Analysis Overview
Threat Level: Shows suspicious behavior
The file https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads the content of photos stored on the user's device.
Checks memory information
Checks CPU information
Reads CPU attributes
Checks CPU configuration
Resource Forking
Changes its process name
Enumerates kernel/hardware configuration
Launchctl
Writes file to tmp directory
Reads runtime system information
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Analysis: static1
Detonation Overview
Reported
2024-05-18 12:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 12:22
Reported
2024-05-18 12:28
Platform
win7-20240221-en
Max time kernel
60s
Max time network
301s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7129758,0x7fef7129768,0x7fef7129778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3152 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2488 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3572 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3368 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2456 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1268 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x7c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3892 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4464 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4668 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1080 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1064 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4976 --field-trial-handle=1356,i,17442650067054041612,13037176902337986756,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | kimcartoon.li | udp |
| US | 172.67.132.243:443 | kimcartoon.li | tcp |
| US | 172.67.132.243:443 | kimcartoon.li | tcp |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | cdn.adschill.com | udp |
| US | 172.67.69.225:443 | cdn.adschill.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | platform.bidgear.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.26.2.107:443 | platform.bidgear.com | tcp |
| US | 8.8.8.8:53 | admin.genieessp.com | udp |
| US | 8.8.8.8:53 | propellerads.com | udp |
| US | 8.8.8.8:53 | pubmatic.com | udp |
| US | 8.8.8.8:53 | pk910324e.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | fireworksane.com | udp |
| US | 15.197.165.128:443 | pubmatic.com | tcp |
| NL | 212.117.190.201:443 | pk910324e.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| NL | 212.117.190.201:443 | pk910324e.com | tcp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.190.80:80 | apps.identrust.com | tcp |
| JP | 222.230.178.146:443 | admin.genieessp.com | tcp |
| JP | 222.230.178.146:443 | admin.genieessp.com | tcp |
| US | 192.243.61.227:443 | fireworksane.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| US | 104.26.2.107:443 | platform.bidgear.com | tcp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 8.8.8.8:53 | imp9.bidgear.com | udp |
| DE | 78.46.33.196:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| DE | 148.251.152.47:443 | static.a-ads.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 212.117.190.201:443 | pk910324e.com | tcp |
| US | 15.197.165.128:443 | pubmatic.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| JP | 222.230.178.146:443 | admin.genieessp.com | tcp |
| US | 172.67.69.225:443 | cdn.adschill.com | tcp |
| US | 18.239.208.95:443 | ws.sharethis.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| JP | 222.230.178.146:443 | admin.genieessp.com | tcp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 8.8.8.8:53 | jaob.jybaekajjmkyy.top | udp |
| US | 104.26.2.107:443 | imp9.bidgear.com | tcp |
| US | 192.243.61.227:443 | fireworksane.com | tcp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| NL | 23.109.170.114:443 | jaob.jybaekajjmkyy.top | tcp |
| IE | 3.248.168.123:443 | l.sharethis.com | tcp |
| US | 18.239.208.98:443 | count-server.sharethis.com | tcp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 104.26.3.107:443 | imp9.bidgear.com | tcp |
| DE | 148.251.1.246:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| DE | 78.46.32.91:443 | static.a-ads.com | tcp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| DE | 148.251.1.246:443 | ad.a-ads.com | tcp |
| DE | 148.251.1.246:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | bcgame.sk | udp |
| US | 104.18.37.51:443 | bcgame.sk | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | rtgio.co | udp |
| US | 18.239.208.87:443 | static.hotjar.com | tcp |
| US | 172.67.145.125:443 | rtgio.co | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | insights.rtgio.co | udp |
| US | 8.8.8.8:53 | socketv2.bcgame.sk | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | socket2v2.bcgame.sk | udp |
| US | 18.239.208.36:443 | script.hotjar.com | tcp |
| US | 104.21.65.129:443 | insights.rtgio.co | tcp |
| US | 8.8.8.8:53 | collect.analyse.lnearn.com | udp |
| US | 8.8.8.8:53 | collect.verify.lnearn.com | udp |
| US | 18.239.208.18:443 | collect.analyse.lnearn.com | tcp |
| US | 18.239.208.18:443 | collect.analyse.lnearn.com | tcp |
| US | 18.239.208.71:443 | collect.verify.lnearn.com | tcp |
| US | 8.8.8.8:53 | bc.imgix.net | udp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 104.18.37.51:443 | socket2v2.bcgame.sk | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | event.getblue.io | udp |
| US | 8.8.8.8:53 | widget.getblue.io | udp |
| BR | 54.94.235.173:443 | widget.getblue.io | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| BR | 54.94.235.173:443 | widget.getblue.io | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| GB | 142.250.187.226:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cms.getblue.io | udp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| BR | 54.94.134.196:443 | cms.getblue.io | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| BR | 54.94.134.196:443 | cms.getblue.io | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| BR | 54.94.134.196:443 | cms.getblue.io | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 104.18.37.51:443 | socket2v2.bcgame.sk | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.229.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 104.18.37.51:443 | socket2v2.bcgame.sk | tcp |
| US | 8.8.8.8:53 | click.a-ads.com | udp |
| DE | 116.202.214.170:443 | click.a-ads.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| DE | 116.202.214.170:443 | click.a-ads.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | udp |
| US | 104.18.37.51:443 | socket2v2.bcgame.sk | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 192.178.49.195:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | collect.verify.lnearn.com | udp |
| US | 8.8.8.8:53 | collect.analyse.lnearn.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 104.21.65.129:443 | insights.rtgio.co | udp |
