHA1 | 212e42428852f36e684bb9eea653b90f160d6601 |
| SHA256 | 9b67e33cb6922de9b5916972e6bd13c554ac053763a06b7335f4d52b6c9a4bb0 |
| SHA512 | 30d7e87a1d9406d6ad550d525d1a4282478f5252c85291601ee7225da325d7fb2ca8898167f54cb24055e1019f5fb1edf826ea51568ff2d88224ed30defceac9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f601f79523a3fd5d3c700cd02293916 |
| SHA1 | db17f87a369f894e5ca17a15dd623f56e3e0b58b |
| SHA256 | b463b4d27afba738519c265b2a299dd4e7bdb0d8239475af6d38153b0ecc9c8e |
| SHA512 | b0ca0f1b23295fb747245630842adc7094c252e9e12ccafcfb62f26c8560e4cc8d373deeb373d789afe7be1ad282a4bce8e549cc02b20589105b8c7b39468373 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e9d3.TMP
| MD5 | ea03e1d0d473999a881362ae73982554 |
| SHA1 | ea2299d0890cb5028ed87f0566ee371b3504b7c9 |
| SHA256 | eb65978bfd5bd212041784d35dd7b754c5fb4bf5fc410c025852a42afe711bbf |
| SHA512 | 293bb7fc6e74fc12656afbc5e663a4717b47fff4d609a33ca97ac0ec42c1bfaf5f85c72a784b7890ead71e7e3dbc1344db3f033359347d72dc91a226b8c4cb01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4be52f036dcb820998dffbe6c0ae930f |
| SHA1 | a56bcd49823c4de4ae0f6b88134ef6be09a36e75 |
| SHA256 | 5fff92545b079ed772dace8af9b573380c592add71cde00667f96210d0456ec6 |
| SHA512 | c47bda76c21419677ff0d580a5befd22b2104141a8ce20a110b15a27b89eada9c375df88ea0f17447542f47b148da47c1335b28cc475e6dee039b53fd42745cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 92ca18edbd2af5c574e4f075b71eac41 |
| SHA1 | eae50cc18b18558309c5ea0498f881075f30dff5 |
| SHA256 | 03296696b4b694cc9eeefbac3792e3d847ab8fe9eabbee2878841028de633e23 |
| SHA512 | 9dd88c68d401bf1f86c2ca2f9e140ba8a29bcb263632f6f14bc7c246c41d9857044f8060bc1eae8b37fc545188c9cc2a927a8e37e232eaaada3dd1eceb0903a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 623c335fc69de24821f102a3030df033 |
| SHA1 | cf8f05fe6e7cb55b821b9856ea3ab7431fa9d8d7 |
| SHA256 | 592da4ddfb38ca8cfd68a2a39382c034513360a9551a2d22f859da429f199436 |
| SHA512 | f7b755523fa1d89567f57cab4957f38c723f22f2619f71c907cafa1bfbcfb79a057bbcaa364962f003fd5f242e55d58a7451f954a58c603b3d99d993dc160852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1af0e2cc27ec17ad7307d5c2a6824aee |
| SHA1 | 820aabb3a41b2c30f5491c4eb66ade6d19870f4f |
| SHA256 | b5a629bdf5e55c02a1e8b725df9e12c4d7c804c417f4d7d7346cc9d94e266c16 |
| SHA512 | 463c92050af9fdabcfe3f49f14c293e7b46e1bd13127ec33499b92225b79c66938fea69418272f5b29d15e942ec68957b543deb9405f69e72d00b787a4c6fa28 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 11:58
Reported
2024-05-18 12:04
Platform
win11-20240508-en
Max time kernel
297s
Max time network
299s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1672260578-815027929-964132517-1000\{D79A1616-9A7B-4100-B5D8-287D082D7822} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd41233cb8,0x7ffd41233cc8,0x7ffd41233cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:80 | dangotoons.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 195.181.164.17:443 | www.visariomedia.com | tcp |
| BR | 216.21.12.16:443 | visariomedia.com | tcp |
| US | 104.17.166.186:443 | c.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| US | 104.17.167.186:443 | c.adsco.re | tcp |
| US | 8.8.8.8:53 | 16.12.21.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 162.252.214.5:2087 | 4.adsco.re | tcp |
| US | 104.17.167.186:2087 | c.adsco.re | tcp |
| GB | 185.200.118.51:443 | smrzrapih9s1.l4.adsco.re | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| US | 162.252.214.5:443 | 4.adsco.re | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| US | 38.132.109.186:3478 | udp | |
| SG | 185.200.116.90:3478 | udp | |
| GB | 185.200.118.90:3478 | udp | |
| RU | 88.212.201.204:443 | counter.yadro.ru | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 38.132.109.115:443 | smrzrapih9s1.n4.adsco.re | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| DE | 94.130.130.77:443 | a.labadena.com | tcp |
| GB | 216.58.204.91:443 | vkcdnservice.appspot.com.storage.googleapis.com | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| DE | 94.130.130.77:443 | a.labadena.com | tcp |
| GB | 142.250.187.251:443 | vkcdnservice.appspot.com.storage.googleapis.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.204.58.216.in-addr.arpa | udp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| SG | 185.200.116.51:443 | smrzrapih9s1.s4.adsco.re | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 104.21.44.89:443 | commentsmodule.com | tcp |
| US | 74.125.250.129:19302 | stun.l.google.com | udp |
| SG | 185.200.116.51:443 | smrzrapih9s1.s4.adsco.re | tcp |
| US | 172.67.221.128:443 | videocdnmetrika.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 172.67.199.179:443 | videocdnshop.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.106.100.48:80 | clients.utubeva.damempire.co.uk | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.44.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.116.200.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.199.67.172.in-addr.arpa | udp |
| NL | 94.242.236.130:443 | ig.caudataolibene.com | tcp |
| NL | 94.242.236.130:443 | ig.caudataolibene.com | tcp |
| NL | 212.117.186.12:443 | abiezertilyer.top | tcp |
| US | 172.240.108.76:443 | correlationcocktailinevitably.com | tcp |
| US | 172.67.169.85:443 | xml.popmansion.com | tcp |
| US | 172.67.169.85:443 | xml.popmansion.com | tcp |
| NL | 212.117.186.12:443 | abiezertilyer.top | tcp |
| NL | 212.117.187.140:443 | quartphilyra.top | tcp |
| NL | 212.117.187.140:443 | quartphilyra.top | tcp |
| US | 174.137.133.17:443 | xml.poprtb.com | tcp |
| US | 173.239.53.20:443 | xml.cachegorilla.com | tcp |
| US | 173.239.53.20:443 | xml.cachegorilla.com | tcp |
| DE | 51.195.4.167:8443 | wss.commentsmodule.com | tcp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| GB | 87.248.114.11:443 | s.yimg.com | tcp |
| US | 172.67.128.55:443 | marazma.com | tcp |
| US | 172.67.128.55:443 | marazma.com | tcp |
| IE | 52.214.224.102:443 | guce.yahoo.com | tcp |
| IE | 52.214.224.102:443 | guce.yahoo.com | tcp |
| IE | 52.214.86.142:443 | guce.yahoo.com | tcp |
| IE | 52.214.86.142:443 | guce.yahoo.com | tcp |
| US | 174.137.133.17:443 | xml.poprtb.com | tcp |
| GB | 216.58.204.84:443 | yt-web-embedded-player.appspot.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 216.58.204.84:443 | yt-web-embedded-player.appspot.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | tcp |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| GB | 173.194.183.135:443 | rr2---sn-aigl6ner.googlevideo.com | udp |
| GB | 216.58.204.66:443 | ade.googlesyndication.com | tcp |
| GB | 216.58.204.66:443 | ade.googlesyndication.com | tcp |
| GB | 216.58.204.66:443 | ade.googlesyndication.com | udp |
| GB | 74.125.175.74:443 | rr5---sn-aigl6nzs.googlevideo.com | udp |
| GB | 173.194.183.169:443 | rr4---sn-aigl6ney.googlevideo.com | udp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | udp |
| GB | 74.125.168.103:443 | rr2---sn-aigl6nz7.googlevideo.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f2eb94e31cadfb6eb07e6bbe61ef7ae |
| SHA1 | 3f42b0d5a90408689e7f7941f8db72a67d5a2eab |
| SHA256 | d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de |
