Malware Analysis Report

2024-10-24 21:46

Sample ID 240518-n5afesad73
Target https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH
Tags
discovery evasion antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery evasion antivm

Checks memory information

Checks CPU information

Reads CPU attributes

Changes its process name

Resource Forking

Checks CPU configuration

Reads runtime system information

Enumerates kernel/hardware configuration

Writes file to tmp directory

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-18 11:58

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-18 11:58

Reported

2024-05-18 12:04

Platform

win10v2004-20240426-en

Max time kernel

240s

Max time network

284s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{9069E98C-99D5-489D-A0CC-657DE314F197} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1360 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 2012 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 4596 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 1404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 1404 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1360 wrote to memory of 3032 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc374346f8,0x7ffc37434708,0x7ffc37434718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=2880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,2810645904669035038,576922756509551626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.dangotoons.com udp
US 172.67.186.228:443 www.dangotoons.com tcp
US 172.67.186.228:443 www.dangotoons.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 dangotoons.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 104.21.43.234:80 dangotoons.com tcp
US 8.8.8.8:53 228.186.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.43.21.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.21.43.234:443 dangotoons.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 108.177.15.154:443 stats.g.doubleclick.net tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 154.15.177.108.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
GB 142.250.180.1:443 3.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.visariomedia.com udp
GB 89.187.167.3:443 www.visariomedia.com tcp
US 8.8.8.8:53 visariomedia.com udp
US 8.8.8.8:53 c.adsco.re udp
US 8.8.8.8:53 3.167.187.89.in-addr.arpa udp
BR 216.21.12.16:443 visariomedia.com tcp
US 104.17.167.186:443 c.adsco.re tcp
US 8.8.8.8:53 adsco.re udp
US 8.8.8.8:53 6.adsco.re udp
US 8.8.8.8:53 4.adsco.re udp
US 162.252.214.5:443 4.adsco.re tcp
US 104.17.167.186:443 6.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 8.8.8.8:53 16.12.21.216.in-addr.arpa udp
US 8.8.8.8:53 186.167.17.104.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 5.214.252.162.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 162.252.214.5:2087 4.adsco.re tcp
US 104.17.167.186:2087 6.adsco.re tcp
US 8.8.8.8:53 xawgnkxefivo.l4.adsco.re udp
GB 185.200.118.51:443 xawgnkxefivo.l4.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 8.8.8.8:53 xawgnkxefivo.n4.adsco.re udp
US 8.8.8.8:53 xawgnkxefivo.s4.adsco.re udp
US 8.8.8.8:53 hqq.ac udp
US 38.132.109.115:443 xawgnkxefivo.n4.adsco.re tcp
US 38.132.109.186:3478 udp
SG 185.200.116.90:3478 udp
GB 185.200.118.90:3478 udp
NL 190.115.19.71:443 hqq.ac tcp
NL 190.115.19.71:443 hqq.ac tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
SG 185.200.116.51:443 xawgnkxefivo.s4.adsco.re tcp
RU 88.212.202.52:443 counter.yadro.ru tcp
US 104.17.246.203:443 unpkg.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 www.recaptcha.net udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 global.stun.twilio.com udp
US 104.17.246.203:443 unpkg.com tcp
US 104.17.246.203:443 unpkg.com tcp
US 104.17.246.203:443 unpkg.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 stun2.l.google.com udp
US 8.8.8.8:53 wss.commentsmodule.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 vkcdnservice.appspot.com.storage.googleapis.com udp
US 8.8.8.8:53 deliver.vkcdnservice.com udp
US 8.8.8.8:53 a.labadena.com udp
SG 185.200.116.51:443 xawgnkxefivo.s4.adsco.re tcp
DE 94.130.130.77:443 a.labadena.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 216.58.204.91:443 storage.googleapis.com tcp
DE 94.130.130.77:443 a.labadena.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
GB 142.250.187.251:443 storage.googleapis.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 51.118.200.185.in-addr.arpa udp
US 8.8.8.8:53 186.109.132.38.in-addr.arpa udp
US 8.8.8.8:53 90.116.200.185.in-addr.arpa udp
US 8.8.8.8:53 90.118.200.185.in-addr.arpa udp
US 8.8.8.8:53 71.19.115.190.in-addr.arpa udp
US 8.8.8.8:53 115.109.132.38.in-addr.arpa udp
US 8.8.8.8:53 203.246.17.104.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 52.202.212.88.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 commentsmodule.com udp
US 8.8.8.8:53 stun.l.google.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 172.67.198.57:443 commentsmodule.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 2.18.190.81:80 apps.identrust.com tcp
US 2.18.190.81:80 apps.identrust.com tcp
US 74.125.250.129:19302 stun.l.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 77.130.130.94.in-addr.arpa udp
US 8.8.8.8:53 91.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 251.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 51.116.200.185.in-addr.arpa udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 119.134.158.93.in-addr.arpa udp
US 8.8.8.8:53 57.198.67.172.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 correlationcocktailinevitably.com udp
US 172.240.108.76:443 correlationcocktailinevitably.com tcp
DE 51.195.4.167:8443 wss.commentsmodule.com tcp
US 8.8.8.8:53 videocdnmetrika.com udp
US 172.67.221.128:443 videocdnmetrika.com tcp
US 8.8.8.8:53 i0.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 videocdnshop.com udp
US 172.67.199.179:443 videocdnshop.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:53 76.108.240.172.in-addr.arpa udp
US 8.8.8.8:53 167.4.195.51.in-addr.arpa udp
US 8.8.8.8:53 128.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 marazma.com udp
US 8.8.8.8:53 xml.popmansion.com udp
US 172.67.128.55:443 marazma.com tcp
US 104.21.87.102:443 xml.popmansion.com tcp
US 104.21.87.102:443 xml.popmansion.com tcp
US 8.8.8.8:53 55.128.67.172.in-addr.arpa udp
US 8.8.8.8:53 179.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 102.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 xml.poprtb.com udp
US 174.137.133.17:443 xml.poprtb.com tcp
US 8.8.8.8:53 xml.cachegorilla.com udp
US 8.8.8.8:53 xml.xmlwiz.com udp
US 173.239.53.20:443 xml.cachegorilla.com tcp
US 174.137.133.17:443 xml.xmlwiz.com tcp
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 17.133.137.174.in-addr.arpa udp
US 8.8.8.8:53 20.53.239.173.in-addr.arpa udp
N/A 127.0.0.1:443 tcp
N/A 127.0.0.1:443 tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ecdc2754d7d2ae862272153aa9b9ca6e
SHA1 c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256 a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512 cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

\??\pipe\LOCAL\crashpad_1360_XJYJELWOEJEKFNLC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2daa93382bba07cbc40af372d30ec576
SHA1 c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA256 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA512 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 79844a3248fcbb93d83118fdb9b36206
SHA1 8339d3a009260350a84a21c168a0350b131671f9
SHA256 957560c5f71d982981a2e5d427c4031164f53198249360831ab8fc2a76e112a3
SHA512 476da4cf1bd3757c75e4585b49a270a47c315431b1951ad76c5a6e09a376d4282f21295acf6895e33322ef0bf8f448c2f729af31539852d8bf2ee22edbf19d03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93911bbac2db9583628d8bb5b1f5be9f
SHA1 32dbd16f287a10f92dea6cfaf5ecc6f4fa41cd50
SHA256 a78837f7ff916bf94816b27a7bf49e8edbaf62b4d4ba8b58ab98fe64e36364ba
SHA512 1181be8e3b40b22246923ca8d8bb1dd383fc49be55180b2144383701b2474964b3ed651f5b9753ac834566b83cf24d39fcbfb1660099680ab4b07ea8ee2f8cce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1476e2959fa1ab148d6ca79b6dcb6d42
SHA1 558c4e74a4aa3b63206900e2c89db5f7bc09a608
SHA256 cf6c9d4c208737222853690c2ae19bd2000c1b6f29aabafff4298753de6b4833
SHA512 abb48626fdaefc5e125e2b27646216928ca6fb9254551bba1a3439087a22b4a394c5ffb4b9615b8a79f10aa88875cd1fd5819d1acece1b87d79c52a27f1241fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0ee13065f131e661b8f51879017ac7fd
SHA1 ba7832b41ed29f309fa7728ab18dd2bd86bb74e1
SHA256 7407abe69c5d6a65113dbc8f3bd3e5d5bf4eaa9f29159bd60a21ff467eacbcf2
SHA512 ba059b72c36b48ceb39c2aecba627fcc8391aa5b04da829e88e4aba6e88a92305bb764fff0f858628e3faedd414d0bd68f16b642708452c6c48e1ef926b3b980

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 0990403b1d11de4917dc998ed0cf168c
SHA1 4f3811ca98c919888a571db32e1c0575c91069d7
SHA256 63faf734d19752e9b44b38dabb934beb540eaece32f9bcbe0812966e60de8e00
SHA512 3c752d63f7201273faabb2194a4e756da47d1c7b1454580affedb0538fc0cc0bfe2d290045f0d94911747cdee7fc35f91ce2466a6a4c2683049ffb47e5212d23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7307c2a9-6ad5-4196-afd6-70e48c673523.tmp

MD5 341302271b703997c96c73faddde60e3
SHA1 212e42428852f36e684bb9eea653b90f160d6601
SHA256 9b67e33cb6922de9b5916972e6bd13c554ac053763a06b7335f4d52b6c9a4bb0
SHA512 30d7e87a1d9406d6ad550d525d1a4282478f5252c85291601ee7225da325d7fb2ca8898167f54cb24055e1019f5fb1edf826ea51568ff2d88224ed30defceac9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f601f79523a3fd5d3c700cd02293916
SHA1 db17f87a369f894e5ca17a15dd623f56e3e0b58b
SHA256 b463b4d27afba738519c265b2a299dd4e7bdb0d8239475af6d38153b0ecc9c8e
SHA512 b0ca0f1b23295fb747245630842adc7094c252e9e12ccafcfb62f26c8560e4cc8d373deeb373d789afe7be1ad282a4bce8e549cc02b20589105b8c7b39468373