| US | 18.239.208.18:443 | collect.analyse.lnearn.com | udp |
| US | 18.239.208.8:443 | collect.verify.lnearn.com | tcp |
| US | 18.239.208.18:443 | collect.analyse.lnearn.com | tcp |
| US | 8.8.8.8:53 | bc.imgix.net | udp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 18.239.208.87:443 | static.hotjar.com | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 104.18.37.51:443 | socket2v2.bcgame.sk | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | event.getblue.io | udp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| BR | 54.94.235.173:443 | event.getblue.io | tcp |
| US | 8.8.8.8:53 | widget.getblue.io | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| BR | 54.94.9.213:443 | widget.getblue.io | tcp |
| BR | 54.94.235.173:443 | widget.getblue.io | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| BR | 54.94.9.213:443 | widget.getblue.io | tcp |
| US | 104.18.37.51:443 | socket2v2.bcgame.sk | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
Files
\??\pipe\crashpad_1220_BWIESWAISFLUGBIT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3921.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93e023d60d2d99bfffd17127f0af27f6 |
| SHA1 | 2c71c06b7837b23fdd38c0717c12111feb2b3dd3 |
| SHA256 | c9d092798872c6811d1bbee3d81b1f266d72e5331d514ad954fb67d86d8e3e15 |
| SHA512 | cb9f05770f185bac9db2c515136e0366fe0b92c2efe48633a41e08ea236e390b169a495c9c1601f2edcafce60151e97071504801e3e3fd3c58a704035e3a2ab4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 046456e1a9aa9cc811f70231037c1e9f |
| SHA1 | 6308f960fb4461e8b3765f3a5e899d70b7564a1e |
| SHA256 | 15b1e55606c4d6ab48258bf41b5bcc2a86b86db9f6ead660f437d42d28b99de2 |
| SHA512 | 36bd9e0ec47a304de3b9d7ea14b0b1973694514f07f6d98879ddc311aaa4da61873e7a54a56af454201b644e1b6b61194fb73c4f02766176cfb91c2eed809a3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1321407c60f3b7079fe3ab123eecfc77 |
| SHA1 | 9aa3390370b24ee821a410240a761cb65fe15e52 |
| SHA256 | acf3d1b1425de7f22c48a21ea405f12bc389a5a2d8344c39350cf22060cec253 |
| SHA512 | cf46ab138e32d39a33657979c208e443b8b132c5aef21d97803af3e04778d013c8eaa90e921f18dbdf1a140c9feaa93de893dcb3a24395be23c6861b28da3b52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ecb473f96e9caca408e61ca497b3fff |
| SHA1 | 4db8551c5f3781c22f116fd7782d05bbc5746f15 |
| SHA256 | f7340eaa2c75666c2041b59fcc41cde7a036eec464bb2fa6ff61ad80e6ee4613 |
| SHA512 | f86710c4099bc51a65a4a46530e075b5ad800bfdb6217605e0821e7f5c3adf79b3b46cc14de407b27747d5a11adb92cd932d80658fd2be888211edf2191c8ee6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82e326d376d6169099d698b070537e0b |
| SHA1 | d82179c7c35b6459dea2913d9e0355bee5143516 |
| SHA256 | a003c6b5ecc32ebbf99877aaae55c6934d0b75a05381a8c5dde31ca3c1ad1873 |
| SHA512 | 40a784cdabce35b1d1d22bc973522cc46864eb9948a39ef3d2111b8808f8194c5c2c0259e824f8ff4e5c80cf2acf49a038543b2e3f29d5ad91b54a647363378a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dc37d46e825517a15bd2a42862250a7 |
| SHA1 | 1ce3bcb6e39a9027e6bf82f645b445ae1a247fc7 |
| SHA256 | 8b470f407d4bfec5f60140bf1d5fb2f2cdf285f2fd6252a4c025af580bf3e11e |
| SHA512 | e12a76768a44822b65713caa5efc227edb7ba6e88fd9e36bddf1781627687bff1aabb62b3924426ef8e2adf7b454d0b7aab5535153ad46464ad2fe39c913ac1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df3f72e09dc1a356b5e4bfa16382a1bd |
| SHA1 | cbdc35864a7e79f641269ad39b416fc5b14d9e3a |
| SHA256 | 212ec31620f84e84d3f799dd3fe5b9aae1b46988ef40ba80207462cb60becaf5 |
| SHA512 | 1540c77c07d0f67dbd592c10f0fec2c0f0283f273245a99d3465649573de1a25eec07949983dbe98fbf121edb9cc8a718abe3629ecd497591d9514d885071edc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7970db815d341a0a8438ef696d58be2 |
| SHA1 | 707d916ae83786e91b720732bb01e409ca7f518a |
| SHA256 | bb5033289d0af067573d6507ad8c7001eeb057d3b491884a8b5ffd70a3bb5bf1 |
| SHA512 | f2d275290d8ec5f5f908eec9cdb2aefd64108f3e28326e7c4724d3710d5f32d1375a558a4532e56bb54d9da462f6c9fab8c8ffe7442a66076c83b960901920e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1416f6cc0cb747bbc4c8191b899c8c7 |
| SHA1 | 7cda98fae392b63bd593358a93cf4d06eb66fd2a |
| SHA256 | fc41cc381e1f87b5d14a5b1428385a8a42fae31b83e7dc16cc69f88baa7b6247 |
| SHA512 | bbf3f581b23b983e56e7e4cb4675fe1e9b177745bd33027779dde8cb37786d71e2e930ef473c112bba445d480547939c1ac0e02c2ec94c8c4e8320817674b09a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 80d4fe55abcb6d1fabae7107c1155e27 |
| SHA1 | a2352b6956e6c0155ce5b4666d44097d0102ef90 |
| SHA256 | eb9ec5dd33f499cb810913708250ca4264d46622274720be04f1ab0cdc3b80e2 |
| SHA512 | 18854e0a3dc147b2d4a55ea1ccc4c0c1038552ccea663318cd3db4f2f9d17bcbbf0469b9b5a636b448c6a62b74964a539d2bdbb7e678c74e22b303f31e11647a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6571c5b8940db7a23b722d6549de3c93 |
| SHA1 | 118df63744252182c24ae8bda79bcd6d32107dc9 |
| SHA256 | 984c72ad2e98bc0912a5203c7d0f404de4bf7e386aae97f30478d12fc888dff9 |
| SHA512 | 5dc58ae5a5aba32afe5d5bd7b62efe649fd4f024a60eaa069e615822b0dfd1314632a122aabd5d766485d49514e2498b47cca6d89bb1e1a2163523a6a719bcfc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7c3b1c2cfa854292be303816f7e7f7c4 |
| SHA1 | ef2b53b793c1a5aa7682a4a4cb5910d19fd552f0 |
| SHA256 | 47595959fc94d100ea2f7237ed6d3f01b97b6fdf017a8b7460419470e40e87de |
| SHA512 | f4edca0411f053f1a79d9b085261a0314299632007a275e7520bbe743d7cddc185a6d866594d8d3a7d0d798cd106dd8d32ef25d30463f04fadc7b09c9b3b3baf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4eca14de25103fcc960d8f94b4e748e0 |
| SHA1 | abefe3a83cd03712d4ef91bb526b678de494868f |
| SHA256 | b121be7263eb381b8c6ee748d8ccae4e28ef219574594216037918cd2c165415 |
| SHA512 | 524b83a1b47f6f0ec43abe309ede9116d9f518c0b34dd262202b4a2238cd1c9be8d691a4b2bc8b9183b748e7816fb2a303ddf7d847b19aab71741f4c43f8a242 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 091c2f643c00c8760c33ac523edc1115 |
| SHA1 | 5e73635e164f82003c7494b976a80e2232bf2d4d |
| SHA256 | e0dfa0b300e2e798743a3853ce99668a1eeb740485e4a74d5cb18cf5741a24e3 |
| SHA512 | 365a45776921855a03852b615a3489a3fa695b40ae2c098c2b36d6bc9ca0d55750629b076415a2b4ea697be1a136bb52a32fd2cab56e63ca96f6ea1b384c131e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab7b0e78da93389c76862a1f713afa62 |
| SHA1 | 6bfb11e9068badbbe034ff785afa2ef2a700c2ba |
| SHA256 | 1eb63d7e3ef25f840c22e4d1603cd0c93528db97911a54ee6db05c4f67e95685 |
| SHA512 | b6cbf59e9fee31ff860af70f3264b7fd715fe3cb18cfebe7a70e11d577a2ac7ef6292334a22df9a6d1b611f6c0450034c9d834e79bc2ed90886d618bfbc931ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d5523b1efb05c4642032b77b3cb40a75 |
| SHA1 | 97418b4ddbfc842660a8a76ae3599ce2335a5714 |
| SHA256 | eac3ded50c520a9259934ade3ebfe4f6968d943b784acf3c80623806d4328f5f |