| SHA512 | 9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703 |
\??\pipe\LOCAL\crashpad_2780_NSQQLQZSRVNZSXQC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d56e8f308a28ac4183257a7950ab5c89 |
| SHA1 | 044969c58cef041a073c2d132fa66ccc1ee553fe |
| SHA256 | 0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae |
| SHA512 | fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bc92cb00beb060d3f16cd50dd9adc9f |
| SHA1 | 9ed6860db26c8e2ae5c4a85aceeba1ecf7e384ed |
| SHA256 | 017d722b46cd150cb290f5166ba7b00318d84dc85486aec7f02d3942eacc79a9 |
| SHA512 | 68bc04d9593c9451c91bced1c20e9addfc4d90660f9d7ea7453707e22fed443d62a442565da145245bac13f6f176e37e32f554da58ecdecde44f344cd214b3ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b37058342f6700628ec124cef07f8f8 |
| SHA1 | 71c998541789936ededf57cb95b29784250b2ad6 |
| SHA256 | b9872b97f169475cad2459953967f232b243d1ffb1582d3c4fb4659c6e0644a0 |
| SHA512 | 4d00087ec27c33136b7d93ae1cd4f9379ebdcfd1fd53d9fc957450d87ced4159882c03accc35496c6219242be0a81e70910573817e8d221b1f99b5f3331ff47b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fd58ba1-ae57-4cdc-be62-b57d142a57f7.tmp
| MD5 | f0fa8ed90fff0c5d49d520c7cb04d4aa |
| SHA1 | d68e3090584332544861edaba1cd41aa98828cd6 |
| SHA256 | 15a592368221867e44731a62d86b8e8f635c4d418d04d198ff8d3123ca30f9d6 |
| SHA512 | e2af90c83c95d0dc6e193fd420f14d347635a76b9ed8a3ade57311b0c3681d17949403e94f080dd2f60c80dcf03268a356a1efc05cbd6ad0c0caf536beccceff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e5cc46222ff79c8b96a76fed7f600ab1 |
| SHA1 | dc5de488f54e9c19e8e34dc32df90f84c165bbf9 |
| SHA256 | 118fcbf2569ee3a96fd4d98d6e2d63461cc73590d2aaf9e9243364e9d9bb96e8 |
| SHA512 | d3b69d026fdc3692922dabdb83be0e1161ff0039513995d9a1761f9f5f1babf2d3d260cd3e469118b2c10e386becdf233875a3d04dfb41fdc438ddd501c84af0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 0990403b1d11de4917dc998ed0cf168c |
| SHA1 | 4f3811ca98c919888a571db32e1c0575c91069d7 |
| SHA256 | 63faf734d19752e9b44b38dabb934beb540eaece32f9bcbe0812966e60de8e00 |
| SHA512 | 3c752d63f7201273faabb2194a4e756da47d1c7b1454580affedb0538fc0cc0bfe2d290045f0d94911747cdee7fc35f91ce2466a6a4c2683049ffb47e5212d23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\002\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2cd2d9669b6d2e784795bf5270f4f626 |
| SHA1 | f3eda4711fdadf7e5148d7c34b2808d2904df398 |
| SHA256 | a3fde64db569859791228e8a89b6b1f96b7c4d33abafa6ab8c1982b9825271a7 |
| SHA512 | e48fc17934fefd4373d0851a163e461658dbd3753dd3fc61ae34391bd2890c8973eb81b0cf14a65ed6d960df88c1a3c1a64831d38b8ae47e5ea3dc9e36b2ebdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e88.TMP
| MD5 | 0bf0c45122e9bee13e9d472cc3dd49ac |
| SHA1 | 5545704c63c0d9dcd8faa7a7bc1080ed7e7fb6a4 |
| SHA256 | 9ad766adc2a5a3a585f6a4d182a3c53352c8b9d1e81c003ce7c4eb7110c6f0fd |
| SHA512 | 438b3461d508cb9bac1aa179aef359451c5d944800108664df5f7d5e57028b5a05c4ce4c85579971a509c5a39a53c14f06a034c6f9301a8b8f71b83a759b631b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e41eb803febd04df7a13381e3483e106 |
| SHA1 | e1762e473af50b9ffae6568d0fd956480b556417 |
| SHA256 | 99fd7b921da7af24496d7497c626700658e8b2a8d9c789dc3204c82114bf4da3 |
| SHA512 | bffb53efd1d4adcb4ea7b1070ca7a9277c42aa19a7bd98757af59a6b918d76c09a97b6db0874307805cdea76931dcaf8ee03f177777f44fa05a1c8dcc54235f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d11bd4c2b1d7f5641b128acc5da292d4 |
| SHA1 | 1ac2c03a6c7ec384a89ca11f5ccdef25cb30f5c8 |
| SHA256 | 1638c0ed10afea9820276cbd8f10e81c9a3b1c23b3cc5e904686d27190e57d7d |
| SHA512 | 3a16137846e9e007c8b552f96f948b4133c74c758682e102bf3b7d8e51ea5b11ebf2933b277ea5426def6438b7dff0f3681ba544c1fde576f9992b678a4e54ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d05a4fd160800138b6664c0e9bb66ecb |
| SHA1 | 84dbf86d9fccb186661641968d11ff63dfed30c8 |
| SHA256 | aa87018bb7198a84d3b8b0b5ff3945d1734cec01ca274e6f419231c2d7992e19 |
| SHA512 | 4680922005618f132f6a98e47811a3cfef93cba2f98996b673e3b03e905f03ba2e9e014f13367ad903c7843c73c49f8c1d88997b34f6d84607f4ed3a3dd7c12b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ebd88b7b3688a62f7a582e41db93edd3 |
| SHA1 | 832d4ee32d7230552c660db39357440cdc3e6b99 |
| SHA256 | 212af19658b56e56f5c129cf6fbbd9c942b9115c126240162e3a70b7f9a80527 |
| SHA512 | ea1e63ded984562e31081180f8d98a9b36127698ce12cca8b31251ff7e73e4a22a041734c3801c047baf9fd86924773f46b730fd9bdd6407faf9b1bf03033339 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ac689713a58bc63d5098edc41e8f3bd0 |
| SHA1 | 4bcec135a96e47aebdf3e923756839dcf321cc73 |
| SHA256 | e2453c5cfb0c131173b1f5a0022e69fc8891e2394a76d96075758e7e8e3675f8 |
| SHA512 | cedc71a4b23a36f2c68ce73ff365c90fcce091ea1eb3db62887254351aac423f2a78eb8e21b8307ffb0f6ba2dfe4642339d64238c12b8eace744c22196765cbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d17c12a2b0ecc6636bf33c26372faaf |
| SHA1 | ef254f039cbd7386141e29eee5a12804ec7db312 |
| SHA256 | c66b9858d9ad9a20dea669c054d3e3c6d2c1bba39e9bfadf5e205eff24bae17d |
| SHA512 | 7f40b9e0a9b07bed55aeb80c838cfe8cb723c7bf33a6dd3a3f19dc6959c9ebdf677364542dfa7cb1853d140c48406bc764fa77752dcb70de790515070ca9de7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05af5f59ca8cc517155a5c432595e850 |
| SHA1 | 520fe6478a492ae85d364fb370dcdf64fdaee2d2 |
| SHA256 | c3e77ac61704528e70dbd42c5f3c958f2f9695fd3f9111a91191d2168eabc3cb |
| SHA512 | dbae40ad4de4c403938b7f70b860c9412d4ca49fcbbdf7d954a210623d12c1e2718cc14a194c266941e8515304162f8ee6d289d634225df5c80951de7b445f4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 52528f31080872165cdfb9a60997257b |
| SHA1 | 27a660414663c9dfb9b4b9e367e6b460953b8ebf |
| SHA256 | 6075cac5b9ad0e7c9349d630a9fef661c3c9af1dea1dab98c15f17a7224f06b4 |
| SHA512 | a5ea40088ec4b5cf3cb4c75da10a922c0dcaae6d38c99b56ebbc7319fb74f04c782e4186ea81a6e8e31c568aaf7e2f4a2d39b11cbd62fe377198c8b619a812e5 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-18 11:58
Reported
2024-05-18 12:04
Platform
android-33-x64-arm64-20240514-en
Max time kernel
325s
Max time network
326s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.100:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.61.3:443 | tcp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.201.106:443 | safebrowsing.googleapis.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.212.196:443 | udp | |
| US | 172.67.186.228:443 | www.dangotoons.com | tcp |
| US | 172.67.186.228:443 | tcp | |
| US | 172.67.186.228:80 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | udp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 216.58.212.234:443 | gmscompliance-pa.googleapis.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 172.67.186.228:443 | udp | |
| BE | 66.102.1.157:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.201.100:443 | udp | |
| GB | 142.250.180.4:443 | udp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.227:443 | udp | |
| US | 172.67.186.228:443 | udp | |
| US | 172.67.186.228:443 | udp | |
| US | 172.67.186.228:443 | udp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| US | 172.67.186.228:443 | udp | |
| GB | 142.250.178.8:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.187.230:80 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.187.230:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| US | 216.239.34.36:443 | tcp | |