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e9d3.TMP

MD5 ea03e1d0d473999a881362ae73982554
SHA1 ea2299d0890cb5028ed87f0566ee371b3504b7c9
SHA256 eb65978bfd5bd212041784d35dd7b754c5fb4bf5fc410c025852a42afe711bbf
SHA512 293bb7fc6e74fc12656afbc5e663a4717b47fff4d609a33ca97ac0ec42c1bfaf5f85c72a784b7890ead71e7e3dbc1344db3f033359347d72dc91a226b8c4cb01

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4be52f036dcb820998dffbe6c0ae930f
SHA1 a56bcd49823c4de4ae0f6b88134ef6be09a36e75
SHA256 5fff92545b079ed772dace8af9b573380c592add71cde00667f96210d0456ec6
SHA512 c47bda76c21419677ff0d580a5befd22b2104141a8ce20a110b15a27b89eada9c375df88ea0f17447542f47b148da47c1335b28cc475e6dee039b53fd42745cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 92ca18edbd2af5c574e4f075b71eac41
SHA1 eae50cc18b18558309c5ea0498f881075f30dff5
SHA256 03296696b4b694cc9eeefbac3792e3d847ab8fe9eabbee2878841028de633e23
SHA512 9dd88c68d401bf1f86c2ca2f9e140ba8a29bcb263632f6f14bc7c246c41d9857044f8060bc1eae8b37fc545188c9cc2a927a8e37e232eaaada3dd1eceb0903a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 623c335fc69de24821f102a3030df033
SHA1 cf8f05fe6e7cb55b821b9856ea3ab7431fa9d8d7
SHA256 592da4ddfb38ca8cfd68a2a39382c034513360a9551a2d22f859da429f199436
SHA512 f7b755523fa1d89567f57cab4957f38c723f22f2619f71c907cafa1bfbcfb79a057bbcaa364962f003fd5f242e55d58a7451f954a58c603b3d99d993dc160852

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1af0e2cc27ec17ad7307d5c2a6824aee
SHA1 820aabb3a41b2c30f5491c4eb66ade6d19870f4f
SHA256 b5a629bdf5e55c02a1e8b725df9e12c4d7c804c417f4d7d7346cc9d94e266c16
SHA512 463c92050af9fdabcfe3f49f14c293e7b46e1bd13127ec33499b92225b79c66938fea69418272f5b29d15e942ec68957b543deb9405f69e72d00b787a4c6fa28

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-18 11:58

Reported

2024-05-18 12:04

Platform

win11-20240508-en

Max time kernel

297s

Max time network

299s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1672260578-815027929-964132517-1000\{D79A1616-9A7B-4100-B5D8-287D082D7822} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1672260578-815027929-964132517-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2780 wrote to memory of 2752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 2752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2780 wrote to memory of 1416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd41233cb8,0x7ffd41233cc8,0x7ffd41233cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,8532888963486113966,7391069024760584705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:80 dangotoons.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 172.67.186.228:443 dangotoons.com tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 195.181.164.17:443 www.visariomedia.com tcp
BR 216.21.12.16:443 visariomedia.com tcp
US 104.17.166.186:443 c.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 162.252.214.5:443 4.adsco.re tcp
US 104.17.167.186:443 c.adsco.re tcp
US 8.8.8.8:53 16.12.21.216.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 162.252.214.5:2087 4.adsco.re tcp
US 104.17.167.186:2087 c.adsco.re tcp
GB 185.200.118.51:443 smrzrapih9s1.l4.adsco.re tcp
NL 190.115.19.71:443 hqq.ac tcp
US 162.252.214.5:443 4.adsco.re tcp
NL 190.115.19.71:443 hqq.ac tcp
US 38.132.109.186:3478 udp
SG 185.200.116.90:3478 udp
GB 185.200.118.90:3478 udp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 104.17.249.203:443 unpkg.com tcp
US 38.132.109.115:443 smrzrapih9s1.n4.adsco.re tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
DE 94.130.130.77:443 a.labadena.com tcp
GB 216.58.204.91:443 vkcdnservice.appspot.com.storage.googleapis.com tcp
US 104.17.249.203:443 unpkg.com tcp
US 104.17.249.203:443 unpkg.com tcp
US 104.17.249.203:443 unpkg.com tcp
DE 94.130.130.77:443 a.labadena.com tcp
GB 142.250.187.251:443 vkcdnservice.appspot.com.storage.googleapis.com tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 91.204.58.216.in-addr.arpa udp
US 2.18.190.81:80 apps.identrust.com tcp
US 2.18.190.81:80 apps.identrust.com tcp
SG 185.200.116.51:443 smrzrapih9s1.s4.adsco.re tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 104.21.44.89:443 commentsmodule.com tcp
US 74.125.250.129:19302 stun.l.google.com udp
SG 185.200.116.51:443 smrzrapih9s1.s4.adsco.re tcp
US 172.67.221.128:443 videocdnmetrika.com tcp
US 192.0.77.2:443 i0.wp.com tcp
US 8.8.8.8:443 dns.google tcp
US 172.67.199.179:443 videocdnshop.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.106.100.48:80 clients.utubeva.damempire.co.uk tcp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 89.44.21.104.in-addr.arpa udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 51.116.200.185.in-addr.arpa udp
US 8.8.8.8:53 128.221.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 179.199.67.172.in-addr.arpa udp
NL 94.242.236.130:443 ig.caudataolibene.com tcp
NL 94.242.236.130:443 ig.caudataolibene.com tcp
NL 212.117.186.12:443 abiezertilyer.top tcp
US 172.240.108.76:443 correlationcocktailinevitably.com tcp
US 172.67.169.85:443 xml.popmansion.com tcp
US 172.67.169.85:443 xml.popmansion.com tcp
NL 212.117.186.12:443 abiezertilyer.top tcp
NL 212.117.187.140:443 quartphilyra.top tcp
NL 212.117.187.140:443 quartphilyra.top tcp
US 174.137.133.17:443 xml.poprtb.com tcp
US 173.239.53.20:443 xml.cachegorilla.com tcp
US 173.239.53.20:443 xml.cachegorilla.com tcp
DE 51.195.4.167:8443 wss.commentsmodule.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
GB 87.248.114.11:443 s.yimg.com tcp
US 172.67.128.55:443 marazma.com tcp
US 172.67.128.55:443 marazma.com tcp
IE 52.214.224.102:443 guce.yahoo.com tcp
IE 52.214.224.102:443 guce.yahoo.com tcp
IE 52.214.86.142:443 guce.yahoo.com tcp
IE 52.214.86.142:443 guce.yahoo.com tcp
US 174.137.133.17:443 xml.poprtb.com tcp
GB 216.58.204.84:443 yt-web-embedded-player.appspot.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 216.58.204.84:443 yt-web-embedded-player.appspot.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 216.58.212.202:443 jnn-pa.googleapis.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 74.125.168.103:443 rr2---sn-aigl6nz7.googlevideo.com tcp
GB 74.125.168.103:443 rr2---sn-aigl6nz7.googlevideo.com tcp
GB 142.250.179.238:443 www.youtube.com tcp
GB 142.250.179.238:443 www.youtube.com udp
GB 74.125.168.103:443 rr2---sn-aigl6nz7.googlevideo.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 173.194.183.135:443 rr2---sn-aigl6ner.googlevideo.com udp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com tcp
GB 216.58.204.66:443 ade.googlesyndication.com udp
GB 74.125.175.74:443 rr5---sn-aigl6nzs.googlevideo.com udp
GB 173.194.183.169:443 rr4---sn-aigl6ney.googlevideo.com udp
GB 142.250.180.1:443 2.bp.blogspot.com udp
GB 74.125.168.103:443 rr2---sn-aigl6nz7.googlevideo.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8f2eb94e31cadfb6eb07e6bbe61ef7ae
SHA1 3f42b0d5a90408689e7f7941f8db72a67d5a2eab
SHA256 d222c8e3b19cda2657629a486faf32962e016fc66561ce0d17010afdb283c9de
SHA512 9f7f84149885b851e0bf7173c540e466a2b2eb9907d8b608f60360933328cc75d9d1b63640ea4ecc1e64ecc5dd7ee74d82903f96a8b4418ca56296641a8c0703

\??\pipe\LOCAL\crashpad_2780_NSQQLQZSRVNZSXQC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d56e8f308a28ac4183257a7950ab5c89
SHA1 044969c58cef041a073c2d132fa66ccc1ee553fe
SHA256 0bc24451c65457abc1e4e340be2f8faceae6b6ec7768a21d44bcd14636543bae
SHA512 fd5798559f4025ec3408f5550b8671d394b1ec83b85fdac8c005b0cc3e183272bdd07db15a156a572c9c5e5798badf235dc10aae62a052efa8dd9dfdbdca8189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6bc92cb00beb060d3f16cd50dd9adc9f
SHA1 9ed6860db26c8e2ae5c4a85aceeba1ecf7e384ed
SHA256 017d722b46cd150cb290f5166ba7b00318d84dc85486aec7f02d3942eacc79a9
SHA512 68bc04d9593c9451c91bced1c20e9addfc4d90660f9d7ea7453707e22fed443d62a442565da145245bac13f6f176e37e32f554da58ecdecde44f344cd214b3ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1b37058342f6700628ec124cef07f8f8
SHA1 71c998541789936ededf57cb95b29784250b2ad6
SHA256 b9872b97f169475cad2459953967f232b243d1ffb1582d3c4fb4659c6e0644a0
SHA512 4d00087ec27c33136b7d93ae1cd4f9379ebdcfd1fd53d9fc957450d87ced4159882c03accc35496c6219242be0a81e70910573817e8d221b1f99b5f3331ff47b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1fd58ba1-ae57-4cdc-be62-b57d142a57f7.tmp