| SHA512 | cd0e08ffc0b502b9ec992ee7553e34494d70583b9d89a9543e2fbd49333b41a02c560bd9d3f0333ea075c25f8b1c2ee9a8a913a4ecda1ae810fcec956db5542a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ebc8e98ac9c5511860eb3342b79707d8 |
| SHA1 | 714ee1e1e9adc7451cc272bc44cb56abeca25643 |
| SHA256 | d6ecbbe011b8372043e8a1404e893e28b250c464a9acb8b2498d81aa1733b0a5 |
| SHA512 | 488dfe6a2bcf179436c4e97c2bcecb41183d68682098b9f345670d6d06fdf851cd662b62b92516dd00c5ca7144ec9a08dde3bfd82c115adc3cabb19631c4853d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e
| MD5 | 30a274cd01b6eeb0b082c918b0697f1e |
| SHA1 | 393311bde26b99a4ad935fa55bad1dce7994388b |
| SHA256 | 88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42 |
| SHA512 | c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf79a94a.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 250739763e50f35f8b11b600a3f33f11 |
| SHA1 | 8726fb42495319acbfb0b0d24fe7ee537d0744e7 |
| SHA256 | 89c54465204e4807d66212046748c10eb4458002d0aa7b3980ae2dd1b4e9fb25 |
| SHA512 | 7b20e5906c854c4837bc5330bac4aa6ccdfc41368434d6f765e16f4f0e15f053ddd57a80116336374d8d7c42d32124bd8696a5ec7fb93c09fd8387a6ca67cfae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc3ae39918ac8b9e74da0baf406b0774 |
| SHA1 | 9068862a8771be3ea80ff883a36e14bb6743c15c |
| SHA256 | 1dff2398205161c61c46ee2391aaed95e5283916be3400db29ccb073696402fb |
| SHA512 | 164e87fa74eb79ed832637b1f6d66200585d0bbdcb6e57c7ccb289aaab3efacf318f00613b8266526eb99b7c2124f585ae7e41aa666415821d1547594adf445b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad0301ed16e4a1e7dab23dbad942440f |
| SHA1 | d71eb6ba5aeb7b7a620d0da65724f8cdcc6d8318 |
| SHA256 | fef37dbf7c0a10038bb7f51ed190ad6296de49ddf2fbb083841d09c84da2c9b3 |
| SHA512 | c9227c1a0e8b734ccfc27bf26a9747266dd8ec0f1f9d2b5387a60c68dc5e0a1bc307953ffcfc133aa1edc40e686afbc147002ea536ae42ed184ab1dfeff5399f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e243060be382fc2bfced781bf17caefc |
| SHA1 | e777a1563a432dfee29f01683d8520779ebf5606 |
| SHA256 | d0e4f37c08b733b7c24ee7ca686b30a51a8506b1b614051913e7c2ec687842b1 |
| SHA512 | bf7c33ed7a37d1782cacb4d34108fea7b895a74f0897a2e655875b6671ba950dba50be5a5b08383b20453bb4141636ed92d5d47ef3257caa7fbac48b73d546cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9c0da41293fea6160f89aa8e9fcd1a94 |
| SHA1 | f1f6acefa6f9f5b72389b34dda0a78e225e8da38 |
| SHA256 | 57bfe90175b3ac5f07bd5928621522c0563f04fb743936a17d3df10cd19abca7 |
| SHA512 | adb975fc46d8d1719917947adf4e1272656fc785c29ea8c460d1403be1c62f42268b2f87ee1198f899840c8d3105b45f66a9ac3ff393b8dde1db38c49d64fd63 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c3bf1bdc6d28a9ff617cd0fe901da7f0 |
| SHA1 | 27d3ecfc689aacd57003426e4c6c798d06a050d9 |
| SHA256 | c897eddb9f65123a00d29ed7691beeb2a0ba14cd04762d2169ff4820ae178b52 |
| SHA512 | 9ea8f80efe463946b8b073860953a98f8282e7200662a304943a3fa0c0502e07a3a50e088f40918a946b9cfa3971bdad797db7830762b6f3df9c8eb3d56fb19e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b
| MD5 | ddca41bec0f25bddfde656b4febd557a |
| SHA1 | 4240c4472d4a6d41341e7e4c1f5179e1fbb9cd53 |
| SHA256 | 3bc8c9d657c95e6f08ac3fac675f8c4442e1f44af235969ec651faace41827c2 |
| SHA512 | 565af66d0fb7c701e40b4538ddb3aa020bdeb0c0dc9f0857656082a212b59724c7ad15e9f122c8de387d549489bf97795855c09bb1deac8f9970ba6e1c014460 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 286be6aa1524e7a96b184623bc112b1b |
| SHA1 | 741e489d60cd289db63bf796b3c3899d601ae6bc |
| SHA256 | 8935ef50fbd72e8c0a77d3452f62cecc3a60f76ad1170cfc299cb8ef576c0539 |
| SHA512 | 7fb66c74e8070b0a157d4b7005f6ec4aa814640069c0a36f999b642e6c74daed26c078d5122360d6e3e20026fba81d9186f2f92700d88b3d3800f5065020cf5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6431576ed69cc41ace98e9ca02c84512 |
| SHA1 | e5809837c1e7bcab05d703e7861937a42b69d15b |
| SHA256 | dff47c8114425c40d00776a25b6ee6e1a8bb19bf81fa95d5f3deade6bcbb28de |
| SHA512 | e8e655b6a7867b80f2baaa6130830dc112876c47a3cf44af52b4417b17280d9900d448278de411c8f54a6ea6d702a7298e1b8e7a3e83c59c5ac7304388435de4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b8abc139f9821c98e16a7d4e0c69adb5 |
| SHA1 | c9ea451a98702fedbee189fcfb4598e8f55bcd77 |
| SHA256 | d69f847a76c5a600db649bc1c0eb43ca008e2c1038baf5905c03ca0353f0458c |
| SHA512 | 517c2592c386f8ea707b890fd49e6332fbf2b3767f5d81420ac761d647f3aa86189e499e256624fc357611d2db6e3e15e9bf330c52eb2146beb1b0ba7839a93b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 07aaf6545912e7c5fecf1c08deb6057d |
| SHA1 | 6e99f648e3b5929495dfb65e2b85d144f427985e |
| SHA256 | d43908b8190c16e633ec0960ac7e8a39d0fa1f383eec8940109e38ec8d094723 |
| SHA512 | ad66624628c132d03624b50b367cc48958e29b89aee2787b360fab58f46d694a72d4a9ab3ac05929b56633a186724aa111d488a4f623affedf0b8b1bcdf12518 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081
| MD5 | 41785febb3bce5997812ab812909e7db |
| SHA1 | c2dae6cfbf5e28bb34562db75601fadd1f67eacb |
| SHA256 | 696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483 |
| SHA512 | b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\index.txt
| MD5 | 9707cd6253ed898bb4bab02fa8780cfb |
| SHA1 | ca2c61d97750fcd126db17edbb350c1205840119 |
| SHA256 | 490ab4cf6e1b8b13e2eb2b9f16829af008b76b3d8c6e1d63d2aa12796bef2fb3 |
| SHA512 | 9e5088654bf0fa2c03b5f8e4dc3a078d2b6cf1fa3d2228f610ba9677ea641f35f9a17a36c9fbb53d9bec79c8091fefeb1038268af6574b443782f6a647422b6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\9ce7121f-c822-4193-90f1-e1d429405777\index-dir\the-real-index
| MD5 | 031d1d4ebf4f399e0f8b6572ceae6279 |
| SHA1 | 0a9aec6320782265b5e7f7602c19ae94c47907d7 |
| SHA256 | 777e5a5e9cf072b8655e3ccd26698d2203e5b0e4730a9996285a6149434ed5a0 |
| SHA512 | 244d68d381ae74837cceaf3bf23308dd778d24f321bbebf92af49c9f4095f9274a9b48b932fb6b55117458f3fd180368d629426096a633bb047a6fc9c76004c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\index.txt
| MD5 | 51562d539132a4deab455940595b7806 |
| SHA1 | 199c3be4c3da4766e9212c0aa825531a0e314c7c |
| SHA256 | 91e5156cf96a059733eb7e218590cde2732724e54f51d701f32faf47fb5579df |
| SHA512 | bfd3b93f510340b531250287983dd97691b3f5dd73be64ac8dbd7ebf18f4d89df4c1dc4d11be194a58b0e32a36974592e74f3e4da1e48d061c4503351faa6797 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\d716063b-dbea-4426-ad35-9f63d80dbb03\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034
| MD5 | 237a8fc18fa5c39f5b9ec062a4416f1a |
| SHA1 | ed1420ccb6d1497f8473747f9379db8b307426fe |
| SHA256 | aad06a8d164a2a6aa7d0e781fb70ca9917a1de557b54e6138f11d27809a17ffb |
| SHA512 | aa5560cc757d6082f1e8f0ce92852da4cf9cec061963d1ebc82d4dea0d9f05e25fc4e29fd11abf36188fc7d8917d8b2d8025158f4643880b054d54cb509f1a30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | 0d27b074b9ff5297a7cabef7c891caa6 |
| SHA1 | d113c2abfe8ea2e7ddd23640a88fa01d600f7d4f |
| SHA256 | 6056a66e5373a75a0aa5cd7cdc977350ed88f5ebb30ae66ab640c280dc4e2252 |