| GB | 142.250.200.35:443 | tcp |
Files
files/dom-0.html
| MD5 | ef5bb172b3469c3bbb62936b35154034 |
| SHA1 | 3d782d240313d9d1a94e59cb993d8375859f730f |
| SHA256 | ad70bbacc3461ee1b09798b849df905a1ed609ee9d6371afb652024aa168efb3 |
| SHA512 | d0ae999791b545cd794761643a12a5a2ec30b0ea9d58b45f16cc1cc50f6ec283e48ea7c62aa7e8f9e9cd1aa55a7e9375dc3d0e38a3b2aef95194e4f628d6b803 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-18 11:58
Reported
2024-05-18 12:04
Platform
macos-20240410-en
Max time kernel
291s
Max time network
197s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.appleseed.seedusaged]
/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged
[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]
Network
| Country | Destination | Domain | Proto |
| AU | 40.79.173.41:443 | tcp | |
| DE | 17.253.79.202:80 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| IE | 20.50.80.210:443 | tcp | |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | gspe35-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| GB | 23.200.147.27:443 | tcp | |
| NL | 72.246.172.153:443 | tcp | |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| NL | 23.209.125.6:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.77.204:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1281.xml
| MD5 | 4b83b8564ef37e681421517132a79483 |
| SHA1 | c53490db81ccdf4012fc0a184cb6bed56d2fde3c |
| SHA256 | 49ee8902d335eaa69e7a62b890f8f49d776187965315cc8a628b2530e50418ff |
| SHA512 | 107ec81b0d99c3c02836bce271a16fe3cb86da2fc191090da10de548b9ec0b6731eb4c4d293a62810acd5f9e9ffc4511278d187aff26cc2c21ae338aefb5ca67 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 05ec2e25832d7e61e9c9c9743b34dc3a |
| SHA1 | 7843d385cb0eb3134137dfe5dd004e837fd7f78c |
| SHA256 | 2a77e9b1aaee43d5944844e4dbe309b7e360e2baaf46166bf3ff184fd11a06dc |
| SHA512 | 33a0b87ad4af2f25e8312ed77e90f621402fbd7290428589ee4feaecacd4224fa804b718ecf6efce64ba5ebecf89219c27c157e0ee31d481bf3b8c59f04d41f6 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a6ef4856e99c9d8e1d9bb762c5a8503a |
| SHA1 | 25d5405ad91791b716ae5a56b37aa2b393854967 |
| SHA256 | 232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa |
| SHA512 | 582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489 |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | 33c47c7b81c4107e36baacb389838011 |
| SHA1 | 1b7ad8859daedb674481b4629a19ab7cd1c321dc |
| SHA256 | 1e8a778abb577963587517d0686618952cf335d3c49ff6e030aa14dd84e2522a |
| SHA512 | a6dc17d9e43132cb26e3672d554c56529b68b3047f4515b5ef200b21e58b1e00a5190f014cbb29c1590081c2cc3e4b613eff7b360c903eaa09e97ade8c936f48 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 2f01f7a00c85e424f82b00b2bf794a7c |
| SHA1 | c75cb52aa31012888dd7c65373d5faba6048c425 |
| SHA256 | 23d6746cb1c1906c9cfb5c69f7377f7cb68965ac0708ed1d600bfd3d3c34ce32 |
| SHA512 | 75131e0145182653cef2edbb968853c9cb3c26c37c5821f3cd69c3ecdde7979ae37e74ecea8ad333090a473177c6dad43bc34f94a8fd104cd4c9b16c8f7b54f8 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-18 11:58
Reported
2024-05-18 12:04
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
299s
Max time network
268s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/tsc_freq_khz | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/virtio0/drm/renderD128 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1774/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/133 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/1832/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1854/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1661/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/134 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1449/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1832/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/90 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1637/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1605/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/79 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/63 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1470/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/72 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1824/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1454/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/132 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/meminfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1838/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /proc/1634/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/67 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/fd/58 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1716/stat | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/mozilla-temp-403823000 | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20982 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {aa64e98b-a26d-4812-b8a8-05550462eeca} 1536 true socket]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20185 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {9b3a7a36-1af8-4a81-8ca4-47c23ed9e42c} 1536 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28664 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {9934385e-3c2e-4685-b1e5-fc20ce0c069a} 1536 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25448 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {523cb392-d02a-41a1-b556-a32d5f77e435} 1536 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {d789ed63-1c4b-4d11-981f-c4ee484a9994} 1536 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29317 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {7a30f2c8-2298-4d9d-94ec-6c52725e3c90} 1536 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {ea4e00c4-9e3b-42c2-9c06-51fec5acd6fd} 1536 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {cc824b52-f9ee-4b5a-8e45-8b88752dacf2} 1536 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {1381d73b-0801-4157-9d6d-f055e92304d0} 1536 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 33348 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {e0ec78a1-9db3-40dc-ae9c-97db8634608f} 1536 true rdd]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 28997 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {51065bcd-c10c-4c60-a89d-0aebcc56752c} 1536 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 33348 -prefMapSize 234904 -pluginNativeEvent -pluginPath /root/.mozilla/firefox/thpqfd2q.default-release/gmp-gmpopenh264/2.3.2 {6bb6a0c4-8bf1-43af-81de-331b443258cd} 1536 true gmplugin]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 28997 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {887c981d-ba36-4b74-987b-230686e3ec0f} 1536 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.241.205.248:443 | location.services.mozilla.com | tcp |
| GB | 172.217.169.68:443 | www.google.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | www.dangotoons.com | udp |
| US | 1.1.1.1:53 | www.dangotoons.com | udp |