MD5 f0fa8ed90fff0c5d49d520c7cb04d4aa
SHA1 d68e3090584332544861edaba1cd41aa98828cd6
SHA256 15a592368221867e44731a62d86b8e8f635c4d418d04d198ff8d3123ca30f9d6
SHA512 e2af90c83c95d0dc6e193fd420f14d347635a76b9ed8a3ade57311b0c3681d17949403e94f080dd2f60c80dcf03268a356a1efc05cbd6ad0c0caf536beccceff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5cc46222ff79c8b96a76fed7f600ab1
SHA1 dc5de488f54e9c19e8e34dc32df90f84c165bbf9
SHA256 118fcbf2569ee3a96fd4d98d6e2d63461cc73590d2aaf9e9243364e9d9bb96e8
SHA512 d3b69d026fdc3692922dabdb83be0e1161ff0039513995d9a1761f9f5f1babf2d3d260cd3e469118b2c10e386becdf233875a3d04dfb41fdc438ddd501c84af0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 0990403b1d11de4917dc998ed0cf168c
SHA1 4f3811ca98c919888a571db32e1c0575c91069d7
SHA256 63faf734d19752e9b44b38dabb934beb540eaece32f9bcbe0812966e60de8e00
SHA512 3c752d63f7201273faabb2194a4e756da47d1c7b1454580affedb0538fc0cc0bfe2d290045f0d94911747cdee7fc35f91ce2466a6a4c2683049ffb47e5212d23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\002\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2cd2d9669b6d2e784795bf5270f4f626
SHA1 f3eda4711fdadf7e5148d7c34b2808d2904df398
SHA256 a3fde64db569859791228e8a89b6b1f96b7c4d33abafa6ab8c1982b9825271a7
SHA512 e48fc17934fefd4373d0851a163e461658dbd3753dd3fc61ae34391bd2890c8973eb81b0cf14a65ed6d960df88c1a3c1a64831d38b8ae47e5ea3dc9e36b2ebdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e88.TMP

MD5 0bf0c45122e9bee13e9d472cc3dd49ac
SHA1 5545704c63c0d9dcd8faa7a7bc1080ed7e7fb6a4
SHA256 9ad766adc2a5a3a585f6a4d182a3c53352c8b9d1e81c003ce7c4eb7110c6f0fd
SHA512 438b3461d508cb9bac1aa179aef359451c5d944800108664df5f7d5e57028b5a05c4ce4c85579971a509c5a39a53c14f06a034c6f9301a8b8f71b83a759b631b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e41eb803febd04df7a13381e3483e106
SHA1 e1762e473af50b9ffae6568d0fd956480b556417
SHA256 99fd7b921da7af24496d7497c626700658e8b2a8d9c789dc3204c82114bf4da3
SHA512 bffb53efd1d4adcb4ea7b1070ca7a9277c42aa19a7bd98757af59a6b918d76c09a97b6db0874307805cdea76931dcaf8ee03f177777f44fa05a1c8dcc54235f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d11bd4c2b1d7f5641b128acc5da292d4
SHA1 1ac2c03a6c7ec384a89ca11f5ccdef25cb30f5c8
SHA256 1638c0ed10afea9820276cbd8f10e81c9a3b1c23b3cc5e904686d27190e57d7d
SHA512 3a16137846e9e007c8b552f96f948b4133c74c758682e102bf3b7d8e51ea5b11ebf2933b277ea5426def6438b7dff0f3681ba544c1fde576f9992b678a4e54ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d05a4fd160800138b6664c0e9bb66ecb
SHA1 84dbf86d9fccb186661641968d11ff63dfed30c8
SHA256 aa87018bb7198a84d3b8b0b5ff3945d1734cec01ca274e6f419231c2d7992e19
SHA512 4680922005618f132f6a98e47811a3cfef93cba2f98996b673e3b03e905f03ba2e9e014f13367ad903c7843c73c49f8c1d88997b34f6d84607f4ed3a3dd7c12b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ebd88b7b3688a62f7a582e41db93edd3
SHA1 832d4ee32d7230552c660db39357440cdc3e6b99
SHA256 212af19658b56e56f5c129cf6fbbd9c942b9115c126240162e3a70b7f9a80527
SHA512 ea1e63ded984562e31081180f8d98a9b36127698ce12cca8b31251ff7e73e4a22a041734c3801c047baf9fd86924773f46b730fd9bdd6407faf9b1bf03033339

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac689713a58bc63d5098edc41e8f3bd0
SHA1 4bcec135a96e47aebdf3e923756839dcf321cc73
SHA256 e2453c5cfb0c131173b1f5a0022e69fc8891e2394a76d96075758e7e8e3675f8
SHA512 cedc71a4b23a36f2c68ce73ff365c90fcce091ea1eb3db62887254351aac423f2a78eb8e21b8307ffb0f6ba2dfe4642339d64238c12b8eace744c22196765cbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d17c12a2b0ecc6636bf33c26372faaf
SHA1 ef254f039cbd7386141e29eee5a12804ec7db312
SHA256 c66b9858d9ad9a20dea669c054d3e3c6d2c1bba39e9bfadf5e205eff24bae17d
SHA512 7f40b9e0a9b07bed55aeb80c838cfe8cb723c7bf33a6dd3a3f19dc6959c9ebdf677364542dfa7cb1853d140c48406bc764fa77752dcb70de790515070ca9de7a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 05af5f59ca8cc517155a5c432595e850
SHA1 520fe6478a492ae85d364fb370dcdf64fdaee2d2
SHA256 c3e77ac61704528e70dbd42c5f3c958f2f9695fd3f9111a91191d2168eabc3cb
SHA512 dbae40ad4de4c403938b7f70b860c9412d4ca49fcbbdf7d954a210623d12c1e2718cc14a194c266941e8515304162f8ee6d289d634225df5c80951de7b445f4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 52528f31080872165cdfb9a60997257b
SHA1 27a660414663c9dfb9b4b9e367e6b460953b8ebf
SHA256 6075cac5b9ad0e7c9349d630a9fef661c3c9af1dea1dab98c15f17a7224f06b4
SHA512 a5ea40088ec4b5cf3cb4c75da10a922c0dcaae6d38c99b56ebbc7319fb74f04c782e4186ea81a6e8e31c568aaf7e2f4a2d39b11cbd62fe377198c8b619a812e5

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-18 11:58

Reported

2024-05-18 12:04

Platform

android-33-x64-arm64-20240514-en

Max time kernel

325s

Max time network

326s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 216.58.201.100:443 udp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
N/A 224.0.0.251:5353 udp
US 162.159.61.3:443 tcp
GB 216.58.204.74:443 tcp
US 162.159.61.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.200.35:443 tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
GB 142.250.179.234:443 gmscompliance-pa.googleapis.com tcp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 142.250.110.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.201.106:443 safebrowsing.googleapis.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
GB 216.58.212.196:443 udp
US 172.67.186.228:443 www.dangotoons.com tcp
US 172.67.186.228:443 tcp
US 172.67.186.228:80 dangotoons.com tcp
US 172.67.186.228:443 udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
GB 216.58.212.234:443 gmscompliance-pa.googleapis.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 172.67.186.228:443 udp
BE 66.102.1.157:443 stats.g.doubleclick.net tcp
GB 216.58.201.100:443 udp
GB 142.250.180.4:443 udp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
GB 142.250.187.227:443 udp
US 172.67.186.228:443 udp
US 172.67.186.228:443 udp
US 172.67.186.228:443 udp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
US 172.67.186.228:443 udp
GB 142.250.178.8:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.187.230:80 tcp
GB 172.217.16.226:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.187.230:443 tcp
GB 142.250.179.226:443 tcp
US 216.239.34.36:443 tcp
GB 142.250.200.35:443 tcp

Files

files/dom-0.html

MD5 ef5bb172b3469c3bbb62936b35154034
SHA1 3d782d240313d9d1a94e59cb993d8375859f730f
SHA256 ad70bbacc3461ee1b09798b849df905a1ed609ee9d6371afb652024aa168efb3
SHA512 d0ae999791b545cd794761643a12a5a2ec30b0ea9d58b45f16cc1cc50f6ec283e48ea7c62aa7e8f9e9cd1aa55a7e9375dc3d0e38a3b2aef95194e4f628d6b803

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-18 11:58

Reported

2024-05-18 12:04

Platform

macos-20240410-en

Max time kernel

291s

Max time network

197s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]

/usr/libexec/xpcproxy

[xpcproxy com.apple.sysmond]

/usr/libexec/sysmond

[/usr/libexec/sysmond]

/usr/libexec/xpcproxy

[xpcproxy com.apple.security.cloudkeychainproxy3]

/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy

[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.geod]

/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod

[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]

/usr/libexec/xpcproxy

[xpcproxy com.apple.secinitd]

/usr/libexec/secinitd

[/usr/libexec/secinitd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.AddressBook.ContactsAccountsService]

/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService

[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.routined]

/usr/libexec/routined

[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Maps.mapspushd]

/System/Library/CoreServices/mapspushd

[/System/Library/CoreServices/mapspushd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.nehelper]

/usr/libexec/nehelper

[/usr/libexec/nehelper]

/usr/libexec/xpcproxy

[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]

/usr/libexec/neagent

[/usr/libexec/neagent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.assistantd]

/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd

[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.appleseed.seedusaged]

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged

[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]

Network

Country Destination Domain Proto
AU 40.79.173.41:443 tcp
DE 17.253.79.202:80 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
IE 20.50.80.210:443 tcp
US 8.8.8.8:53 gspe1-ssl.ls.apple.com.edgesuite.net udp
US 8.8.8.8:53 gspe35-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 e10499.dsce9.akamaiedge.net udp
GB 23.200.147.27:443 tcp
NL 72.246.172.153:443 tcp
US 8.8.8.8:53 gspe21-ssl.ls-apple.com.akadns.net udp
NL 23.209.125.6:443 gspe1-ssl.ls.apple.com.edgesuite.net tcp
US 8.8.8.8:53 gsp64-ssl.ls-apple.com.akadns.net udp
US 8.8.8.8:53 gsp-ssl.ls.apple.com udp
GB 17.253.77.204:443 gsp-ssl.ls.apple.com tcp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
SE 23.34.233.79:443 help.apple.com tcp
SE 23.34.233.79:443 help.apple.com tcp
N/A 224.0.0.251:5353 udp

Files

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20

/Users/run/Library/Caches/GeoServices/Resources/altitude-1281.xml

MD5 4b83b8564ef37e681421517132a79483
SHA1 c53490db81ccdf4012fc0a184cb6bed56d2fde3c
SHA256 49ee8902d335eaa69e7a62b890f8f49d776187965315cc8a628b2530e50418ff
SHA512 107ec81b0d99c3c02836bce271a16fe3cb86da2fc191090da10de548b9ec0b6731eb4c4d293a62810acd5f9e9ffc4511278d187aff26cc2c21ae338aefb5ca67