| SHA512 | 474c89a60e89559a1c526bd56f2143b6ac890031eb820d083e05a0c23654ef1ef2f22134323226866e200f9710d667c217a692a7ecc3eafa1506033d4e11c1f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9abfc25f086693dfbc18ac368b839109 |
| SHA1 | b73f076e32e7d9f5462d4cbe7e5148321b433584 |
| SHA256 | 3d3bb785cfefb7d534e574f415084e9e6809d24257e861ea84fe8d579af29aac |
| SHA512 | 518ef3c278d197de984bbcad8e2a42f0f580ce8062d8279713ec4d9dcd0e95332ec3789e6b50987ce5c4ca4af4badfa20404bb43505377fc434ebd8d2c2c6c8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\9ce7121f-c822-4193-90f1-e1d429405777\index-dir\the-real-index
| MD5 | aae67c666a9f7340c115c3a0bb6f4602 |
| SHA1 | 0dfea461adf15dd91dc6c2f973250f4e2e9fdedf |
| SHA256 | 2178b2eddf6ae8caa4b5b6c2af4d8ffe3a657e713a164b67c4388dbc56633f71 |
| SHA512 | fbdf57830263a7daf8d16f70e293bf7779667a33889af1e60d289443580876aa5a6f06db2de572d15a717f7fdc17e668ace310fd78efb41776614545de06194c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 544b3e5715f6e28d458b15cc6114ff33 |
| SHA1 | 7d3345029d1e448b6fa33cd900ce82493d2e791b |
| SHA256 | 8cd3fd21c460ac494e804d921b1aabd4de7750a8a93af7a5e4a0c062fa8c88f4 |
| SHA512 | 37904c9d30370433d327f35e3f5a6b08627ecf4803cd9c1130b234af000dcfa5f4357a4e6ab7b91cad70ec9b88447f4e6c1f48ae4f9b96f0e3558892987b9e0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3c1fa200978f268a7beee3bf0ed5a19f |
| SHA1 | 9729dd05c37818aab2cee7b5ad2456d342c9b50c |
| SHA256 | fbc7402a9b47a2b2cefd08b08352c687a27ce53b90f2e6d942b7396af4612eea |
| SHA512 | 51193f2b298bae5e43e758a2d776358400616a129b0a88236ff35d863ed0a40a41ad5310655825015e35f3fa475c4b97eedd4dae1174b8f95a2a80d38bd29c91 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 12:22
Reported
2024-05-18 12:28
Platform
win10v2004-20240508-en
Max time kernel
303s
Max time network
304s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133605085882807400" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd330ab58,0x7ffcd330ab68,0x7ffcd330ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4144 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4512 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4616 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5232 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1872 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4876 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4828 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d0 0x2ec
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5384 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5524 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5700 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1900,i,2681580785301933613,5064751894427134884,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kimcartoon.li | udp |
| US | 172.67.132.243:443 | kimcartoon.li | tcp |
| US | 172.67.132.243:443 | kimcartoon.li | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.132.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.adschill.com | udp |
| US | 104.26.15.57:443 | cdn.adschill.com | tcp |
| US | 8.8.8.8:53 | platform.bidgear.com | udp |
| US | 8.8.8.8:53 | pk910324e.com | udp |
| US | 8.8.8.8:53 | pubmatic.com | udp |
| US | 8.8.8.8:53 | propellerads.com | udp |
| US | 8.8.8.8:53 | admin.genieessp.com | udp |
| US | 104.26.3.107:443 | platform.bidgear.com | tcp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 212.117.190.201:443 | pk910324e.com | tcp |
| US | 15.197.165.128:443 | pubmatic.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| JP | 222.230.178.141:443 | admin.genieessp.com | tcp |
| US | 104.26.3.107:443 | platform.bidgear.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | fireworksane.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| JP | 222.230.178.141:443 | admin.genieessp.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 192.243.61.227:443 | fireworksane.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| US | 8.8.8.8:53 | imp9.bidgear.com | udp |
| DE | 148.251.233.147:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.210.104.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.165.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.178.230.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| US | 8.8.8.8:53 | 3pkf5m0gd.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | cdn.bncloudfl.com | udp |
| DE | 78.46.32.91:443 | static.a-ads.com | tcp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 104.21.35.62:443 | cdn.bncloudfl.com | tcp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | 227.61.243.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.233.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.32.46.78.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.35.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.85.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 15.197.165.128:443 | pubmatic.com | tcp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | ws.sharethis.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 18.239.208.95:443 | ws.sharethis.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | l.sharethis.com | udp |
| US | 192.243.61.227:443 | fireworksane.com | tcp |
| IE | 63.33.31.69:443 | l.sharethis.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jaob.jybaekajjmkyy.top | udp |
| NL | 188.42.108.108:443 | jaob.jybaekajjmkyy.top | tcp |
| US | 8.8.8.8:53 | count-server.sharethis.com | udp |
| US | 18.239.208.98:443 | count-server.sharethis.com | tcp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 8.8.8.8:53 | 1.cqyj3ii7r.com | udp |
| US | 104.21.35.62:443 | cdn.bncloudfl.com | udp |
| NL | 45.133.44.20:443 | 1.cqyj3ii7r.com | tcp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 8.8.8.8:53 | 69.31.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.108.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.44.133.45.in-addr.arpa | udp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | click.a-ads.com | udp |
| DE | 148.251.1.246:443 | click.a-ads.com | tcp |
| DE | 148.251.1.246:443 | click.a-ads.com | tcp |
| US | 8.8.8.8:53 | bcgame.sk | udp |
| US | 172.64.150.205:443 | bcgame.sk | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 246.1.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | rtgio.co | udp |
| US | 18.239.208.123:443 | static.hotjar.com | tcp |
| US | 104.21.65.129:443 | rtgio.co | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 18.239.208.36:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | insights.rtgio.co | udp |
| US | 8.8.8.8:53 | socketv2.bcgame.sk | udp |
| US | 8.8.8.8:53 | socket2v2.bcgame.sk | udp |
| US | 104.21.65.129:443 | insights.rtgio.co | tcp |
| US | 8.8.8.8:53 | collect.analyse.lnearn.com | udp |
| US | 18.239.208.77:443 | collect.analyse.lnearn.com | tcp |