| US | 172.67.186.228:443 | www.dangotoons.com | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 172.67.186.228:443 | www.dangotoons.com | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | dangotoons.com | udp |
| US | 1.1.1.1:53 | dangotoons.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 172.67.186.228:80 | dangotoons.com | tcp |
| US | 104.21.43.234:443 | dangotoons.com | tcp |
| US | 104.21.43.234:443 | dangotoons.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 44.230.111.112:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | stats.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | 2.bp.blogspot.com | udp |
| US | 1.1.1.1:53 | 2.bp.blogspot.com | udp |
| GB | 172.217.16.225:443 | 2.bp.blogspot.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 172.217.16.225:443 | 2.bp.blogspot.com | udp |
| US | 1.1.1.1:53 | 4.bp.blogspot.com | udp |
| US | 1.1.1.1:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.187.225:443 | 4.bp.blogspot.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 142.250.187.225:443 | 4.bp.blogspot.com | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | 3.bp.blogspot.com | udp |
| US | 1.1.1.1:53 | 3.bp.blogspot.com | udp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | tcp |
| US | 104.21.43.234:443 | dangotoons.com | udp |
| US | 104.21.43.234:443 | dangotoons.com | tcp |
| US | 1.1.1.1:53 | 1.bp.blogspot.com | udp |
| US | 1.1.1.1:53 | 1.bp.blogspot.com | udp |
| GB | 172.217.16.225:443 | 2.bp.blogspot.com | udp |
| GB | 142.250.179.225:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.178.1:443 | 3.bp.blogspot.com | udp |
| GB | 142.250.179.225:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.225:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.225:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.225:443 | 1.bp.blogspot.com | tcp |
| US | 1.1.1.1:53 | 4.bp.blogspot.com | udp |
| US | 1.1.1.1:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.179.225:443 | 1.bp.blogspot.com | tcp |
| GB | 142.250.179.225:443 | 1.bp.blogspot.com | tcp |
| GB | 216.58.212.193:443 | 4.bp.blogspot.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | www.visariomedia.com | udp |
| US | 1.1.1.1:53 | www.visariomedia.com | udp |
| GB | 89.187.167.4:443 | www.visariomedia.com | tcp |
| US | 1.1.1.1:53 | c.adsco.re | udp |
| US | 1.1.1.1:53 | c.adsco.re | udp |
| US | 104.17.166.186:443 | c.adsco.re | tcp |
| US | 104.17.166.186:443 | c.adsco.re | udp |
| US | 1.1.1.1:53 | hqq.ac | udp |
| US | 1.1.1.1:53 | hqq.ac | udp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| US | 1.1.1.1:53 | counter.yadro.ru | udp |
| US | 1.1.1.1:53 | counter.yadro.ru | udp |
| US | 1.1.1.1:53 | imasdk.googleapis.com | udp |
| US | 1.1.1.1:53 | imasdk.googleapis.com | udp |
| US | 1.1.1.1:53 | unpkg.com | udp |
| US | 1.1.1.1:53 | unpkg.com | udp |
| US | 1.1.1.1:53 | mc.yandex.ru | udp |
| US | 1.1.1.1:53 | mc.yandex.ru | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| GB | 216.58.204.74:443 | imasdk.googleapis.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | udp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 1.1.1.1:53 | commentsmodule.com | udp |
| US | 1.1.1.1:53 | commentsmodule.com | udp |
| US | 172.67.198.57:443 | commentsmodule.com | tcp |
| US | 172.67.198.57:443 | commentsmodule.com | udp |
| US | 1.1.1.1:53 | videocdnmetrika.com | udp |
| US | 1.1.1.1:53 | videocdnmetrika.com | udp |
| US | 104.21.38.98:443 | videocdnmetrika.com | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 104.21.38.98:443 | videocdnmetrika.com | udp |
| US | 1.1.1.1:53 | videocdnshop.com | udp |
| US | 1.1.1.1:53 | videocdnshop.com | udp |
| US | 104.21.52.135:443 | videocdnshop.com | tcp |
| US | 104.21.52.135:443 | videocdnshop.com | udp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| US | 1.1.1.1:53 | correlationcocktailinevitably.com | udp |
| US | 1.1.1.1:53 | correlationcocktailinevitably.com | udp |
| US | 192.243.61.227:443 | correlationcocktailinevitably.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-chains.prod.autograph.services.mozaws.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
/root/.cache/mesa_shader_cache/93/e03a256b9de88e59303831b177c1822965cc9d.tmp
| MD5 | 30477c35a5de9c4638b323ef7e11ada9 |
| SHA1 | c25eecd2a71209c3d1ea6ef5f7d8f02301c3829f |
| SHA256 | 92aa78a938da78043e0ec462d8f81a958e5a96e0df0650ace8cea8fbfd6173ef |
| SHA512 | 9eb19f42eeef76de00870d7dc6a1e3ae9be4e1bb9198b7d1bb561d2ad8a90c30d00a98e95aa7126bc6cc62febf11eef9e62e22339649a7e667b743d1bec1ba97 |
/root/.cache/mesa_shader_cache/c5/69f947d7b2e494a008cda5f24b98deb86cd49c.tmp
| MD5 | cf6525140e4609b9530b4abd226169e6 |
| SHA1 | f9ded539558532fd65ff89cdea50217f011fcedd |
| SHA256 | e7d3cbd572b9cc3e7970136ba031178a5bb024e140fffc450b34539f8e7a8622 |
| SHA512 | 50b4392f4f451044998c543088d61d73a6dd45faaa2adc76d15d175e28f85848757d5bbd4adeafaa1ef8b003360a19b352c3991cd023c2df6948e6eeb20ddf92 |
/tmp/mozilla-temp-403823000
| MD5 | 05fce83fe1fb15d221ffa5651a142c85 |
| SHA1 | f38bdeff0e41a8dad31218d939c0db1bdffb8c0e |
| SHA256 | 5f3366edb429b6d5fdc4e64a27992632990edfe9ecf45dae15c812c0a925f10b |
| SHA512 | e46a39ad0982176cd06231de6d15225c4798ab8040d03ad918be78cb8bb5c764bc8f7d5905c90317768aa4291deefee719cb31f836b0af616c5d8feef939af8f |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 11:58
Reported
2024-05-18 12:03
Platform
win7-20240221-en
Max time kernel
218s
Max time network
225s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "419" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01A20ED1-150E-11EF-B0F4-569FD5A164C1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000a5dad642946e9b13cfdaa6759299bf0860fbc715487e5041531dd4943bb28021000000000e80000000020000200000000166e4be2c09af89cd4e032a9b900a2861ff664ba8aa6b05a98c6e98542223c3900000000900c84bd01c437c6556b2bdd8ecec1e7f9b1c05bc7ad6b0fb6bf487880d41d34e44329507a36fb181334f7d435276d377ab2417fbf37b919e8550799f5bca44df9fbb5eae195d5df1d1391761865cee52bd4071299fa414a27e4edaf284990a8a93e8fa1cf880763bd081ff37d3811986326f9de4507751d8e3ba8c2b7c5ebc6065ffd854c5500e6393dbf94fa47d5e40000000b15aea47ba74dcc058277b5a7263fadc972f3c505f6a031e223c9ce62436163229cb0472e5b8b824af0a7b1d62fc45061692f5dba71cc0b15eb94d1a39171b6e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "200" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f01742cf1aa9da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000e617ffecde5a2e5f4f5cf8823618218591f7411e2749f1ab10fe2a46d14d3fce000000000e8000000002000020000000dbd6c6e1ac825620efa641167a7f86306886e895f727fd7e20a0031f1ad5a632200000005c2675783c3b82dcb0b51b8f7fc373fe407e44c1a80f9eee98ffde0cf313e3a84000000044b9d2171aa11c18eb2c4b2e4fa3373fa50d07673451333a85f9d4840f06feeab2c902d87905c9641a2412dc655988e96a9bad536316dd065cf71ab79f6fc715 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "993" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "1369" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14141" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "258" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "993" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "915" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\videocdnmetrika1.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "938" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "137" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14141" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16832" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "915" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "220" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422195404" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "915" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "337" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "12" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "9" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "90" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "334" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "105" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 2000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2000 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.dangotoons.com | udp |