/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd

MD5 05ec2e25832d7e61e9c9c9743b34dc3a
SHA1 7843d385cb0eb3134137dfe5dd004e837fd7f78c
SHA256 2a77e9b1aaee43d5944844e4dbe309b7e360e2baaf46166bf3ff184fd11a06dc
SHA512 33a0b87ad4af2f25e8312ed77e90f621402fbd7290428589ee4feaecacd4224fa804b718ecf6efce64ba5ebecf89219c27c157e0ee31d481bf3b8c59f04d41f6

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 a6ef4856e99c9d8e1d9bb762c5a8503a
SHA1 25d5405ad91791b716ae5a56b37aa2b393854967
SHA256 232441aa129d4f21999860b8bf31db4b8617df9f7d32ef5f25a383edff82d9fa
SHA512 582fa1ea60766a5a4e99b295a8ed98c94f6bab45e42b7e8db61e9ad645f531891082cd457bfd11d660195af86f02c4ed93589e6e6daded683cff2d8319bbc489

/Users/run/Library/Caches/GeoServices/Experiments.pbd

MD5 33c47c7b81c4107e36baacb389838011
SHA1 1b7ad8859daedb674481b4629a19ab7cd1c321dc
SHA256 1e8a778abb577963587517d0686618952cf335d3c49ff6e030aa14dd84e2522a
SHA512 a6dc17d9e43132cb26e3672d554c56529b68b3047f4515b5ef200b21e58b1e00a5190f014cbb29c1590081c2cc3e4b613eff7b360c903eaa09e97ade8c936f48

/Library/Preferences/com.apple.networkextension.uuidcache.plist

MD5 2f01f7a00c85e424f82b00b2bf794a7c
SHA1 c75cb52aa31012888dd7c65373d5faba6048c425
SHA256 23d6746cb1c1906c9cfb5c69f7377f7cb68965ac0708ed1d600bfd3d3c34ce32
SHA512 75131e0145182653cef2edbb968853c9cb3c26c37c5821f3cd69c3ecdde7979ae37e74ecea8ad333090a473177c6dad43bc34f94a8fd104cd4c9b16c8f7b54f8

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-18 11:58

Reported

2024-05-18 12:04

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

299s

Max time network

268s

Command Line

[xdg-open https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-/usr/libex N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/cpuinfo /usr/lib/firefox/firefox N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/tsc_freq_khz /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/nautilus N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0 /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/class /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/class /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/usb/devices /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/virtio0/drm/renderD128 /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/usb/devices /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1774/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/133 /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/1832/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/1854/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1661/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/134 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1449/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1832/cgroup /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/libexec/gvfsd-trash N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/90 /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/gnome-keyring-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1637/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/1605/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/79 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/63 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1470/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/72 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1824/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1454/attr/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/132 /usr/lib/firefox/firefox N/A
File opened for reading /proc/meminfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/gnome-keyring-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1838/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/glxtest N/A
File opened for reading /proc/1634/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/67 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1/cgroup /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfsd N/A
File opened for reading /proc/self/fd/58 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1716/stat /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A
File opened for modification /tmp/tmpaddon /usr/lib/firefox/firefox N/A
File opened for modification /tmp/mozilla-temp-403823000 /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/lib/firefox/glxtest

[/usr/lib/firefox/glxtest -f 13]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20982 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {aa64e98b-a26d-4812-b8a8-05550462eeca} 1536 true socket]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/libexec/gvfsd

[/usr/libexec/gvfsd]

/usr/libexec/gvfsd-fuse

[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]

/usr/libexec/dconf-service

[/usr/libexec/dconf-service]

/usr/bin/nautilus

[/usr/bin/nautilus --gapplication-service]

/usr/libexec/gvfsd-trash

[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20185 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {9b3a7a36-1af8-4a81-8ca4-47c23ed9e42c} 1536 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28664 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {9934385e-3c2e-4685-b1e5-fc20ce0c069a} 1536 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25448 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {523cb392-d02a-41a1-b556-a32d5f77e435} 1536 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {d789ed63-1c4b-4d11-981f-c4ee484a9994} 1536 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29317 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {7a30f2c8-2298-4d9d-94ec-6c52725e3c90} 1536 true utility]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {ea4e00c4-9e3b-42c2-9c06-51fec5acd6fd} 1536 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {cc824b52-f9ee-4b5a-8e45-8b88752dacf2} 1536 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25691 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {1381d73b-0801-4157-9d6d-f055e92304d0} 1536 true tab]

/usr/bin/gnome-keyring-daemon

[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]

/usr/libexec/gvfs-udisks2-volume-monitor

[/usr/libexec/gvfs-udisks2-volume-monitor]

/usr/libexec/gvfs-afc-volume-monitor

[/usr/libexec/gvfs-afc-volume-monitor]

/usr/libexec/gvfs-mtp-volume-monitor

[/usr/libexec/gvfs-mtp-volume-monitor]

/usr/libexec/gvfs-gphoto2-volume-monitor

[/usr/libexec/gvfs-gphoto2-volume-monitor]

/usr/libexec/gvfs-goa-volume-monitor

[/usr/libexec/gvfs-goa-volume-monitor]

/usr/libexec/goa-daemon

[/usr/libexec/goa-daemon]

/usr/libexec/goa-identity-service

[/usr/libexec/goa-identity-service]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 33348 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {e0ec78a1-9db3-40dc-ae9c-97db8634608f} 1536 true rdd]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 28997 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {51065bcd-c10c-4c60-a89d-0aebcc56752c} 1536 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 33348 -prefMapSize 234904 -pluginNativeEvent -pluginPath /root/.mozilla/firefox/thpqfd2q.default-release/gmp-gmpopenh264/2.3.2 {6bb6a0c4-8bf1-43af-81de-331b443258cd} 1536 true gmplugin]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 28997 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {887c981d-ba36-4b74-987b-230686e3ec0f} 1536 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.241.205.248:443 location.services.mozilla.com tcp
GB 172.217.169.68:443 www.google.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 1.1.1.1:53 www.dangotoons.com udp
US 1.1.1.1:53 www.dangotoons.com udp
US 172.67.186.228:443 www.dangotoons.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.117.188.166:443 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 172.67.186.228:443 www.dangotoons.com udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 1.1.1.1:53 dangotoons.com udp
US 1.1.1.1:53 dangotoons.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 172.67.186.228:80 dangotoons.com tcp
US 104.21.43.234:443 dangotoons.com tcp
US 104.21.43.234:443 dangotoons.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 44.230.111.112:443 shavar.services.mozilla.com tcp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 1.1.1.1:53 autopush.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 stats.g.doubleclick.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 2.bp.blogspot.com udp
US 1.1.1.1:53 2.bp.blogspot.com udp
GB 172.217.16.225:443 2.bp.blogspot.com tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 172.217.16.225:443 2.bp.blogspot.com udp
US 1.1.1.1:53 4.bp.blogspot.com udp
US 1.1.1.1:53 4.bp.blogspot.com udp
GB 142.250.187.225:443 4.bp.blogspot.com tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
GB 142.250.187.225:443 4.bp.blogspot.com udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 3.bp.blogspot.com udp
US 1.1.1.1:53 3.bp.blogspot.com udp
GB 142.250.178.1:443 3.bp.blogspot.com tcp
US 104.21.43.234:443 dangotoons.com udp
US 104.21.43.234:443 dangotoons.com tcp
US 1.1.1.1:53 1.bp.blogspot.com udp
US 1.1.1.1:53 1.bp.blogspot.com udp
GB 172.217.16.225:443 2.bp.blogspot.com udp
GB 142.250.179.225:443 1.bp.blogspot.com tcp
GB 142.250.178.1:443 3.bp.blogspot.com udp
GB 142.250.179.225:443 1.bp.blogspot.com tcp
GB 142.250.179.225:443 1.bp.blogspot.com tcp
GB 142.250.179.225:443 1.bp.blogspot.com tcp
GB 142.250.179.225:443 1.bp.blogspot.com tcp
US 1.1.1.1:53 4.bp.blogspot.com udp
US 1.1.1.1:53 4.bp.blogspot.com udp
GB 142.250.179.225:443 1.bp.blogspot.com tcp
GB 142.250.179.225:443 1.bp.blogspot.com tcp
GB 216.58.212.193:443 4.bp.blogspot.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
US 1.1.1.1:53 www.visariomedia.com udp
US 1.1.1.1:53 www.visariomedia.com udp
GB 89.187.167.4:443 www.visariomedia.com tcp
US 1.1.1.1:53 c.adsco.re udp
US 1.1.1.1:53 c.adsco.re udp
US 104.17.166.186:443 c.adsco.re tcp
US 104.17.166.186:443 c.adsco.re udp
US 1.1.1.1:53 hqq.ac udp
US 1.1.1.1:53 hqq.ac udp
NL 190.115.19.71:443 hqq.ac tcp
NL 190.115.19.71:443 hqq.ac tcp
US 1.1.1.1:53 counter.yadro.ru udp
US 1.1.1.1:53 counter.yadro.ru udp
US 1.1.1.1:53 imasdk.googleapis.com udp
US 1.1.1.1:53 imasdk.googleapis.com udp
US 1.1.1.1:53 unpkg.com udp
US 1.1.1.1:53 unpkg.com udp
US 1.1.1.1:53 mc.yandex.ru udp
US 1.1.1.1:53 mc.yandex.ru udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 104.17.249.203:443 unpkg.com tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
GB 216.58.204.74:443 imasdk.googleapis.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
US 104.17.249.203:443 unpkg.com tcp
US 104.17.249.203:443 unpkg.com tcp
US 104.17.249.203:443 unpkg.com tcp
US 1.1.1.1:53 commentsmodule.com udp
US 1.1.1.1:53 commentsmodule.com udp
US 172.67.198.57:443 commentsmodule.com tcp
US 172.67.198.57:443 commentsmodule.com udp
US 1.1.1.1:53 videocdnmetrika.com udp
US 1.1.1.1:53 videocdnmetrika.com udp
US 104.21.38.98:443 videocdnmetrika.com tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 104.21.38.98:443 videocdnmetrika.com udp
US 1.1.1.1:53 videocdnshop.com udp
US 1.1.1.1:53 videocdnshop.com udp
US 104.21.52.135:443 videocdnshop.com tcp
US 104.21.52.135:443 videocdnshop.com udp
US 1.1.1.1:53 mc.yandex.com udp
US 1.1.1.1:53 mc.yandex.com udp
RU 87.250.251.119:443 mc.yandex.com tcp
US 1.1.1.1:53 correlationcocktailinevitably.com udp
US 1.1.1.1:53 correlationcocktailinevitably.com udp
US 192.243.61.227:443 correlationcocktailinevitably.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.97:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 1.1.1.1:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 1.1.1.1:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 content-signature-chains.prod.autograph.services.mozaws.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp

Files

/tmp/tmpaddon

MD5 30082ae40dc48af6343db2fd22cfc645
SHA1 3eb577555ee638e8beb01173e8f29e172747a728
SHA256 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76
SHA512 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c

/root/.cache/mesa_shader_cache/93/e03a256b9de88e59303831b177c1822965cc9d.tmp

MD5 30477c35a5de9c4638b323ef7e11ada9
SHA1 c25eecd2a71209c3d1ea6ef5f7d8f02301c3829f
SHA256 92aa78a938da78043e0ec462d8f81a958e5a96e0df0650ace8cea8fbfd6173ef
SHA512 9eb19f42eeef76de00870d7dc6a1e3ae9be4e1bb9198b7d1bb561d2ad8a90c30d00a98e95aa7126bc6cc62febf11eef9e62e22339649a7e667b743d1bec1ba97

/root/.cache/mesa_shader_cache/c5/69f947d7b2e494a008cda5f24b98deb86cd49c.tmp

MD5 cf6525140e4609b9530b4abd226169e6
SHA1 f9ded539558532fd65ff89cdea50217f011fcedd
SHA256 e7d3cbd572b9cc3e7970136ba031178a5bb024e140fffc450b34539f8e7a8622
SHA512 50b4392f4f451044998c543088d61d73a6dd45faaa2adc76d15d175e28f85848757d5bbd4adeafaa1ef8b003360a19b352c3991cd023c2df6948e6eeb20ddf92

/tmp/mozilla-temp-403823000

MD5 05fce83fe1fb15d221ffa5651a142c85
SHA1 f38bdeff0e41a8dad31218d939c0db1bdffb8c0e
SHA256 5f3366edb429b6d5fdc4e64a27992632990edfe9ecf45dae15c812c0a925f10b
SHA512 e46a39ad0982176cd06231de6d15225c4798ab8040d03ad918be78cb8bb5c764bc8f7d5905c90317768aa4291deefee719cb31f836b0af616c5d8feef939af8f

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-18 11:58

Reported

2024-05-18 12:03

Platform

win7-20240221-en

Max time kernel

218s

Max time network

225s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "419" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01A20ED1-150E-11EF-B0F4-569FD5A164C1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000a5dad642946e9b13cfdaa6759299bf0860fbc715487e5041531dd4943bb28021000000000e80000000020000200000000166e4be2c09af89cd4e032a9b900a2861ff664ba8aa6b05a98c6e98542223c3900000000900c84bd01c437c6556b2bdd8ecec1e7f9b1c05bc7ad6b0fb6bf487880d41d34e44329507a36fb181334f7d435276d377ab2417fbf37b919e8550799f5bca44df9fbb5eae195d5df1d1391761865cee52bd4071299fa414a27e4edaf284990a8a93e8fa1cf880763bd081ff37d3811986326f9de4507751d8e3ba8c2b7c5ebc6065ffd854c5500e6393dbf94fa47d5e40000000b15aea47ba74dcc058277b5a7263fadc972f3c505f6a031e223c9ce62436163229cb0472e5b8b824af0a7b1d62fc45061692f5dba71cc0b15eb94d1a39171b6e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "200" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f01742cf1aa9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000e617ffecde5a2e5f4f5cf8823618218591f7411e2749f1ab10fe2a46d14d3fce000000000e8000000002000020000000dbd6c6e1ac825620efa641167a7f86306886e895f727fd7e20a0031f1ad5a632200000005c2675783c3b82dcb0b51b8f7fc373fe407e44c1a80f9eee98ffde0cf313e3a84000000044b9d2171aa11c18eb2c4b2e4fa3373fa50d07673451333a85f9d4840f06feeab2c902d87905c9641a2412dc655988e96a9bad536316dd065cf71ab79f6fc715 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "993" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "1369" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "14141" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "258" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "6" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "115" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "993" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "915" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\videocdnmetrika1.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "121" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "938" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "137" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "288" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "14141" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "16832" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "915" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.youtube.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "220" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422195404" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "915" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "337" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "12" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "197" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "9" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\Total = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "334" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\hqq.ac\ = "105" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com\Total = "282" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "90" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.dangotoons.com/&ved=2ahUKEwjZh7_0kpeGAxUn0gIHHWcvAZAQFnoECAYQAQ&usg=AOvVaw2ldF67PkcFvJsRVkjAGNjH

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.dangotoons.com udp
US 172.67.186.228:443 www.dangotoons.com tcp
US 172.67.186.228:443 www.dangotoons.com tcp
US 8.8.8.8:53 dangotoons.com udp
US 172.67.186.228:80 dangotoons.com tcp
US 172.67.186.228:80 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 172.67.186.228:443 dangotoons.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
GB 142.250.180.1:443 4.bp.blogspot.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 172.67.186.228:443 dangotoons.com tcp
US 8.8.8.8:53 www.visariomedia.com udp
GB 195.181.164.21:443 www.visariomedia.com tcp
GB 195.181.164.21:443 www.visariomedia.com tcp
US 8.8.8.8:53 d13k7prax1yi04.cloudfront.net udp
US 18.239.190.38:443 d13k7prax1yi04.cloudfront.net tcp
US 18.239.190.38:443 d13k7prax1yi04.cloudfront.net tcp
US 8.8.8.8:53 hqq.ac udp
NL 190.115.19.71:443 hqq.ac tcp
NL 190.115.19.71:443 hqq.ac tcp
NL 190.115.19.71:443 hqq.ac tcp
NL 190.115.19.71:443 hqq.ac tcp
NL 190.115.19.71:443 hqq.ac tcp
NL 190.115.19.71:443 hqq.ac tcp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion udp
US 104.17.247.203:443 unpkg.com tcp
US 104.17.247.203:443 unpkg.com tcp
US 104.17.247.203:443 unpkg.com tcp
US 8.8.8.8:53 videocdnmetrika.com udp
US 104.21.38.98:443 videocdnmetrika.com tcp
US 104.21.38.98:443 videocdnmetrika.com tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 videocdnshop.com udp
US 104.21.52.135:443 videocdnshop.com tcp
US 104.21.52.135:443 videocdnshop.com tcp
US 8.8.8.8:53 videocdnmetrika1.com udp
US 104.21.32.222:443 videocdnmetrika1.com tcp
US 104.21.32.222:443 videocdnmetrika1.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 yt-web-embedded-player.appspot.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
GB 216.58.204.84:443 yt-web-embedded-player.appspot.com tcp
GB 216.58.204.84:443 yt-web-embedded-player.appspot.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.14:443 www.youtube.com tcp
US 8.8.8.8:53 fe0.google.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.169.14:443 www.youtube.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\favicon-32x32[1].png

MD5 5c22018215abb882218f36a9d43f704a
SHA1 4658afcafd8ac2fd9dee8c969ae54ff421dc7d9f
SHA256 a0405a63ba493f1d437e55b777e0590f40b8c28d411575b979ea9eca0a4b0967
SHA512 e6d4bd1ebba07811b98e85f645d65b94c879c3ef18c750886f59a641252a5102219ef492bd6744a67b7706cc1421612308381baaa370274b24c8c8c2b78640bd

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat

MD5 a972d931d0fc83843c9a0a0ccc31a58c
SHA1 4fe5b1ae48dd95378f61b6e29101997e2556101c
SHA256 53035568a7c8b1c38360bcde2ad1bf11938aed4077b3043692ec55186b593af4
SHA512 c0a25774d3c6978e641bab26ed1e20a648ffeb0e181e63e1bf94e7b84fb5626b43514de9b6a54dba7e7db529303b54d123bc75c868d91ede8029224d28ca484e

C:\Users\Admin\AppData\Local\Temp\Tar4175.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab4176.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0610e16f3a4905f3dbefb59911e9a34
SHA1 9fb565e6369aac356199deecaab61bae83c04477
SHA256 f78f7afcae75e16480e5b7635e4bf7e79cb645f71d627c8421279dcdab3efe41
SHA512 f4b8ba041f78f684cb645aab044d7db67b7284f6f8e47378fbbfb2c5988e8a383da30513f9e080ea91eacfb87b8afc28dcf0ebaa5717792fba93efbbb07512fb

C:\Users\Admin\AppData\Local\Temp\Cab4233.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a64974737d880fb9bc15468ac0b4abb3
SHA1 5624c7590950c85c6af5e5af947366a0d84b6dfc
SHA256 e525d29f26365b5034a0767ac6ef74d646e315ff27dbb065d0c54f6d594c415c
SHA512 44a077ee9dbb1ae55cc1400438aa5bdd3b4e415b09587290c543612ab77f7d2f986b9fdfeeafb292f92e84192341ffaeffcb53c77ff28cd2c4f30b02da1f42a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f1b43b36e2e8877ce9f562e2784ab83
SHA1 0b305ba4ffa3285be338ae8e172642df63262db0
SHA256 b030553e8b18a008e2e5dd77ba05a3ded9e2a467f407e645698fd00af0b8a7a1
SHA512 7fd8c461223b82981705144c96097203e29ae578a16662a43a31c79725b86ecbfab682b39a5c78b6a277022ff9566c835310be3111be3221d3ddeb7b2e25eeae