| US | 18.239.208.77:443 | collect.analyse.lnearn.com | tcp |
| US | 8.8.8.8:53 | 123.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collect.verify.lnearn.com | udp |
| US | 18.239.208.71:443 | collect.verify.lnearn.com | tcp |
| US | 8.8.8.8:53 | bc.imgix.net | udp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 151.101.2.208:443 | bc.imgix.net | tcp |
| US | 8.8.8.8:53 | 77.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.2.101.151.in-addr.arpa | udp |
| US | 104.18.37.51:443 | socket2v2.bcgame.sk | tcp |
| US | 172.64.150.205:443 | socket2v2.bcgame.sk | tcp |
| US | 8.8.8.8:53 | 51.37.18.104.in-addr.arpa | udp |
| US | 18.239.208.77:443 | collect.analyse.lnearn.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| IE | 209.85.203.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 84.203.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | widget.getblue.io | udp |
| US | 8.8.8.8:53 | event.getblue.io | udp |
| BR | 54.94.235.173:443 | event.getblue.io | tcp |
| BR | 18.229.238.34:443 | event.getblue.io | tcp |
| US | 8.8.8.8:53 | 173.235.94.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.238.229.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| DE | 37.252.172.123:443 | ib.adnxs.com | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cms.getblue.io | udp |
| BR | 18.228.25.180:443 | cms.getblue.io | tcp |
| BR | 18.228.25.180:443 | cms.getblue.io | tcp |
| US | 8.8.8.8:53 | 123.172.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.25.228.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.229.21:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.19.229.21:443 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 21.229.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2428_TVYNCPECRZZZCIDU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b60c6152-dfbe-439a-8bbd-373e42e2d87b.tmp
| MD5 | f0004cdac9a2ecb631b76e97ef3c430e |
| SHA1 | 67afe1af167983c02c6340c2d1808d342c3df909 |
| SHA256 | cd3feed46f28c8943e227185fd9b2687d788e56ed00d5827e80b93b82f7a7719 |
| SHA512 | 277309855ebb87ef931591a4df12b85ca8f60183023f134113ab69fe9ba98e8e1f916a868c117663c89f32fab47605dcd38e36d83e34bbd116b8d29a6bb21f00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a31de91224da104f99da0a49baf65965 |
| SHA1 | b89e5bd6f838b67b5f1bd290bb127878fc10b0f6 |
| SHA256 | 950d70e69f9b84ccaf41b9b34fbf954bd04deedf3b685d524485ade933e83f1a |
| SHA512 | f45c44d21fc3a58d3a70439608bc2ba29e6a3513d443141c966a2185532d15394692c1a81a88fd8b72a0b26a500092750c32abd5605974c248fa2e352b991933 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8a7bc7abc927d6ddae2487b04848ad17 |
| SHA1 | 595caba9bd532c28f3d0bda0ebae4a7711cec53b |
| SHA256 | 7a217bd733a608b0b94057fc50852e35948784a325da5224c3886f076da67d46 |
| SHA512 | a4489006431896d6d427e1c15313ec39d3953b73a3698dd385c57e97fe789e9fc831e037f81be83739bbfd1c93b8ee4649c92c91721f268a224551c9a38ffc0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0e30d064b9d2e5e7b43e1ee5be3d155a |
| SHA1 | 7e90c35434b38f14c4560649b778825d66c089e0 |
| SHA256 | b1cf817a213be42502f5902878993dafa0767b55592d86ffe9d97515407920bf |
| SHA512 | 2fe1c61249bf9b91eb8d219df4964a38e31c87af649f74c909005f1079b806a6cfa27618948c915c7b87401906f65149455dcb0835233ab1bbb3507b1d8d6e2a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b084aa75b48c9751b06523f1a16bc702 |
| SHA1 | 0746d17a4d02b770614e9ddb8c645bcd6980466c |
| SHA256 | 9d9dd56f1bb925610166210882d74a13fcdbd921f6c9ddf22cf3556953f44506 |
| SHA512 | c2fec6e6a3befbf4df61031034afa0040644b3081a6700002aeadfb36c9ebf70df39893d42cfff3a2a78831fc90ca7a8f28b30a089e898b0f27de7ba1fd4c9d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da372b3636591f8fd56f19273dc97a93 |
| SHA1 | e107b2aa9d2795ba6a1458550b85af747d375c48 |
| SHA256 | 82712afe87a73d262755fe9102221a040320264e3fef6653da95268c27cfd180 |
| SHA512 | 1542a92c9c3d6b5f0678bd4be238c1637686732a31b13297a9b8e62dc3bedaa1209d5ad48b40f3c3994c4bc81ed0715e34154405201c78bf64dcfdd9b1e86470 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e0ddf1b7b715316259f8153741d3cab5 |
| SHA1 | 37b698e5cbb16f14bdda305fc8a2ee512ac1636b |
| SHA256 | b9f622a13de2666d1e5348f608fc0762506192665da6293cfbb1b9d2c118d88d |
| SHA512 | 9fbaba9462a03589ea9ce9a13ba51a6aa0cded9fdecbb11f54742958013c1d7b85034442d4d8cb89e9139a17f3d89118d45c729510f36211f434638fd433f9d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b83dcd46e96ec63c726222b1329ec010 |
| SHA1 | 4def288818b8f92a480fc9188508ad7f37e5d648 |
| SHA256 | cd645556d463409b0ae00e0951c3fd65cfb7d73d68f545dc67a1c34b923f50a2 |
| SHA512 | a37103e806da1704b792135cf10b18ff8bdcc59438400a59920c3952ff83c2e92761e912947ccd30cffd21c6d8601cf41a78e9269b8fb22f32bcfb42ec63ab35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fd58ec7ad33c7d72dd86dc3e6c15a2a1 |
| SHA1 | 040797dce73f3bbb94966656eb2eb421da92142e |
| SHA256 | a53bd39c93b818ff5dc1293d8e5b422575d58777169c73eb0e57396862f8db19 |
| SHA512 | 553dfdccb05ba126d061c6c7c50c6fbbdeee90b975694718a4beefab1585518f98948175de71bd7d5be4aadfc14b1ac01fcd90141fb80d82499daa4072ea3166 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f8a995ce101ea18eaa5c2a9686463db |
| SHA1 | 4618e9a4b4251e48375190a149b3ad00bbb173f5 |
| SHA256 | d1556a360b96fb67fa3e79cc4e183302e55b734e10f9e33b759010b02ad68b70 |
| SHA512 | 2ed8ae716d4fd904a5203fc55503c680f00abdc069eb31c339b9191c74a741653cacf70c0dc2fbc3b42702683611fbab3fefca52ecfdb42f77f3c9efaf9a7f9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | ddca41bec0f25bddfde656b4febd557a |
| SHA1 | 4240c4472d4a6d41341e7e4c1f5179e1fbb9cd53 |
| SHA256 | 3bc8c9d657c95e6f08ac3fac675f8c4442e1f44af235969ec651faace41827c2 |
| SHA512 | 565af66d0fb7c701e40b4538ddb3aa020bdeb0c0dc9f0857656082a212b59724c7ad15e9f122c8de387d549489bf97795855c09bb1deac8f9970ba6e1c014460 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4428de6486045af5eba4e78955540cdc |
| SHA1 | 79b9d50a0701c5e75c4364c26603477b46877b35 |
| SHA256 | a85e4781b1f417f8b35d4202b5e0289196d37b7755c803b8d797d2265805e5b0 |
| SHA512 | 2fdd65bbf697dbe7cac36d73d59eb346ae70c7b57070fbe3f9115ae0fda1a0eae9f0bafecec45b2e7708867f60d66ecd0d8b4750807474556e492d58a46dd03e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ba4f7.TMP
| MD5 | 2da2425137cb94e27433b8f311d84e64 |
| SHA1 | c75b9c287c2c72b833c4ed4fb811194230d68000 |
| SHA256 | 30f7c06ab4360aeec658d34bfaafb97cc844053a319ea52743b256d39e26f8ac |
| SHA512 | a03695fab50b261f0b224219e1f29af073d120a57bd240b3e1737f7aa6e20a402bb5fdc6326e54686ae5c54594dd04eb350cf0dd66203d08b6592e5a051fe214 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a180955cb0545e843925be9e2d0f1327 |
| SHA1 | 897d07c6fb9e7dd62170b36e6e129000801950b1 |
| SHA256 | 1f8c387541dd3ca5d7f5c03fa017d56a5bb75af3ae8b26e97a2038244dab4cd3 |