| US | 172.67.186.228:443 | www.dangotoons.com | tcp |
| US | 172.67.186.228:443 | www.dangotoons.com | tcp |
| US | 8.8.8.8:53 | dangotoons.com | udp |
| US | 172.67.186.228:80 | dangotoons.com | tcp |
| US | 172.67.186.228:80 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 4.bp.blogspot.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 172.67.186.228:443 | dangotoons.com | tcp |
| US | 8.8.8.8:53 | www.visariomedia.com | udp |
| GB | 195.181.164.21:443 | www.visariomedia.com | tcp |
| GB | 195.181.164.21:443 | www.visariomedia.com | tcp |
| US | 8.8.8.8:53 | d13k7prax1yi04.cloudfront.net | udp |
| US | 18.239.190.38:443 | d13k7prax1yi04.cloudfront.net | tcp |
| US | 18.239.190.38:443 | d13k7prax1yi04.cloudfront.net | tcp |
| US | 8.8.8.8:53 | hqq.ac | udp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| NL | 190.115.19.71:443 | hqq.ac | tcp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion | udp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 104.17.247.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | videocdnmetrika.com | udp |
| US | 104.21.38.98:443 | videocdnmetrika.com | tcp |
| US | 104.21.38.98:443 | videocdnmetrika.com | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | videocdnshop.com | udp |
| US | 104.21.52.135:443 | videocdnshop.com | tcp |
| US | 104.21.52.135:443 | videocdnshop.com | tcp |
| US | 8.8.8.8:53 | videocdnmetrika1.com | udp |
| US | 104.21.32.222:443 | videocdnmetrika1.com | tcp |
| US | 104.21.32.222:443 | videocdnmetrika1.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | yt-web-embedded-player.appspot.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| GB | 216.58.204.84:443 | yt-web-embedded-player.appspot.com | tcp |
| GB | 216.58.204.84:443 | yt-web-embedded-player.appspot.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| GB | 172.217.169.42:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.14:443 | www.youtube.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon-32x32[1].png
| MD5 | 5c22018215abb882218f36a9d43f704a |
| SHA1 | 4658afcafd8ac2fd9dee8c969ae54ff421dc7d9f |
| SHA256 | a0405a63ba493f1d437e55b777e0590f40b8c28d411575b979ea9eca0a4b0967 |
| SHA512 | e6d4bd1ebba07811b98e85f645d65b94c879c3ef18c750886f59a641252a5102219ef492bd6744a67b7706cc1421612308381baaa370274b24c8c8c2b78640bd |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat
| MD5 | a972d931d0fc83843c9a0a0ccc31a58c |
| SHA1 | 4fe5b1ae48dd95378f61b6e29101997e2556101c |
| SHA256 | 53035568a7c8b1c38360bcde2ad1bf11938aed4077b3043692ec55186b593af4 |
| SHA512 | c0a25774d3c6978e641bab26ed1e20a648ffeb0e181e63e1bf94e7b84fb5626b43514de9b6a54dba7e7db529303b54d123bc75c868d91ede8029224d28ca484e |
C:\Users\Admin\AppData\Local\Temp\Tar4175.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab4176.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0610e16f3a4905f3dbefb59911e9a34 |
| SHA1 | 9fb565e6369aac356199deecaab61bae83c04477 |
| SHA256 | f78f7afcae75e16480e5b7635e4bf7e79cb645f71d627c8421279dcdab3efe41 |
| SHA512 | f4b8ba041f78f684cb645aab044d7db67b7284f6f8e47378fbbfb2c5988e8a383da30513f9e080ea91eacfb87b8afc28dcf0ebaa5717792fba93efbbb07512fb |
C:\Users\Admin\AppData\Local\Temp\Cab4233.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a64974737d880fb9bc15468ac0b4abb3 |
| SHA1 | 5624c7590950c85c6af5e5af947366a0d84b6dfc |
| SHA256 | e525d29f26365b5034a0767ac6ef74d646e315ff27dbb065d0c54f6d594c415c |
| SHA512 | 44a077ee9dbb1ae55cc1400438aa5bdd3b4e415b09587290c543612ab77f7d2f986b9fdfeeafb292f92e84192341ffaeffcb53c77ff28cd2c4f30b02da1f42a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f1b43b36e2e8877ce9f562e2784ab83 |
| SHA1 | 0b305ba4ffa3285be338ae8e172642df63262db0 |
| SHA256 | b030553e8b18a008e2e5dd77ba05a3ded9e2a467f407e645698fd00af0b8a7a1 |
| SHA512 | 7fd8c461223b82981705144c96097203e29ae578a16662a43a31c79725b86ecbfab682b39a5c78b6a277022ff9566c835310be3111be3221d3ddeb7b2e25eeae |
C:\Users\Admin\AppData\Local\Temp\Tar423A.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fac238d46c8408656049c196a9452e91 |
| SHA1 | d462ca22d83671aa2a94f0beef56aaf8e646a43e |
| SHA256 | 0fd082844c2fc58b9c76e11c2a2475ce1dc350ab01c0af3fa1e2c4f6880a24d3 |
| SHA512 | 8609adc04ca4ddb57a9fcd45d92a5397d130a8d8db41ed6a86e361d177fe593dd6f8763380417212aa2a4fd2f935a7e8b4ca2277c5508143309e27fcfbbe827a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 588cafb58dff99f169f62506ff23961d |
| SHA1 | 35160d8d74d63865067883dacd1da7410295a616 |
| SHA256 | daea1ab28cb78f8cb33c91a66f0d92125418ab2f87f3cc44bfa28473fbd1f2da |
| SHA512 | dedfc1788da7ad8edc55c9fed0820d7d2bb9cce6671d00f58417726af93a52ab98c1a45bbb64d548f5449a409213a25d8992b48b1bfc64ba9ee02729359e761b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0a7f754e4219f1c0811d78f37586ed8 |
| SHA1 | 0c485132b7294efb30f501d0f9c6847d2788cb4b |
| SHA256 | 3f006d72d4e25b4b2c9b18c5c7f3d9146c20eba2257c0f749e511239da30d086 |
| SHA512 | ab33d8cc3998b511a1ae26081f93d108c958f33f3a823df36f2b0d97d2bc17255d02bd90b40eb6e5429858ee7ca76373e528f658e8552b67154bacec7064de34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88eb5b3c2cddd3adc1ffc406f6107fbe |
| SHA1 | 12325abb8bf290e754e55408e31d6959539f3e63 |
| SHA256 | 6f868ed8d2a156d20ac028908582ee0fc71e197182a52a20c919ce97495ef530 |
| SHA512 | 35a972440754a3da5b5af1655321377f89c23cbcb277dda70989a2f5d01b899c9295571eee25e4eb92883c172426359f666df88f59e29de1a7fae1630393567f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3002aa0ae1ede4778bea57aef6835162 |
| SHA1 | 1b85c02e89df20ec9118c3391fd6da9104b9d928 |
| SHA256 | a837ab37c9b61089f41df0f4a2b34964e5c2b5035045f8c467d853dd1c5a3384 |
| SHA512 | 77cfa6be10ef04cfc136b35c6d79d5d9c1cfbae0dd49c1f5547dd859491d8a806bf9b4898c79d81175db06e87abc2cd07d3bd06c568eb6fcc8c58b6b26657172 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7727a8a7c75d783dc4399249f2c65fb3 |
| SHA1 | 18fe6def4f4f0d2dd52ef62798d5532683129bf8 |
| SHA256 | 9b31db82063d8ee7174fbf73e6bc90b59d36c5eb65e0e9de91fd45db51b5208c |
| SHA512 | a2d262da2ce40db64676dc1995be6343bb4aed1988e293db0c4a98128949d9eb9132671efb43b9579daec207f14494f8fc1d5164139ad73bd40ffbbd7766d90a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b90336e58f472ecf8cea08dfad62739 |