C:\Users\Admin\AppData\Local\Temp\Tar423A.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fac238d46c8408656049c196a9452e91
SHA1 d462ca22d83671aa2a94f0beef56aaf8e646a43e
SHA256 0fd082844c2fc58b9c76e11c2a2475ce1dc350ab01c0af3fa1e2c4f6880a24d3
SHA512 8609adc04ca4ddb57a9fcd45d92a5397d130a8d8db41ed6a86e361d177fe593dd6f8763380417212aa2a4fd2f935a7e8b4ca2277c5508143309e27fcfbbe827a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 588cafb58dff99f169f62506ff23961d
SHA1 35160d8d74d63865067883dacd1da7410295a616
SHA256 daea1ab28cb78f8cb33c91a66f0d92125418ab2f87f3cc44bfa28473fbd1f2da
SHA512 dedfc1788da7ad8edc55c9fed0820d7d2bb9cce6671d00f58417726af93a52ab98c1a45bbb64d548f5449a409213a25d8992b48b1bfc64ba9ee02729359e761b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0a7f754e4219f1c0811d78f37586ed8
SHA1 0c485132b7294efb30f501d0f9c6847d2788cb4b
SHA256 3f006d72d4e25b4b2c9b18c5c7f3d9146c20eba2257c0f749e511239da30d086
SHA512 ab33d8cc3998b511a1ae26081f93d108c958f33f3a823df36f2b0d97d2bc17255d02bd90b40eb6e5429858ee7ca76373e528f658e8552b67154bacec7064de34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88eb5b3c2cddd3adc1ffc406f6107fbe
SHA1 12325abb8bf290e754e55408e31d6959539f3e63
SHA256 6f868ed8d2a156d20ac028908582ee0fc71e197182a52a20c919ce97495ef530
SHA512 35a972440754a3da5b5af1655321377f89c23cbcb277dda70989a2f5d01b899c9295571eee25e4eb92883c172426359f666df88f59e29de1a7fae1630393567f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3002aa0ae1ede4778bea57aef6835162
SHA1 1b85c02e89df20ec9118c3391fd6da9104b9d928
SHA256 a837ab37c9b61089f41df0f4a2b34964e5c2b5035045f8c467d853dd1c5a3384
SHA512 77cfa6be10ef04cfc136b35c6d79d5d9c1cfbae0dd49c1f5547dd859491d8a806bf9b4898c79d81175db06e87abc2cd07d3bd06c568eb6fcc8c58b6b26657172

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7727a8a7c75d783dc4399249f2c65fb3
SHA1 18fe6def4f4f0d2dd52ef62798d5532683129bf8
SHA256 9b31db82063d8ee7174fbf73e6bc90b59d36c5eb65e0e9de91fd45db51b5208c
SHA512 a2d262da2ce40db64676dc1995be6343bb4aed1988e293db0c4a98128949d9eb9132671efb43b9579daec207f14494f8fc1d5164139ad73bd40ffbbd7766d90a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b90336e58f472ecf8cea08dfad62739
SHA1 6eba73141952446ea9d8191cdbcf5cf59af5f9c8
SHA256 299881aafef040da9065b2672d5b07c3f3bf4ffc4433103af0fb64649c0d1bb5
SHA512 1f2e770dd1a05dd8a09619ff536ea317abfac1fac181bdeb8fa31e81b104fad4d05d22f4cbb4fdafdf33be1dfa5e1c7595480dbf193fea8a6e7084914826f544

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\js[1].js

MD5 445aa1dff48910edb097dcde3e0f1ec4
SHA1 0a2acf58e8a0124a50ab11fe89613e126b131b1b
SHA256 6f0257cf96d20ff5e8ae089f1ff09d09adbae42ad7ac760dbcc9cd4821ecfa44
SHA512 bbabafbf0dad3baa34c886384186aed2bf8abac64c726e1f7d97ee92faf7805cf67688135dafc91b255d07204fc3a4e3cc5179ca9ad82eae388a7848ff655a63

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\js[1].js

MD5 bd2da0f1731425ff05466332bad4bcbe
SHA1 882f079321161663817c9caba715349e72d75390
SHA256 e7ede899052fa79f8c1c6049df41cd6828dd573b15bef3d62ebc057d46a3b3df
SHA512 c0b8f0806e77edbb4246230690980a1205e15a95fa071c0110054649858bdac4d02db67ef4c5380969a8b95642781ffa0305173ca31cde67193d94d2690ea2f2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\body[1].css

MD5 40c0a9d5b04bc90084d1866d7bf57e51
SHA1 2f542401790fdb9b188a60a077ec1672de05b2d6
SHA256 6a2e956a7435d64fbb5cf39f26d8d4230fa8f8c2bd09680f6b95a8bf5080e654
SHA512 678db6fe36e01bc69661ce1ae587fee7833a4b8fbbcfdb1bb79dfb42d6788adb0c966640d2daa7f0fc45eff0e44f2e90bcf23320b3fd0bd7512c2ac16529ae00

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\buscador[1].js

MD5 67bc880defa5c0c8abda031e17818c67
SHA1 730ed9eb6df8f72c6cdc4e339b4a5ab641ae6093
SHA256 46265af0aa6298a9694d6f66f6316b8fad77bf2d309ce36370bccc40e552cf0e
SHA512 16350ac7e2c336cf4b50c7f8385c03d76b556d585e9464e33d3a5b84e94e98c21e1e03ecd2087e00155bb71daad760824b8918a14ae71acd082e44edb01c58ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 282a6b5eea0e653f5a1ddcc9a12a72db
SHA1 0637266ad8db3fddca00d108de958b3d476b9ce7
SHA256 18cbfcdd4cca2af398a7ff0f746d20a4620168626d9b767b6efddd3347b4c119
SHA512 a9cfb494bdb1ce9a7994f995a7c5ee2fe7446988f73a1dc2ed4a74d17fa0f1bf7d56c8aaae06ebedaf83fd0a2a3605fee5c77e908bbb9da1084f727724698640

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d558a710e14e415dbe1fdbb7602886bc
SHA1 315122a88c848dfb4899975eccdb736f3d4469ea
SHA256 25e23f79e1f703f3258c1052367444be6098321facc8290c9688d828bcb4a581
SHA512 9db2dfbeda71b7dc541ffb31bee862c4259f6723d48e7d7011fb27664f37d7cbbeb58cbe8a75a9efe53883e8cbe7635d554820445ad5fdd6c84f1e41de36569a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0f1599b88b4a0863aa1977e5e6a91a3
SHA1 c3d5e352c99759c9d52f3f1f469c13fe2661d93f
SHA256 20b1e407bbe1120cfb52c6ddc864fe066378f73ef59867c960eea8f8142eab1a
SHA512 65e13e84339b13c228aca72a46a9bd4396bf9a4fe31f0ff122390170b0d278676d3870d54ed0efeda6d41500dde725b6beae1aca79e6abaf60358cdefa9b70fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d822b29ad3db539ac6fd70dd21266cd7
SHA1 59635aa9dc7475313f599dd701df4d91aecd06fd
SHA256 7c4cb6e1a8aeac746b1754f5c9c49a88082412188f3f3780ccbb022cdad1f211
SHA512 be1f991ee20af63520dfa518c1fc75c7b548c67e19a5e2a9c4f70cac4efa8f1421f56e8c2ea0455d68df2a753416bf1d3a85df3dfd1c59b67e45654e628578f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e41a1a9d5b2b0c33da681c96b9841a2f
SHA1 1e6119a628c5d8185a35c83fb4958ace7cf1a198
SHA256 0fdbb38768b12a384075379176549f9fef41525ae9763d84c5a80928171defd1
SHA512 d9c617c60114e9792e97ff41b0f423b4fa0ce00f9d1b3a0e74cc4d4bc535344be4e0b9ebcc78af7510c46cc30886188677bf5f772237cff13ba8f927162f2fd8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\yfoundation.min[1].js

MD5 59fc346e9ff51fb63b79d8a230fa32e6
SHA1 e9b07950a40d4311b94349d581b3914706e377fa
SHA256 3178e3de5810daed6089cdffbf3e2ade6f0c38352461eab06e7338fb06b4a515
SHA512 5a83a72d0fb323981c0ca57f705452a22360f5def5d2e36a8843c181c93536f0f96a75c828f09714c297c858f704d92435d196bcf4ae24c00852f5569ad26cbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b54b3bee5d330510077b64c9754f0ba4
SHA1 9746a0133231642782e35d06da0aadeafb9d1a33
SHA256 c4b1293b47181f5d97b89602f36864aaa88a136bd0f0462d8e31426af9815827
SHA512 9a6156e91335ce2acddc66a343edd2057cb4e8e88625eca8f529a089818d7f9ed8c747456515042eab4ea9da2ca90d0c388a86d71343056d9ca46ef71d1d9fcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 086defc0d55905a869f2083fcfc03040
SHA1 496aeac85e5bf406ef104ae3a4fdc957db263cea
SHA256 fa6d40b0fe2e08ff708bd1687aa646e058354b6d0b042f1d124dcd658b227459
SHA512 9f4e1dd76a04e2d7eaef42e0353598884430fa622749c9dfa638bd03fb1b44b74483fa7d0a531803668a3957a4c573a4356584e3a225aefaef33b2e74fb904f1

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml

MD5 4886bebcbc1fa07932dc09aa83ba1ec1
SHA1 254b37b5cf07b0a28fd73d660ee051e129f42b1f
SHA256 592f68c9d45ef93e6e2e2cdd8974a8d1918cac1b576f4fadedd56e9ede3dad00
SHA512 a39a95a8d19fd3848fe36686bb060646709fad4d8c2874e3da9ce1d1b2a8de46ca7bdbddf71b99011963dd307b3b735d916557933cb3c9dad62d1e69fdda6909

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml

MD5 618577eb8c10d664381367ef499a8792
SHA1 27c820eab468240c72257b41a2cee5f6f5f31214
SHA256 437440e39acccb5917e06291b0ae5a9cda4f1f39101e4a9228d7cb9a806c8e90
SHA512 bd03fb8cfd69ab44ac2c0cdb99d244d240c9576b7d9b41566353b0cde4deac6578875f6e712003d5af20350a6c685fb85f8de879b6dfbcfc21577555c935757b

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml

MD5 8d3a2857a16b06492857d2d4a244078f
SHA1 618eb02c088aeacae50a3d883906cbbb410103fb
SHA256 f4b44e20c4c937087713cb3c6497193b96b929e4a7ff4f260501b1bf3cfc9ef4
SHA512 7404fa7381cec66c4d015df22391ecf0612c4e863e6d002e4816102ef761f8cf69d319ffe1100ab1f178cf66d99fad6f196f06d40f545f0249840e243e1cee7f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9VQ5AJ9A\hqq[1].xml