| SHA512 | 76773e3d3c4f0d29ad056160f71cd3888c31db0e4eba6798c95bcb216899c694b4ab58d3adbcbf9513410c0468f8be34cf4d245f0fcd7bd9da8cb4b0bf2c87de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c63a8535c9f7cc282739524d151a57e8 |
| SHA1 | ece081698f685738fa56f7166c578d9468b8b610 |
| SHA256 | c2a9f15183aee5c657f415182ad1646690df66a5553f1b4db5910988701f6ff5 |
| SHA512 | 46b328e5ae5cc64edddfe0d074cca09c7f68989a2783f7f7d9d8a8850f236ba9507036166a9161b3a4f2363f499051c2d10ea47b5ea6ef4c959a6d3d7c1658bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bc36c.TMP
| MD5 | 1a9035d7a98d679bda636a112986e0ff |
| SHA1 | 82011be26a62879dfb29d94b9679d8217097d2f5 |
| SHA256 | 92858c07ef9d400dc362d6ea4581efad541606064ee85c21c796399744e83f63 |
| SHA512 | 03195f8a0802d0342e19d7169d9a44c406feb35d8134c368a12512dbc34a8f8b0d35864c25250aad3be62638e26c7af5ed04cacbc7375fe3c4b0177f76ab723e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d2e267c3c39f39c1e71e22716865001e |
| SHA1 | 36daa13a558a49ab740bff33a92f41e1bff9053a |
| SHA256 | bdf996d36bed80c5d3c89c4b10219ae6e92e077fd508439f51a397dda97ef80d |
| SHA512 | 183bb10aea1c51f828999cdaddcf37e3624f803ec1f4e9905e1d7639521a1a73d87df75a7033f94dbf1edf3a758996af5ee7c2c3301d39a818a713e7f42722b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 27b30b9dbe88256bc3c86b15e583a150 |
| SHA1 | 96ed5978d7cc632ee848bfd648d69b1abd797303 |
| SHA256 | 51cbe2ec24c06202959827b0aeaed877d4b17fc687951441ea3b34c18ecfea55 |
| SHA512 | 260ed15a3c847967c6901f7657cd7ffddb6377620a5c15cf438c5d5cd138f0bb3363c760674c94bf8746df7e880c05aa916002affe740c035a6711732ba9d4ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\d916eb32-ca75-4836-bb25-67611e421a11\index-dir\the-real-index~RFe5c35ec.TMP
| MD5 | 77d32f3e3628dd29e5d3fc3cc6ba8af0 |
| SHA1 | 646888672921230d9464aecc19d89bf1943ee60c |
| SHA256 | f7c9bbaef3efd082a38f856cdf1e2794052a7be81b4918ec7c9a952f5d5600b7 |
| SHA512 | 9f589ebe72ac5c744269a0da1ce62e7dce887b7f53e4b104b9fb48ec27bf354e1f12729f855db8f2b5c9c0a619adaf828766582298e15c958d3667a4e5bca93f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\d916eb32-ca75-4836-bb25-67611e421a11\index-dir\the-real-index
| MD5 | 0af8417e3102a904b9cc8268ce817f8a |
| SHA1 | 317bb7331588dfba6f782966d365a566a10857c5 |
| SHA256 | 32430cbad5af3645943339108f89afb865d5b71c8148945be2d1a7ada9a403c5 |
| SHA512 | bfbbd787ad35763526f527f554eac38558940e628fa6f3dc799c15c6d64beba9e9914ca4226fe7f0a5b5696a49d210b091eceffde89f7b20c4a48accd1a2487a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\index.txt
| MD5 | 834bf39dce0703a04790aba152399b48 |
| SHA1 | e7853777dd1c0c5243edac3f254b91ea4af2d6b5 |
| SHA256 | 1bb3536da2dd139c4acc7c7ec2eeb518a37617e141e160acc890407df15a597c |
| SHA512 | 09a8ce30bbf9fd0565ed0f002d1144b14450a97d836ff29772f4f09a4303452bafdbb64ac8ac92595d11199890dc2a4c99585423f53aed07f7be04a64f770c16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b26f95b43a77218db5af1bf11117e785c25f382b\index.txt~RFe5c361b.TMP
| MD5 | d1f9a4a9a982f0e5069918386868bc96 |
| SHA1 | 74e98747ea7421702c3634f967605ec87ef35154 |
| SHA256 | 073cdca8a41eedbbc97ddda24f53f9bc9205b6a07909b3182f1fe57c0fdc431e |
| SHA512 | 708ef28bb952c0f1c3ebb39ed778d1c6242a7a0a7d78c7a568258b661de97ed0b959beb956bc35a35bbc60ad1d5203b96853581e91ce8fb68df298bea9bd9fc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f533c07086400ac133105b4f70b1e149 |
| SHA1 | ce8aa64fb4861d890dfae4a439535cf71461cef7 |
| SHA256 | 61dfcd66038e600b32b8aee0521ee974f3bcdcb9eaf279aeee55bae0f8292dfa |
| SHA512 | dcb3ff628cc596f628080d0ddeab4780ebe24d8d78331a4b5fbd7c6a3932f72f70689e94bf4a3f4eb42289621a74e89c7a65a0e8867db2999f92429f6dc17e84 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-18 12:22
Reported
2024-05-18 12:28
Platform
win11-20240426-en
Max time kernel
305s
Max time network
308s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133605085880517273" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{AEB85A43-CE3C-4AAE-859A-B4FC40C6D147} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcca42ab58,0x7ffcca42ab68,0x7ffcca42ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1704 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4168 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3184 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3952 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4720 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4924 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2416 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5116 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4916 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4688 --field-trial-handle=1808,i,10977235977964426974,1942367100732951059,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 172.67.132.243:443 | kimcartoon.li | tcp |
| US | 172.67.132.243:443 | kimcartoon.li | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.132.67.172.in-addr.arpa | udp |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 104.26.14.57:443 | cdn.adschill.com | tcp |
| US | 8.8.8.8:53 | admin.genieessp.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 172.67.74.36:443 | platform.bidgear.com | tcp |
| US | 15.197.165.128:443 | pubmatic.com | tcp |
| JP | 222.230.178.146:443 | admin.genieessp.com | tcp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| JP | 222.230.178.146:443 | admin.genieessp.com | tcp |
| US | 8.8.8.8:53 | 16.210.104.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 172.67.74.36:443 | imp9.bidgear.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 192.243.61.225:443 | fireworksane.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | tcp |
| DE | 148.251.233.147:443 | ad.a-ads.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 172.67.25.161:443 | cdn.pncloudfl.com | tcp |
| US | 8.8.8.8:53 | 147.233.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| DE | 78.46.32.91:443 | static.a-ads.com | tcp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 15.197.165.128:443 | pubmatic.com | tcp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 18.239.208.95:443 | ws.sharethis.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 18.239.208.95:443 | ws.sharethis.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 192.243.61.225:443 | fireworksane.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| IE | 3.248.168.123:443 | l.sharethis.com | tcp |
| NL | 23.109.170.71:443 | jaob.jybaekajjmkyy.top | tcp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 18.239.208.98:443 | count-server.sharethis.com | tcp |
| US | 172.67.25.161:443 | cdn.pncloudfl.com | udp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| GB | 216.58.212.202:443 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| DE | 136.243.55.84:443 | click.a-ads.com | tcp |
| DE | 136.243.55.84:443 | click.a-ads.com | tcp |