| SHA1 | 6eba73141952446ea9d8191cdbcf5cf59af5f9c8 |
| SHA256 | 299881aafef040da9065b2672d5b07c3f3bf4ffc4433103af0fb64649c0d1bb5 |
| SHA512 | 1f2e770dd1a05dd8a09619ff536ea317abfac1fac181bdeb8fa31e81b104fad4d05d22f4cbb4fdafdf33be1dfa5e1c7595480dbf193fea8a6e7084914826f544 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\js[1].js
| MD5 | 445aa1dff48910edb097dcde3e0f1ec4 |
| SHA1 | 0a2acf58e8a0124a50ab11fe89613e126b131b1b |
| SHA256 | 6f0257cf96d20ff5e8ae089f1ff09d09adbae42ad7ac760dbcc9cd4821ecfa44 |
| SHA512 | bbabafbf0dad3baa34c886384186aed2bf8abac64c726e1f7d97ee92faf7805cf67688135dafc91b255d07204fc3a4e3cc5179ca9ad82eae388a7848ff655a63 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\js[1].js
| MD5 | bd2da0f1731425ff05466332bad4bcbe |
| SHA1 | 882f079321161663817c9caba715349e72d75390 |
| SHA256 | e7ede899052fa79f8c1c6049df41cd6828dd573b15bef3d62ebc057d46a3b3df |
| SHA512 | c0b8f0806e77edbb4246230690980a1205e15a95fa071c0110054649858bdac4d02db67ef4c5380969a8b95642781ffa0305173ca31cde67193d94d2690ea2f2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\analytics[1].js
| MD5 | 575b5480531da4d14e7453e2016fe0bc |
| SHA1 | e5c5f3134fe29e60b591c87ea85951f0aea36ee1 |
| SHA256 | de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd |
| SHA512 | 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\body[1].css
| MD5 | 40c0a9d5b04bc90084d1866d7bf57e51 |
| SHA1 | 2f542401790fdb9b188a60a077ec1672de05b2d6 |
| SHA256 | 6a2e956a7435d64fbb5cf39f26d8d4230fa8f8c2bd09680f6b95a8bf5080e654 |
| SHA512 | 678db6fe36e01bc69661ce1ae587fee7833a4b8fbbcfdb1bb79dfb42d6788adb0c966640d2daa7f0fc45eff0e44f2e90bcf23320b3fd0bd7512c2ac16529ae00 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\buscador[1].js
| MD5 | 67bc880defa5c0c8abda031e17818c67 |
| SHA1 | 730ed9eb6df8f72c6cdc4e339b4a5ab641ae6093 |
| SHA256 | 46265af0aa6298a9694d6f66f6316b8fad77bf2d309ce36370bccc40e552cf0e |
| SHA512 | 16350ac7e2c336cf4b50c7f8385c03d76b556d585e9464e33d3a5b84e94e98c21e1e03ecd2087e00155bb71daad760824b8918a14ae71acd082e44edb01c58ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 282a6b5eea0e653f5a1ddcc9a12a72db |
| SHA1 | 0637266ad8db3fddca00d108de958b3d476b9ce7 |
| SHA256 | 18cbfcdd4cca2af398a7ff0f746d20a4620168626d9b767b6efddd3347b4c119 |
| SHA512 | a9cfb494bdb1ce9a7994f995a7c5ee2fe7446988f73a1dc2ed4a74d17fa0f1bf7d56c8aaae06ebedaf83fd0a2a3605fee5c77e908bbb9da1084f727724698640 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d558a710e14e415dbe1fdbb7602886bc |
| SHA1 | 315122a88c848dfb4899975eccdb736f3d4469ea |
| SHA256 | 25e23f79e1f703f3258c1052367444be6098321facc8290c9688d828bcb4a581 |
| SHA512 | 9db2dfbeda71b7dc541ffb31bee862c4259f6723d48e7d7011fb27664f37d7cbbeb58cbe8a75a9efe53883e8cbe7635d554820445ad5fdd6c84f1e41de36569a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0f1599b88b4a0863aa1977e5e6a91a3 |
| SHA1 | c3d5e352c99759c9d52f3f1f469c13fe2661d93f |
| SHA256 | 20b1e407bbe1120cfb52c6ddc864fe066378f73ef59867c960eea8f8142eab1a |
| SHA512 | 65e13e84339b13c228aca72a46a9bd4396bf9a4fe31f0ff122390170b0d278676d3870d54ed0efeda6d41500dde725b6beae1aca79e6abaf60358cdefa9b70fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d822b29ad3db539ac6fd70dd21266cd7 |
| SHA1 | 59635aa9dc7475313f599dd701df4d91aecd06fd |
| SHA256 | 7c4cb6e1a8aeac746b1754f5c9c49a88082412188f3f3780ccbb022cdad1f211 |
| SHA512 | be1f991ee20af63520dfa518c1fc75c7b548c67e19a5e2a9c4f70cac4efa8f1421f56e8c2ea0455d68df2a753416bf1d3a85df3dfd1c59b67e45654e628578f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e41a1a9d5b2b0c33da681c96b9841a2f |
| SHA1 | 1e6119a628c5d8185a35c83fb4958ace7cf1a198 |
| SHA256 | 0fdbb38768b12a384075379176549f9fef41525ae9763d84c5a80928171defd1 |
| SHA512 | d9c617c60114e9792e97ff41b0f423b4fa0ce00f9d1b3a0e74cc4d4bc535344be4e0b9ebcc78af7510c46cc30886188677bf5f772237cff13ba8f927162f2fd8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\yfoundation.min[1].js
| MD5 | 59fc346e9ff51fb63b79d8a230fa32e6 |
| SHA1 | e9b07950a40d4311b94349d581b3914706e377fa |
| SHA256 | 3178e3de5810daed6089cdffbf3e2ade6f0c38352461eab06e7338fb06b4a515 |
| SHA512 | 5a83a72d0fb323981c0ca57f705452a22360f5def5d2e36a8843c181c93536f0f96a75c828f09714c297c858f704d92435d196bcf4ae24c00852f5569ad26cbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b54b3bee5d330510077b64c9754f0ba4 |
| SHA1 | 9746a0133231642782e35d06da0aadeafb9d1a33 |
| SHA256 | c4b1293b47181f5d97b89602f36864aaa88a136bd0f0462d8e31426af9815827 |
| SHA512 | 9a6156e91335ce2acddc66a343edd2057cb4e8e88625eca8f529a089818d7f9ed8c747456515042eab4ea9da2ca90d0c388a86d71343056d9ca46ef71d1d9fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 086defc0d55905a869f2083fcfc03040 |
| SHA1 | 496aeac85e5bf406ef104ae3a4fdc957db263cea |
| SHA256 | fa6d40b0fe2e08ff708bd1687aa646e058354b6d0b042f1d124dcd658b227459 |
| SHA512 | 9f4e1dd76a04e2d7eaef42e0353598884430fa622749c9dfa638bd03fb1b44b74483fa7d0a531803668a3957a4c573a4356584e3a225aefaef33b2e74fb904f1 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml
| MD5 | 4886bebcbc1fa07932dc09aa83ba1ec1 |
| SHA1 | 254b37b5cf07b0a28fd73d660ee051e129f42b1f |
| SHA256 | 592f68c9d45ef93e6e2e2cdd8974a8d1918cac1b576f4fadedd56e9ede3dad00 |
| SHA512 | a39a95a8d19fd3848fe36686bb060646709fad4d8c2874e3da9ce1d1b2a8de46ca7bdbddf71b99011963dd307b3b735d916557933cb3c9dad62d1e69fdda6909 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml
| MD5 | 618577eb8c10d664381367ef499a8792 |
| SHA1 | 27c820eab468240c72257b41a2cee5f6f5f31214 |
| SHA256 | 437440e39acccb5917e06291b0ae5a9cda4f1f39101e4a9228d7cb9a806c8e90 |
| SHA512 | bd03fb8cfd69ab44ac2c0cdb99d244d240c9576b7d9b41566353b0cde4deac6578875f6e712003d5af20350a6c685fb85f8de879b6dfbcfc21577555c935757b |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml
| MD5 | 8d3a2857a16b06492857d2d4a244078f |
| SHA1 | 618eb02c088aeacae50a3d883906cbbb410103fb |
| SHA256 | f4b44e20c4c937087713cb3c6497193b96b929e4a7ff4f260501b1bf3cfc9ef4 |
| SHA512 | 7404fa7381cec66c4d015df22391ecf0612c4e863e6d002e4816102ef761f8cf69d319ffe1100ab1f178cf66d99fad6f196f06d40f545f0249840e243e1cee7f |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml
| MD5 | 5d91c6c319f1a8269f8072a28c349d3c |
| SHA1 | 3c877d5437b55b3544877981d83685ea09848a6f |
| SHA256 | aea54ca70d1619f3bc5518cb9f0e379a79cda70e56f7689610d95923d47fdda1 |
| SHA512 | 56fe1385287415c1f2cb8a77e981b74e621658eabd0a993179e8b811bbaeb346e9ec06aea5dc74e491153e9e953124b5268fedbbaf804cef2acc63035856604c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 061d879f204344d95500a59f1d5cc667 |
| SHA1 | 71fdc1ba3a8e6f7232267f19a295a2474bdef7d6 |
| SHA256 | 86d57abb2d536db47248f0b84f653a69574823db60501131f743ea2e9c9db635 |
| SHA512 | 33c56ed29b039ab653bb4d8f8e8be5a6da0279e5bb3a0f06f8f7590ad45490d8081eb92602b74516c545e73622b5792884bea608816c748fd38a2837263dd999 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | 9d93e57f1eea1a6b0669fcddf8f746b4 |
| SHA1 | 1128fe3c74aba57391e19117aca95a2696a19f92 |
| SHA256 | 1ad70a2559537fd076ef601c35a0130005646f3529bda82b0bcf9dbdf9d820ec |
| SHA512 | 90b002b0d58f1b3590138515fba1b41e91153fcc7b22a394547790bcc91209da045c7a63f950d0c1d7952ebf55307884c5c4bb9f75369f274b783a55d68ae456 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86d5a7e55a101a307ad514e90eefc1a4 |