MD5 5d91c6c319f1a8269f8072a28c349d3c
SHA1 3c877d5437b55b3544877981d83685ea09848a6f
SHA256 aea54ca70d1619f3bc5518cb9f0e379a79cda70e56f7689610d95923d47fdda1
SHA512 56fe1385287415c1f2cb8a77e981b74e621658eabd0a993179e8b811bbaeb346e9ec06aea5dc74e491153e9e953124b5268fedbbaf804cef2acc63035856604c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 061d879f204344d95500a59f1d5cc667
SHA1 71fdc1ba3a8e6f7232267f19a295a2474bdef7d6
SHA256 86d57abb2d536db47248f0b84f653a69574823db60501131f743ea2e9c9db635
SHA512 33c56ed29b039ab653bb4d8f8e8be5a6da0279e5bb3a0f06f8f7590ad45490d8081eb92602b74516c545e73622b5792884bea608816c748fd38a2837263dd999

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

MD5 9d93e57f1eea1a6b0669fcddf8f746b4
SHA1 1128fe3c74aba57391e19117aca95a2696a19f92
SHA256 1ad70a2559537fd076ef601c35a0130005646f3529bda82b0bcf9dbdf9d820ec
SHA512 90b002b0d58f1b3590138515fba1b41e91153fcc7b22a394547790bcc91209da045c7a63f950d0c1d7952ebf55307884c5c4bb9f75369f274b783a55d68ae456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

MD5 c5dfb849ca051355ee2dba1ac33eb028
SHA1 d69b561148f01c77c54578c10926df5b856976ad
SHA256 cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA512 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86d5a7e55a101a307ad514e90eefc1a4
SHA1 53df14e06e270e01607c0bb9af842ae97ef34170
SHA256 9cea671e728b8b6b100df55420a912598db1140f908a962383fd75b08b323d38
SHA512 2e55b3e771ef15a48dea7fd835e77fb13523ebc138ed5c140f085cbfd8e537539ffe31ce1ab4d2d58c93a1328bffec423fbf124e21474c4bce4609c1ea938194

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29a2cd0da349785aa04b5f59104cabbc
SHA1 929cf17bc51ad9d0a0d99cc283834bb65b1b415f
SHA256 5eca3aeadfbc4951df7101dbe6729c2ce52bbd5cb35340ddaa09d76826e23c5d
SHA512 cfa88c6c3636bcf6b5ba4565014f0a2711efe504547f430a6661b68a481802627a894bce2e6633e0fcc2d2b81ccb85367c949e14d3547faa563389dc950a6caa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d0ec87a22398c4d77cd95a42ae584e41
SHA1 40d6d55701f404ac4ef7ed4fffc90aa75d14457e
SHA256 c9163cee31f04c0e756b89096c6fe9561d28afbcf8fd631f6cb47f955cf4d231
SHA512 05651c3e0e2ea4214eccf1ef4f1b5cec216d5e2b19220f948038095479f8c15493151869178350ab0c056a39141cc95b25d818305170805e4d015703fc3c67b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22ede5c4c0f4ed57d21fd9317b0b4e30
SHA1 e143904a167971aa7a473496e606fbb8082d5dfd
SHA256 19fa4713267bc63c41a06e5f67cf254fbf7ff1f4737657c3704039fb7b3a63cc
SHA512 7abcc3665be7c175effb54033a849e2d7ee1e66aa9b7c72d809c56be847e520753a33374592e96864e77bf33e9887a5f09ead627228d6dd1ae770d676a4fcc18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9dab87e6c6d4b1fe5b8b59803ca21be0
SHA1 c6f66e2e4bf2fbf4d5811807c1710b61f93965a6
SHA256 891913a8babb059b410cc43d221469783db17a8f4c133b58e3cd27a136d5cd36
SHA512 5f4dacf2cb47c63097b812e1d006fbc5b904677f9109c1d9554e3f2a3518e09985c59fd7739a63beee3b668e4715a631391fd0b4642880e8a9d2d2fc13439bd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d60df322b83c2df5df9a6a4d2d25cd2
SHA1 3a4046b9766e7004b91f44864db14fcae9d1a0ae
SHA256 f2507ed93900d14cc90b19d5bb9e3bebee5be28918c12f13f0d38bb135c8ccf0
SHA512 cb22714157af59c8c67b847635104338a2b387a8d0d235e54233489acd906ba322450b714137ab02fdf162399e3581366763ac8e8f37d4f3562ce66352eb1ed7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d940763d0298c78932a3ab1f595b8f52
SHA1 fb3d208d90313923645f79255df144df42a6e617
SHA256 2076564a577f0dc23ff791e1f3470ab1d57d3a158e9977a42da6be4e4cbcaae5
SHA512 499ef7563420efae01d8e875c20619fdac7fc835cad91727ecfb3ef122792d5569e5c4bd4c8c5ea4ebd58a729eace9ef07fbe2c817a5abb9fc0a39b5ba03f974

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b32a18a7fe9b5b787361065694e6ed76
SHA1 a7092c7d5e1144377c277b380ca618c7d4ac5f50
SHA256 9ec9ecc55e1c8a09d4ca25f7c8dedffbfe141d3a0b0276b11c1b621bdb999780
SHA512 8db6de5de1300c1c087bd582d09bef3ed8b75af4d2e9fe6bf4728dd03940a35c7059e515de74b4f7ad2e4ae9b3ba16c79eae11b539b19292eee97f6c4b5547bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79115c15021035aab75e205baf79829f
SHA1 af266790d9d925f43e615fae7b9876204a307c21
SHA256 162afb0d041310f35a5d2e8e9ce318d7c178b6e651bd52d27c08e14e59ef92cb
SHA512 91a21ba6d9c01acd85569bb5d5da4c27377863224488613a54b9f7f2b4324d1d16e4e9323c3e770b9d11b5f6c2baa739ac72d71dbf170005c6a50f36a318e1fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e992e608aa756da69cea4ec3c79d4df
SHA1 963409a6fbd7d599d2ea52d760aaf209425c2a62
SHA256 38e83ed8f1e53ad76cefe34592eae576d6aae45e9e375bf40dc17464b384f464
SHA512 072c1f7b0d69fce986b977106141efe10e2cd0f4e55e4c05650c11167214658e0387abc485ac65b9402d8b370c1af5d3a4eb28b4f695b54e2d504371f1eae96c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a6c8de26d0cd81a2a3df6ac585c5455
SHA1 9db243e1ccaf300538cdad75c683b6edad90291d
SHA256 be0470e28e4d727a8543830aa2237c1adc9a5ea4d7db6d1dc75908b4203da6fa
SHA512 967d913f05ae9712f46644f1824539a612f7b5508d9f66b5a914213f1846ad10b095e00b2c9b8f381c7909c751d92edf52f3b143d6cc8a3e7f5d9670aa232918

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 af24203e0d7ccc6f0f9e8f1c508ada55
SHA1 ce7c1b3532a3527c6b7566afb1a04f9a30843f6f
SHA256 31eb17628a3e8919397e798873362948f38ca01a87129dbcfcc149f0b5fd7bbb
SHA512 adee606724d884b296fa1c2305b94539567cd251b707f6fe01e52bf050678b1b1cde35f70195102f0e3539676d6fbf4ff492062868e80bce828e0b98b7da7098

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\www-player[1].css

MD5 a9911a47a877d2736a20d97ea9030fda
SHA1 47f796faf3af4f64953cc6db639d16630a783fff
SHA256 a23b23fdcfb6b7aa426716b112dae01903b1224310b7b68ad118e507ca1d9dcf
SHA512 bc045bec918bb0bcc585afcb9af7913276d5c5e10ede5cb1a38f2d86b020c9dca23b8f134414d6a4652c76fd5c6172f3c88dcf8360ee1a2114b3261b62b01a25

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\www-embed-player[1].js

MD5 f99dc6ac4e05f583a5b1965461a75a03
SHA1 0df654cfe1090db9b4c3c4af952061b266fd897a
SHA256 aef62e7698d0579b63dd8063914436208d5b6db402c79dc6411e64a7ce3d83d9
SHA512 248f1c48e6824e850c2874094c147289b87a0dcc200819ccf507a16f6a8b7b20ed4495d5db6775471ab0a01f58609aa1e9b6bf29994a18daf48b65c58b4daf2a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\base[1].js

MD5 a6c11a77d3e7fdb8ce7f4bdd015bc498
SHA1 63d905f3e9563e78c234fec87d1dbbecc7b10986
SHA256 1491a0ad00abeee6f73a1de5d13b0bcf5a6b2c9586936b766ad43af1e16134dd
SHA512 3ba8c2c54d7313193511d5c6b865c8a6a656927cb4399cb1236edc552f0eb6442f92381334393cffcdd82a59e1de0e3d3c19c1aeebb776c5b68886069bdd4435

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\ad_status[1].js

MD5 1fa71744db23d0f8df9cce6719defcb7
SHA1 e4be9b7136697942a036f97cf26ebaf703ad2067
SHA256 eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
SHA512 17fa262901b608368eb4b70910da67e1f11b9cfb2c9dc81844f55bee1db3ec11f704d81ab20f2dda973378f9c0df56eaad8111f34b92e4161a4d194ba902f82f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\VJ3cQ49-W0wTsZDc4DMAAuv0ctNzsFFCAsXSVwLPXfI[1].js

MD5 9bed4606ecd3278923e75d98ce47ab63
SHA1 5fa9e4b8eac9b22e9f6a7d0829129a42a68b261d
SHA256 549ddc438f7e5b4c13b190dce0330002ebf472d373b0514202c5d25702cf5df2
SHA512 0c37bba8d34b8f457de928ca839a1b90b592c2a7b5a88d2ae3b5559b41df98a1a8cdc4fedebc7986f0715e08bd7c045f55d2ef1adeb987bf42fe8e802687b014

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 d075a20d7619cd1774cbceb39d4ef1a5
SHA1 48211419269ba78c764e53b236734ed1016c48e2
SHA256 d259055864222a753d2750712e030db5f2e4723ff2d0773cb6d770db3e87653c
SHA512 108128fc7d4c1e79075901a19360e3186de964c7544d77109f095cc7892b2231f133140f8fe2fa45e8b94b5e7ce4c183efa53209868ff25ca2ef122c830620a6