| US | 172.67.216.211:443 | www.catchcoin.com | tcp |
| US | 172.67.216.211:443 | www.catchcoin.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 18.239.208.15:443 | s.adroll.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| IE | 34.246.52.108:443 | d.adroll.com | tcp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| DE | 18.159.147.43:443 | relay.walletconnect.com | tcp |
| DE | 18.159.147.43:443 | relay.walletconnect.com | tcp |
| DE | 18.157.123.166:443 | verify.walletconnect.com | tcp |
| US | 104.18.37.8:443 | www.walletlink.org | tcp |
| US | 172.67.216.211:443 | www.catchcoin.com | udp |
| US | 104.18.26.46:443 | explorer-api.walletconnect.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
Files
\??\pipe\crashpad_1364_PKVDPQRBMTRVFKMP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bb1601d6e200c33aa3ebb176f99280cf |
| SHA1 | ce36a3b67b18f2991ba783bef9925042739ec4d4 |
| SHA256 | ec75d17143e5beb29a917be6c710aa4e427bd5b9a8228f87f1dc50c589d7f689 |
| SHA512 | 9e2e14df95b19030fbd44dadb7d071db537e6d9e2e06955a78f66a9f1a2e647c9ed8f568a7d48270ae475f54b489f7a91fd4928d31666fc50dded2bf16fd9ab2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3cc56edb7d2b6a08fec8396993c3d9eb |
| SHA1 | a6abfa0030ceb9cfc40227f77467d49b32171bf9 |
| SHA256 | 670eee5d5f6b1d0b7427a9e7ba02643fa354e58fc2c0f621f40e2dbf3ab97d65 |
| SHA512 | c43f19cd2d5d141e4835f3dcbcba2fb2b25bfcc8912c86132316ee7637a1996f04b6e7284d2ffe814e53f148367d727e82f82323e81dc543e82b3a99acc66c5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fa54e84ab779b5bbb0cb9a3626297e10 |
| SHA1 | d305f07769936d160dd29074e7558eb789d6aad0 |
| SHA256 | 11ae8c71740529a9ef8b32beb43376be478bab9e25b5f585a81e3bcdbacc6ef9 |
| SHA512 | c37c1ecb37d544c1c9d8b626ffc462b95512855215e0e4b39da594c553219ef41bdaeab9337d404cd39a0c569b568b02b6b89ea49f5691db2d76536cb4fff1e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fee7691e7a122715ac4f674a9a2b0736 |
| SHA1 | 2701fdd5c87fa07a05cc86a1e00c3a0298c420f2 |
| SHA256 | fb7cd59ee983cf73ab4536526930d6a32d7e276d4ef5873ea2dbb493542c4fc2 |
| SHA512 | 051d841365f81baca7d3d249dd97c27e5b5bf9362c213bbd346dbd7a266015ecfef4f623bfe3dae263c607b4d3d26778688fdb08ef330e55374ea2bf37146036 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d2aa2ed0061f4edfad189b20c873f5e9 |
| SHA1 | 8728844cf2ca14041cc808c03cd0f9e68e8a5fd2 |
| SHA256 | 56c574aacbd26e21bd0935bd6f91ee73ebf4f49dad449fe57c877067e42efda1 |
| SHA512 | cf9a409e4838b8fb3f8139093313c7703bd556f3928da354d55e1362185daaa8c427fcf4058c11837a056148538ac61152749407542b9958202888af7cb16f1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 362f623bed791e2fef567592aae15eba |
| SHA1 | 952100648f21f89f11d58a0695b3688800b1d94b |
| SHA256 | d4fa0cfc34552d2fcf12804d54c8925ff72547dbb5a6213d299fafa3b0cfdb2b |
| SHA512 | a3463513d5d99d1f11ed843ee752d44ff6bbbbe3b9ab98a7c585b83d91d8dca47a2e588f6e89120164964d44286b9127093a9cfdb90b2e8be2268051379ab7bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589296.TMP
| MD5 | bae4501b4e0f61b5dfd29651cc9f6540 |
| SHA1 | 1febbb99490d5b84515d3fe3a164373f8a249df8 |
| SHA256 | 27a2867de1d09d92f3d4166b05491f621454c4345303802b9f70a18509babc39 |
| SHA512 | f12bde7cf9f8fa487752191330d1d5fec335d79c788464fa6854149f315bede179668336a627677a8a4adc7d35acdc4446de61b8fae1cac754d142f77052a845 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b98cd2998fcc02303a7b3ecbf1d44520 |
| SHA1 | 40cc979341f30e29ee0232cd69f92282aa0f8346 |
| SHA256 | b960a9c04311beaea777bd3335ab75d923fa86157e94f7893d7f5db86ce14e72 |
| SHA512 | 236ebdeb75c49024ff258aa8d0f068599b87c00b561749dfc48a93da5ce588abcb88a7d738b5d075f61f99044ee358052e6cfeaef3528327efa3562c1ee88e93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a84f84b9744d6f6ca5d8fec07633fe7f |
| SHA1 | f5573a2344c6419812c6a579508f26a2ff6c9c4a |
| SHA256 | 0940426ba5062d1a091e0a5b32747da76ce741cbf29c8068589f6e2e1772efeb |
| SHA512 | 0d0a6e0f9f84b24e64a069838e567abf17c8fdda6ec22731a5d9679c9cce078973a8de38f79d748ac6a66344d9a0e234ccba45ccffa2cb9770be001aae81aa0d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | af2baa0299a559ca89ddbda6ccd4f52a |
| SHA1 | 20e80ac5dfeb6cf2bd2a4b863c2d28a0d4815e53 |
| SHA256 | 932179de2ced5e1ce7ac0c83c9d3ea4c26dbb3b2477bb1b812d26e3952300685 |
| SHA512 | 0ed308b9add2d63e6dfc3c68fb36ba8c09e7a56f043e4f3678c149e4d4c9ac273a0b89998d05a087629d06010d251cf161ca01f1a8f3fe51e84c444ee61b9dd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b6f48def1ad0dc727f479ce8ffec8a6b |
| SHA1 | 488a3d7c23f20d7c90d9cd3010d31836d67b4028 |
| SHA256 | 88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec |
| SHA512 | ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5adcf4.TMP
| MD5 | a2646bd7950cbc735644a2b83946feb2 |
| SHA1 | 30c24eb3031990104ebfcdf1fbe85edd2cbf8f64 |
| SHA256 | e2b7cb8d9e9a8149f502f277d0b6186358c981e9401c69570f2916827cded4f5 |
| SHA512 | 33505786874ce56716b339be9e8d2b82977030cf1bf100dea1bc3c4352a1f1d1b8851088c9e1c38d3f8181d1161bba5fb7e4275a691e09ee9e926cc9c56e67d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0a435138e7ac5b7aaf18aa76e510dcd1 |
| SHA1 | ee1acc891e4da2476efde78080583db204ac31c8 |
| SHA256 | 2ef0ce5bd479f964cac2951f209137dff65519b7ea7318a3a3ce1cb4a64f56a3 |
| SHA512 | 3aff220232b21eb479b17b447cda6cb88d12e067030dcd3ca0dc5ebc875f8c370a3f6d573c9a932f410c9b76917df0798fa1f0a34ed1a5d528a331294e5a04aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d2c7a1a363dff4a3b4cb8cff7b40bc83 |
| SHA1 | 692774d3f2a89bd30be9c7cbac2fb9b5ff4ed679 |
| SHA256 | 3c33ba0a7e529e9b24db53acde868bce2c6533f673f1aa654beef36966066ecf |
| SHA512 | 423d1f5f730e0454f1bf657aa7a1ec892b8e6d470a57692a5a4916787d1d4bcfba548d827abd0c4e94bbeb3b97091ee9e34ebeccbbf9402c96b3cda7ac7c6303 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e27553ffab31b33f191e0846bfd4148b |
| SHA1 | 989a8227573ce83d48febf4c772eaa54d24266bd |
| SHA256 | ae9e07e42ee76d8483ca08864d5e1da58530c9fc1077c7e7b1224c30aba55024 |
| SHA512 | 4f99f2c8ba8d9471c3e3615cce667027e06c5d60c62fba7be9c8cf463fda3e3411e50ec7e34a35a7229f36b4e9c27912a3343863f6e96ab4f339ef6412440274 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 948220421ce9af2a7cb7295cb14c83a7 |
| SHA1 | 03584c41f73ba9edbcbba179fbcdf3a3c104500e |
| SHA256 | 9e9483b5662f2fdd75f53d3470176376ec3aeb56fd90a0baabd37472f1656e9f |
| SHA512 | 2d0a8da58b2725d6bae735d2fe277161b189e434c2243897d1d5ae7dca8305264dfb530fd2d03d030bf739dc120fff4b2b0a23d2d6c909e89deaf84853352474 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6ecb105fa7447f3106c789f410cc7db7 |
| SHA1 | a0149da2fbbd5f6df07105b9d0b44d31c5535c1f |
| SHA256 | 66c9fc09656a49f090b92826fb7170a5fc0092d1db6bd38c461681163171bb97 |
| SHA512 | 9bfa3460a4feb645b44d94b5f081dcefd198623a9cb240cf814b3255c4220871c000bdaa2b512117b7ba33a357b55c652bb0914461c666d07cbd55815d3c61aa |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-18 12:22