| SHA1 | 53df14e06e270e01607c0bb9af842ae97ef34170 |
| SHA256 | 9cea671e728b8b6b100df55420a912598db1140f908a962383fd75b08b323d38 |
| SHA512 | 2e55b3e771ef15a48dea7fd835e77fb13523ebc138ed5c140f085cbfd8e537539ffe31ce1ab4d2d58c93a1328bffec423fbf124e21474c4bce4609c1ea938194 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29a2cd0da349785aa04b5f59104cabbc |
| SHA1 | 929cf17bc51ad9d0a0d99cc283834bb65b1b415f |
| SHA256 | 5eca3aeadfbc4951df7101dbe6729c2ce52bbd5cb35340ddaa09d76826e23c5d |
| SHA512 | cfa88c6c3636bcf6b5ba4565014f0a2711efe504547f430a6661b68a481802627a894bce2e6633e0fcc2d2b81ccb85367c949e14d3547faa563389dc950a6caa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d0ec87a22398c4d77cd95a42ae584e41 |
| SHA1 | 40d6d55701f404ac4ef7ed4fffc90aa75d14457e |
| SHA256 | c9163cee31f04c0e756b89096c6fe9561d28afbcf8fd631f6cb47f955cf4d231 |
| SHA512 | 05651c3e0e2ea4214eccf1ef4f1b5cec216d5e2b19220f948038095479f8c15493151869178350ab0c056a39141cc95b25d818305170805e4d015703fc3c67b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22ede5c4c0f4ed57d21fd9317b0b4e30 |
| SHA1 | e143904a167971aa7a473496e606fbb8082d5dfd |
| SHA256 | 19fa4713267bc63c41a06e5f67cf254fbf7ff1f4737657c3704039fb7b3a63cc |
| SHA512 | 7abcc3665be7c175effb54033a849e2d7ee1e66aa9b7c72d809c56be847e520753a33374592e96864e77bf33e9887a5f09ead627228d6dd1ae770d676a4fcc18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9dab87e6c6d4b1fe5b8b59803ca21be0 |
| SHA1 | c6f66e2e4bf2fbf4d5811807c1710b61f93965a6 |
| SHA256 | 891913a8babb059b410cc43d221469783db17a8f4c133b58e3cd27a136d5cd36 |
| SHA512 | 5f4dacf2cb47c63097b812e1d006fbc5b904677f9109c1d9554e3f2a3518e09985c59fd7739a63beee3b668e4715a631391fd0b4642880e8a9d2d2fc13439bd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d60df322b83c2df5df9a6a4d2d25cd2 |
| SHA1 | 3a4046b9766e7004b91f44864db14fcae9d1a0ae |
| SHA256 | f2507ed93900d14cc90b19d5bb9e3bebee5be28918c12f13f0d38bb135c8ccf0 |
| SHA512 | cb22714157af59c8c67b847635104338a2b387a8d0d235e54233489acd906ba322450b714137ab02fdf162399e3581366763ac8e8f37d4f3562ce66352eb1ed7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d940763d0298c78932a3ab1f595b8f52 |
| SHA1 | fb3d208d90313923645f79255df144df42a6e617 |
| SHA256 | 2076564a577f0dc23ff791e1f3470ab1d57d3a158e9977a42da6be4e4cbcaae5 |
| SHA512 | 499ef7563420efae01d8e875c20619fdac7fc835cad91727ecfb3ef122792d5569e5c4bd4c8c5ea4ebd58a729eace9ef07fbe2c817a5abb9fc0a39b5ba03f974 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b32a18a7fe9b5b787361065694e6ed76 |
| SHA1 | a7092c7d5e1144377c277b380ca618c7d4ac5f50 |
| SHA256 | 9ec9ecc55e1c8a09d4ca25f7c8dedffbfe141d3a0b0276b11c1b621bdb999780 |
| SHA512 | 8db6de5de1300c1c087bd582d09bef3ed8b75af4d2e9fe6bf4728dd03940a35c7059e515de74b4f7ad2e4ae9b3ba16c79eae11b539b19292eee97f6c4b5547bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79115c15021035aab75e205baf79829f |
| SHA1 | af266790d9d925f43e615fae7b9876204a307c21 |
| SHA256 | 162afb0d041310f35a5d2e8e9ce318d7c178b6e651bd52d27c08e14e59ef92cb |
| SHA512 | 91a21ba6d9c01acd85569bb5d5da4c27377863224488613a54b9f7f2b4324d1d16e4e9323c3e770b9d11b5f6c2baa739ac72d71dbf170005c6a50f36a318e1fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e992e608aa756da69cea4ec3c79d4df |
| SHA1 | 963409a6fbd7d599d2ea52d760aaf209425c2a62 |
| SHA256 | 38e83ed8f1e53ad76cefe34592eae576d6aae45e9e375bf40dc17464b384f464 |
| SHA512 | 072c1f7b0d69fce986b977106141efe10e2cd0f4e55e4c05650c11167214658e0387abc485ac65b9402d8b370c1af5d3a4eb28b4f695b54e2d504371f1eae96c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a6c8de26d0cd81a2a3df6ac585c5455 |
| SHA1 | 9db243e1ccaf300538cdad75c683b6edad90291d |
| SHA256 | be0470e28e4d727a8543830aa2237c1adc9a5ea4d7db6d1dc75908b4203da6fa |
| SHA512 | 967d913f05ae9712f46644f1824539a612f7b5508d9f66b5a914213f1846ad10b095e00b2c9b8f381c7909c751d92edf52f3b143d6cc8a3e7f5d9670aa232918 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | af24203e0d7ccc6f0f9e8f1c508ada55 |
| SHA1 | ce7c1b3532a3527c6b7566afb1a04f9a30843f6f |
| SHA256 | 31eb17628a3e8919397e798873362948f38ca01a87129dbcfcc149f0b5fd7bbb |
| SHA512 | adee606724d884b296fa1c2305b94539567cd251b707f6fe01e52bf050678b1b1cde35f70195102f0e3539676d6fbf4ff492062868e80bce828e0b98b7da7098 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\www-player[1].css
| MD5 | a9911a47a877d2736a20d97ea9030fda |
| SHA1 | 47f796faf3af4f64953cc6db639d16630a783fff |
| SHA256 | a23b23fdcfb6b7aa426716b112dae01903b1224310b7b68ad118e507ca1d9dcf |
| SHA512 | bc045bec918bb0bcc585afcb9af7913276d5c5e10ede5cb1a38f2d86b020c9dca23b8f134414d6a4652c76fd5c6172f3c88dcf8360ee1a2114b3261b62b01a25 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\www-embed-player[1].js
| MD5 | f99dc6ac4e05f583a5b1965461a75a03 |
| SHA1 | 0df654cfe1090db9b4c3c4af952061b266fd897a |
| SHA256 | aef62e7698d0579b63dd8063914436208d5b6db402c79dc6411e64a7ce3d83d9 |
| SHA512 | 248f1c48e6824e850c2874094c147289b87a0dcc200819ccf507a16f6a8b7b20ed4495d5db6775471ab0a01f58609aa1e9b6bf29994a18daf48b65c58b4daf2a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\base[1].js
| MD5 | a6c11a77d3e7fdb8ce7f4bdd015bc498 |
| SHA1 | 63d905f3e9563e78c234fec87d1dbbecc7b10986 |
| SHA256 | 1491a0ad00abeee6f73a1de5d13b0bcf5a6b2c9586936b766ad43af1e16134dd |
| SHA512 | 3ba8c2c54d7313193511d5c6b865c8a6a656927cb4399cb1236edc552f0eb6442f92381334393cffcdd82a59e1de0e3d3c19c1aeebb776c5b68886069bdd4435 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\ad_status[1].js
| MD5 | 1fa71744db23d0f8df9cce6719defcb7 |
| SHA1 | e4be9b7136697942a036f97cf26ebaf703ad2067 |
| SHA256 | eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9 |
| SHA512 | 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\VJ3cQ49-W0wTsZDc4DMAAuv0ctNzsFFCAsXSVwLPXfI[1].js
| MD5 | 9bed4606ecd3278923e75d98ce47ab63 |
| SHA1 | 5fa9e4b8eac9b22e9f6a7d0829129a42a68b261d |
| SHA256 | 549ddc438f7e5b4c13b190dce0330002ebf472d373b0514202c5d25702cf5df2 |
| SHA512 | 0c37bba8d34b8f457de928ca839a1b90b592c2a7b5a88d2ae3b5559b41df98a1a8cdc4fedebc7986f0715e08bd7c045f55d2ef1adeb987bf42fe8e802687b014 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | d075a20d7619cd1774cbceb39d4ef1a5 |
| SHA1 | 48211419269ba78c764e53b236734ed1016c48e2 |
| SHA256 | d259055864222a753d2750712e030db5f2e4723ff2d0773cb6d770db3e87653c |
| SHA512 | 108128fc7d4c1e79075901a19360e3186de964c7544d77109f095cc7892b2231f133140f8fe2fa45e8b94b5e7ce4c183efa53209868ff25ca2ef122c830620a6 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | 0ef4c3d13ebe34751e9235a142f593c1 |
| SHA1 | 67a0f9e2b7e3d047d49517d3442d165a7587f765 |
| SHA256 | e6a248a5bf9618ccd65b106a068907d9b697a1be62a285991bb34225f22a4cb1 |
| SHA512 | 9e6588a0a4a9c7c40298d8931d9266f266518bf3efa666e752990846aa171b8d7c4c3799e3d89ee9e062ac48605356a345b7c61665f2d3d419f68c22678ce372 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | c9308e2e0b98e1590e10d35f4660473e |
| SHA1 | 09adb5e5f8dc3a0e0a981ad00df27fc8e3a4e9b7 |
| SHA256 | 4e10113901c59731d37b94d20c80139871834c5407657f7593efec1f5b23a66b |
| SHA512 | 43c95eb02ce0f2b007c64c9651199367f74f82bf0b40ece0849c8a4acdf4ad15863b9e230c0a15e4939f49ce604ce44f6a267aef5b06de49a85e48c34ba22fea |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | 96d1b6ef7c65e2b21032622be1f0e38e |