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 0ef4c3d13ebe34751e9235a142f593c1
SHA1 67a0f9e2b7e3d047d49517d3442d165a7587f765
SHA256 e6a248a5bf9618ccd65b106a068907d9b697a1be62a285991bb34225f22a4cb1
SHA512 9e6588a0a4a9c7c40298d8931d9266f266518bf3efa666e752990846aa171b8d7c4c3799e3d89ee9e062ac48605356a345b7c61665f2d3d419f68c22678ce372

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 c9308e2e0b98e1590e10d35f4660473e
SHA1 09adb5e5f8dc3a0e0a981ad00df27fc8e3a4e9b7
SHA256 4e10113901c59731d37b94d20c80139871834c5407657f7593efec1f5b23a66b
SHA512 43c95eb02ce0f2b007c64c9651199367f74f82bf0b40ece0849c8a4acdf4ad15863b9e230c0a15e4939f49ce604ce44f6a267aef5b06de49a85e48c34ba22fea

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 96d1b6ef7c65e2b21032622be1f0e38e
SHA1 e1161ae3badc35821a381e809681eb36e0e5b02d
SHA256 cf8b7969b8614d6087a82c48a1e2db4a703d9c1bf7c49d9ca59bce6a16c570dd
SHA512 4e6b0d6fb3662203bb168f0afd746b572614b485c32a313968f75735dd9dc1417acd841fbedfb2c17cd790cf5b78c58d9398c7a4ed5a26a1c0c286ae56572e0c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 f7a56d6f142697d9078cf50db070d4be
SHA1 1f0f1758312ef38bd340952dc2c759bc8986065e
SHA256 3435d797f7f23a7d75086fbf44c93db376de2ca33a69f7b6aaf5b148cb231d84
SHA512 a521fda7d9995fc4c84e7a4465cffe4337895d56e5b009e4758931c8a35c39591f21bd6eb4ffe892b391950744d696a1cb18e98a5270d1b4abd2c6df2cf3db35

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 b00c4e187e7113c65d1ec9323d46d3c1
SHA1 1a743331041fe7e5ed61aa282e316546901e7b1b
SHA256 37f77852f3aac1541d92a983a5302bd899790a809fafa386fa72dd278159c25c
SHA512 2d86c024e64b0fdd284b86bfb0d6fd64eb8ef85f3b715d03ab17a2eed925dc6d6643b7a11d9257266c071df95db8589fdf9c4aeb54837231a4614ffa335044ac

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 50841c395fb89c8ab0ae6f0ff56420a4
SHA1 dfc7afe49da91b344ca53478042ab8767b78276e
SHA256 2afc2e7ea8e30293db5db47516ceaef9f3e96d8df84a910a4b59549369058768
SHA512 abefdfbd169e790696f81c45fb1392f78f6a87b021f043348b9b54d29c161cc174dc53c4c221a2f5235ed81437795002f0b29bc6263feffc1291c5743f32c109

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 2d95e7b74c9ff70eb117e0001972d534
SHA1 0ec72728827d4f3735d7a4330b9c417c1a40b786
SHA256 a55bf3279c8ea15f1eb9fe91a8e4078a68c6415fe0750624849731bfa6ec2f5c
SHA512 6153ab68735999748bdc7c2c58f0292272b14f7f7e0045c0f66b606a53d8a29392523eb30a8f7a2241bd814147fa61bf0dd5a58a9b49b04313e07fe66c59affa

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 ec79091bbc2a4a6d543797ebe403d140
SHA1 28d93255359ad05bc581346091e6cc778757bf6d
SHA256 8e9714e6938cf537c7ad043cf6aaf162384109da175190dd72c380be0241a4c3
SHA512 d07b6548a4f26947fa2ef7e7f509b9e83e635e27b5adf0a977714bf92d2a35befcbdac49ee3b1c834f305d8f662eb908cccb9e2c4cefb3d4912662723a59da95

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 93f53f13f0815cfe6d86dcf3109c0f11
SHA1 4eb29ced6be4666c8b4362510c26fb81ef5469c7
SHA256 ec618f6c89eddc115cb55148b1566e411239c3e44c5e59db9f62a244f771242a
SHA512 c844a5b7684538a9b0cc18f035cffa91575e50534e997d760972afca84c359be578218fdb271a9bba9175cde932ceb1ba0ef18444df846ebf25b019b0b04c761

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 9c99f1371870a1aa4ac5c1769d39240b
SHA1 b5d901d6d3a1477c531a0b4c8f003977afe5b7c9
SHA256 0044d1ab2c409d968b3d0ae53c83b6c6ee75395992cb58aae4f58201c41a646b
SHA512 6670a8e9b89560e0d82fa76a46c56b6072c5a318b4ca6020eb01ddb89f545260a911dc0dfef99d3b4b4eedc1494e11955bad91b5c3716c0ebdc04a3e117a9c62

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\UAO9CIQH\www.youtube[1].xml

MD5 1616c0a36856a192f6f0d5929c226407
SHA1 6e9bd071261b6ef420dc50bb7bb71feca61030d8
SHA256 c5ced61564ba8fa8aedc48501b29678fd4eb96cab389d207fb5c9e5e41ef9989
SHA512 ac84212d2953efbe40d78f0357ba9759337b342ff81d0f9075ef3120189729232348dbc11089ce6d7605e61a5000600c2a3d2c51def0e1c9c922ae6f53e2a04a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e627780c74d2b461050a7bc546d108f
SHA1 26353965f2a82c55dc262a938b1788d85af402b5
SHA256 c95a289432acdb9a53cfb2a1030ab7e1be8056f951de1a444c888ab2ae05f2b1
SHA512 b7884c733ad44cd5a069ffd484589e3293ca2c6d64065984a74fc664637b9e73dd6795547ff350d14677187e958264952d64b5e6f3e1baeab4becd9f36e82568

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45021dcdcf37c194d0af6ea178604fbc
SHA1 7731ab6968ba25f01357f991b7472596971319aa
SHA256 e51912c5162f34ff12131d9e89e728c87221e9a55eff5eded25bf1447bb6ac5e
SHA512 880ba16de7fdec1ee6804301456acce2ff71211027f073cdafeccfae15752c3af5cae23699d0a8e170ec7ab8ab5f9c38c42dbbc9f4fafac1da29d6528c2a19ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7aab602702e20bfc5d9389dce7ea554e
SHA1 7da1136a82b1aab0ffe450614d491e23f8282f8e
SHA256 5b24076bb027c4a0bf8cede95891eeae310b2e7e22eaac9ad5a66cf4775e27cb
SHA512 195ab8af0c19b6c3421dea75031c1f3467e3779d975233a9aac9b201d14771285ab06b913f7bf2e3a60374dbb89fde94d58e55210d7f7e843a2edb9d36635cc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edbcd4659a32e89ff6a529f50df39112
SHA1 0b0b62914834faf34d756f99ed78be25c5039f4e
SHA256 4e933bfba73f978e15c318e96e5afb3ef9916f80b2bc4e0a6b4a8446be7402cc
SHA512 7d681cad4040b1ddddf916ae3c5c681f75a2af1dbb080148918ea506727e3e80e2f90884781dabc9672df3f7ee3f6b77376f29d10a82b27126462a1f2cca9171

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 164bac6c3b948ac8442e4c226a61749a
SHA1 a348a7c50befe99da5a6c95691ee4f9f23f094d8
SHA256 a37439fd2016b239816b78cb9a8c43e0bd2d49c3cb0eb1149ef9469ab78aba2f
SHA512 c1362f5967c6112901048a759173a41c509b481127c5af431ae011af4432cc4e5453c059bd9768f602d37aa82457e03952cac019644c446cd8412e51d957ebc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db6e9c9f8c8594b97a910c86dd257bd9
SHA1 aa6593392d05d5976376c6f1c48937e626f79101
SHA256 4011a21336ce7e73eeef7f58ac872d0d815529d3dfe6ef9ff52ac10014846648
SHA512 bd2235a561d75e141a84c27fe73949e0d24acb5b6e30ee03c28dade7fd4c67ccd313ccb3b67d0673789ec29e68d01ae5eabc5efee54ea282dcafbc5bc1588c08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 cce6e4edaa93ea8c0197ef384cfd5a82
SHA1 2a5a4e2a1ef8b58f1a12c6c410afd5e99d52d259
SHA256 45433b4c2367b06c337e5d3d3474fb47360a5492cb9d70aafd4ace35b533cd81
SHA512 c1c8b50f19fe9280e55dbee21d6ea0213026e5298383b9ce61938a4b49197953e8db3555a48b8a4cecf875a2f5f3b2c0295777e985196bda4a4ae34d066f1a08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 476e5bf4f90620c5dbab79446f7ec8f8
SHA1 75ac1f7855956dea17be3dbee8b5e1b81e95d8b4
SHA256 51be43ec8c64e724487021384ca02ffbe76d56472aafdaed7325873ca58f35f8
SHA512 a4c3562f63f0771ebaf94035e85832e98f19ba215fb66c8384c38c1425ae59a0112cba7c19ee3ae67541642e687c4bd37aef2979bb1532d46728f8747cd8d248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59a46b3c57e7c0648d38f0c26803c449
SHA1 532bcf2415dc3f2bb44169e6aaf888699af4051a
SHA256 ee67d7cc1f447128f800bb9bed89b2e96c705c558e29c5c4960b0542feb3a140
SHA512 705e23af45a2de1203091116ce6ac762c330d9b131ee5bee693645c4c1ef27cfea33bb54f621f7f466ad61478502521427821efb269bd4d3cdcfa5744462a047

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca15b8e5c56f89cb16b9c3c598c0646d
SHA1 27de933d45e19545bcbc189f4a2d97618786dbe5
SHA256 af4b64fd833f8c05aec58d9e31d021da72f6c17495206ea869836646d6480f5f
SHA512 c9236d0e9dc21f2a67470e8d6894f0085a544fee39be7d713045127d8b9b12ce811bdb9ac35516407b3c86f11b95a262907eaee2ddb07df52035649a594d6ffa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c10564875a3cf7cb12897d9e6eb7b77f
SHA1 d7162fcf085b0059efe640799474fb1f004f259f
SHA256 a2daaffe3120199e903f15cd13b581cd3a87d4cd062c7491e068cbe458ce3585
SHA512 050665fab1b49a214f8e09c53bc357bdde3af52ec6be6da01caaf0ed152073e508532900c23eaa917bd9320f8a9acb0910b0862fdd9eecf3547ae2d1ce991f7d