| SHA1 | e1161ae3badc35821a381e809681eb36e0e5b02d |
| SHA256 | cf8b7969b8614d6087a82c48a1e2db4a703d9c1bf7c49d9ca59bce6a16c570dd |
| SHA512 | 4e6b0d6fb3662203bb168f0afd746b572614b485c32a313968f75735dd9dc1417acd841fbedfb2c17cd790cf5b78c58d9398c7a4ed5a26a1c0c286ae56572e0c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | f7a56d6f142697d9078cf50db070d4be |
| SHA1 | 1f0f1758312ef38bd340952dc2c759bc8986065e |
| SHA256 | 3435d797f7f23a7d75086fbf44c93db376de2ca33a69f7b6aaf5b148cb231d84 |
| SHA512 | a521fda7d9995fc4c84e7a4465cffe4337895d56e5b009e4758931c8a35c39591f21bd6eb4ffe892b391950744d696a1cb18e98a5270d1b4abd2c6df2cf3db35 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | b00c4e187e7113c65d1ec9323d46d3c1 |
| SHA1 | 1a743331041fe7e5ed61aa282e316546901e7b1b |
| SHA256 | 37f77852f3aac1541d92a983a5302bd899790a809fafa386fa72dd278159c25c |
| SHA512 | 2d86c024e64b0fdd284b86bfb0d6fd64eb8ef85f3b715d03ab17a2eed925dc6d6643b7a11d9257266c071df95db8589fdf9c4aeb54837231a4614ffa335044ac |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | 50841c395fb89c8ab0ae6f0ff56420a4 |
| SHA1 | dfc7afe49da91b344ca53478042ab8767b78276e |
| SHA256 | 2afc2e7ea8e30293db5db47516ceaef9f3e96d8df84a910a4b59549369058768 |
| SHA512 | abefdfbd169e790696f81c45fb1392f78f6a87b021f043348b9b54d29c161cc174dc53c4c221a2f5235ed81437795002f0b29bc6263feffc1291c5743f32c109 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | 2d95e7b74c9ff70eb117e0001972d534 |
| SHA1 | 0ec72728827d4f3735d7a4330b9c417c1a40b786 |
| SHA256 | a55bf3279c8ea15f1eb9fe91a8e4078a68c6415fe0750624849731bfa6ec2f5c |
| SHA512 | 6153ab68735999748bdc7c2c58f0292272b14f7f7e0045c0f66b606a53d8a29392523eb30a8f7a2241bd814147fa61bf0dd5a58a9b49b04313e07fe66c59affa |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | ec79091bbc2a4a6d543797ebe403d140 |
| SHA1 | 28d93255359ad05bc581346091e6cc778757bf6d |
| SHA256 | 8e9714e6938cf537c7ad043cf6aaf162384109da175190dd72c380be0241a4c3 |
| SHA512 | d07b6548a4f26947fa2ef7e7f509b9e83e635e27b5adf0a977714bf92d2a35befcbdac49ee3b1c834f305d8f662eb908cccb9e2c4cefb3d4912662723a59da95 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | 93f53f13f0815cfe6d86dcf3109c0f11 |
| SHA1 | 4eb29ced6be4666c8b4362510c26fb81ef5469c7 |
| SHA256 | ec618f6c89eddc115cb55148b1566e411239c3e44c5e59db9f62a244f771242a |
| SHA512 | c844a5b7684538a9b0cc18f035cffa91575e50534e997d760972afca84c359be578218fdb271a9bba9175cde932ceb1ba0ef18444df846ebf25b019b0b04c761 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | 9c99f1371870a1aa4ac5c1769d39240b |
| SHA1 | b5d901d6d3a1477c531a0b4c8f003977afe5b7c9 |
| SHA256 | 0044d1ab2c409d968b3d0ae53c83b6c6ee75395992cb58aae4f58201c41a646b |
| SHA512 | 6670a8e9b89560e0d82fa76a46c56b6072c5a318b4ca6020eb01ddb89f545260a911dc0dfef99d3b4b4eedc1494e11955bad91b5c3716c0ebdc04a3e117a9c62 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml
| MD5 | 1616c0a36856a192f6f0d5929c226407 |
| SHA1 | 6e9bd071261b6ef420dc50bb7bb71feca61030d8 |
| SHA256 | c5ced61564ba8fa8aedc48501b29678fd4eb96cab389d207fb5c9e5e41ef9989 |
| SHA512 | ac84212d2953efbe40d78f0357ba9759337b342ff81d0f9075ef3120189729232348dbc11089ce6d7605e61a5000600c2a3d2c51def0e1c9c922ae6f53e2a04a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e627780c74d2b461050a7bc546d108f |
| SHA1 | 26353965f2a82c55dc262a938b1788d85af402b5 |
| SHA256 | c95a289432acdb9a53cfb2a1030ab7e1be8056f951de1a444c888ab2ae05f2b1 |
| SHA512 | b7884c733ad44cd5a069ffd484589e3293ca2c6d64065984a74fc664637b9e73dd6795547ff350d14677187e958264952d64b5e6f3e1baeab4becd9f36e82568 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45021dcdcf37c194d0af6ea178604fbc |
| SHA1 | 7731ab6968ba25f01357f991b7472596971319aa |
| SHA256 | e51912c5162f34ff12131d9e89e728c87221e9a55eff5eded25bf1447bb6ac5e |
| SHA512 | 880ba16de7fdec1ee6804301456acce2ff71211027f073cdafeccfae15752c3af5cae23699d0a8e170ec7ab8ab5f9c38c42dbbc9f4fafac1da29d6528c2a19ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aab602702e20bfc5d9389dce7ea554e |
| SHA1 | 7da1136a82b1aab0ffe450614d491e23f8282f8e |
| SHA256 | 5b24076bb027c4a0bf8cede95891eeae310b2e7e22eaac9ad5a66cf4775e27cb |
| SHA512 | 195ab8af0c19b6c3421dea75031c1f3467e3779d975233a9aac9b201d14771285ab06b913f7bf2e3a60374dbb89fde94d58e55210d7f7e843a2edb9d36635cc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edbcd4659a32e89ff6a529f50df39112 |
| SHA1 | 0b0b62914834faf34d756f99ed78be25c5039f4e |
| SHA256 | 4e933bfba73f978e15c318e96e5afb3ef9916f80b2bc4e0a6b4a8446be7402cc |
| SHA512 | 7d681cad4040b1ddddf916ae3c5c681f75a2af1dbb080148918ea506727e3e80e2f90884781dabc9672df3f7ee3f6b77376f29d10a82b27126462a1f2cca9171 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 164bac6c3b948ac8442e4c226a61749a |
| SHA1 | a348a7c50befe99da5a6c95691ee4f9f23f094d8 |
| SHA256 | a37439fd2016b239816b78cb9a8c43e0bd2d49c3cb0eb1149ef9469ab78aba2f |
| SHA512 | c1362f5967c6112901048a759173a41c509b481127c5af431ae011af4432cc4e5453c059bd9768f602d37aa82457e03952cac019644c446cd8412e51d957ebc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db6e9c9f8c8594b97a910c86dd257bd9 |
| SHA1 | aa6593392d05d5976376c6f1c48937e626f79101 |
| SHA256 | 4011a21336ce7e73eeef7f58ac872d0d815529d3dfe6ef9ff52ac10014846648 |
| SHA512 | bd2235a561d75e141a84c27fe73949e0d24acb5b6e30ee03c28dade7fd4c67ccd313ccb3b67d0673789ec29e68d01ae5eabc5efee54ea282dcafbc5bc1588c08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | cce6e4edaa93ea8c0197ef384cfd5a82 |
| SHA1 | 2a5a4e2a1ef8b58f1a12c6c410afd5e99d52d259 |
| SHA256 | 45433b4c2367b06c337e5d3d3474fb47360a5492cb9d70aafd4ace35b533cd81 |
| SHA512 | c1c8b50f19fe9280e55dbee21d6ea0213026e5298383b9ce61938a4b49197953e8db3555a48b8a4cecf875a2f5f3b2c0295777e985196bda4a4ae34d066f1a08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 476e5bf4f90620c5dbab79446f7ec8f8 |
| SHA1 | 75ac1f7855956dea17be3dbee8b5e1b81e95d8b4 |
| SHA256 | 51be43ec8c64e724487021384ca02ffbe76d56472aafdaed7325873ca58f35f8 |
| SHA512 | a4c3562f63f0771ebaf94035e85832e98f19ba215fb66c8384c38c1425ae59a0112cba7c19ee3ae67541642e687c4bd37aef2979bb1532d46728f8747cd8d248 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59a46b3c57e7c0648d38f0c26803c449 |
| SHA1 | 532bcf2415dc3f2bb44169e6aaf888699af4051a |
| SHA256 | ee67d7cc1f447128f800bb9bed89b2e96c705c558e29c5c4960b0542feb3a140 |
| SHA512 | 705e23af45a2de1203091116ce6ac762c330d9b131ee5bee693645c4c1ef27cfea33bb54f621f7f466ad61478502521427821efb269bd4d3cdcfa5744462a047 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca15b8e5c56f89cb16b9c3c598c0646d |
| SHA1 | 27de933d45e19545bcbc189f4a2d97618786dbe5 |
| SHA256 | af4b64fd833f8c05aec58d9e31d021da72f6c17495206ea869836646d6480f5f |
| SHA512 | c9236d0e9dc21f2a67470e8d6894f0085a544fee39be7d713045127d8b9b12ce811bdb9ac35516407b3c86f11b95a262907eaee2ddb07df52035649a594d6ffa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c10564875a3cf7cb12897d9e6eb7b77f |
| SHA1 | d7162fcf085b0059efe640799474fb1f004f259f |
| SHA256 | a2daaffe3120199e903f15cd13b581cd3a87d4cd062c7491e068cbe458ce3585 |
| SHA512 | 050665fab1b49a214f8e09c53bc357bdde3af52ec6be6da01caaf0ed152073e508532900c23eaa917bd9320f8a9acb0910b0862fdd9eecf3547ae2d1ce991f7d |