Reported
2024-05-18 12:28
Platform
android-33-x64-arm64-20240514-en
Max time kernel
286s
Max time network
311s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| US | 104.21.5.43:443 | kimcartoon.li | tcp |
| US | 104.21.5.43:443 | tcp | |
| US | 104.21.5.43:443 | udp | |
| US | 104.26.14.57:443 | cdn.adschill.com | tcp |
| US | 104.26.3.107:443 | platform.bidgear.com | tcp |
| NL | 23.109.170.189:443 | hl.queresspurdie.com | tcp |
| GB | 216.58.204.74:443 | gmscompliance-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 172.240.108.76:443 | fireworksane.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.26.3.107:443 | platform.bidgear.com | tcp |
| DE | 136.243.11.250:443 | ad.a-ads.com | tcp |
| DE | 144.76.28.254:443 | static.a-ads.com | tcp |
| GB | 142.250.180.10:443 | gmscompliance-pa.googleapis.com | tcp |
| GB | 142.250.180.10:443 | gmscompliance-pa.googleapis.com | udp |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 172.217.169.68:443 | udp | |
| US | 104.21.5.43:443 | udp | |
| US | 216.239.32.36:443 | udp | |
| US | 172.240.108.76:443 | fireworksane.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| NL | 23.109.170.59:443 | jaob.jybaekajjmkyy.top | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 172.217.16.227:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 104.21.5.43:443 | udp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.169.68:443 | udp | |
| US | 104.21.5.43:443 | udp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| DE | 213.239.209.209:443 | click.a-ads.com | tcp |
| DE | 213.239.209.209:443 | tcp | |
| US | 104.21.24.47:443 | www.catchcoin.com | tcp |
| US | 104.21.24.47:443 | udp | |
| US | 104.17.24.14:443 | tcp | |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 172.67.139.119:443 | tcp | |
| US | 172.67.139.119:443 | tcp | |
| US | 172.67.139.119:443 | ka-f.fontawesome.com | tcp |
| US | 172.67.139.119:443 | tcp | |
| DE | 18.245.86.120:443 | s.adroll.com | tcp |
| US | 216.239.32.36:443 | udp | |
| IE | 3.248.2.68:443 | d.adroll.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| US | 104.17.24.14:443 | udp | |
| GB | 216.58.212.206:443 | udp | |
| US | 172.67.71.159:443 | api.iconify.design | tcp |
| US | 172.67.71.159:443 | tcp | |
| US | 172.67.71.159:443 | tcp | |
| US | 172.67.71.159:443 | tcp | |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.230:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.16.226:443 | udp | |
| GB | 142.250.187.225:443 | yt3.ggpht.com | tcp |
| DE | 3.73.141.134:443 | relay.walletconnect.com | tcp |
| DE | 52.57.114.123:443 | verify.walletconnect.com | tcp |
| US | 104.18.37.8:443 | www.walletlink.org | tcp |
| US | 104.21.24.47:443 | udp | |
| US | 104.17.24.14:443 | udp | |
| US | 172.64.147.188:443 | tcp | |
| US | 172.67.139.119:443 | udp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | udp | |
| GB | 172.217.169.40:443 | tcp | |
| GB | 142.250.200.38:80 | tcp | |
| GB | 172.217.169.2:443 | tcp | |
| GB | 172.217.169.2:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| US | 216.239.34.36:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.187.228:443 | udp | |
| US | 104.21.24.47:443 | udp | |
| US | 104.17.24.14:443 | udp | |
| US | 104.21.26.223:443 | udp |
Files
files/dom-0.html
| MD5 | 465ff252d99aaf997cd9f15c244bebf0 |
| SHA1 | 1e762437ddef71d02bb440857dbe0df3806c917c |
| SHA256 | 419df88347949140827026ef04f165f7c112113464c761923ca1886835b42de0 |
| SHA512 | bcadf8cc1e9ae4b0e11784fa3cebdb9d14bbf3009c161c834e02051be414fccb5cb71f570eef6a8d75c567fa8f0a363c079d70d18f8bbe1fa82c4be358fd56fd |
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-18 12:22
Reported
2024-05-18 12:27
Platform
macos-20240410-en
Max time kernel
241s
Max time network
235s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2 | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid CD24617D-62D4-4AA0-B323-0CF26FCAE950 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2 | N/A | N/A |
| N/A | /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded | N/A | N/A |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid CD24617D-62D4-4AA0-B323-0CF26FCAE950 -post-exec 4 | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 19038678-2DDD-4EAA-B6F9-179CFCA694E6 | N/A | N/A |
| N/A | /System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 19038678-2DDD-4EAA-B6F9-179CFCA694E6 -post-exec 4 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2 | N/A | N/A |
| N/A | /System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly | N/A | N/A |
Launchctl
| Description | Indicator | Process | Target |
| N/A | /bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist | N/A | N/A |
| N/A | /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist | N/A | N/A |
| N/A | /bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.xpcservice | N/A | N/A |
| N/A | /bin/launchctl stop com.google.keystone.user.xpcservice | N/A | N/A |
| N/A | /bin/launchctl unload /Library/LaunchDaemons/com.google.keystone.daemon.plist | N/A | N/A |
| N/A | /bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist | N/A | N/A |
| N/A | /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist | N/A | N/A |
| N/A | /bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.agent | N/A | N/A |
| N/A | /bin/launchctl stop com.google.keystone.user.agent | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater0BF23177/OneDrive.app]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.google.Chrome.3056]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/Users/run/Library/Application Support/Google/Chrome/Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=19]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=19]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=26]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072]
/usr/libexec/xpcproxy
[xpcproxy com.google.keystone.system.xpcservice]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=499218927 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=58]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=499261479 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=58]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/GoogleSoftwareUpdateAgent.app/../../MacOS/crashpad_handler --database=/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes --url=https://clients2.google.com/cr/report --annotation=plat=OS X --annotation=prod=Keystone --annotation=ver=1.3.17.192 --handshake-fd=4]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=501638717 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=72]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=501782374 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=73]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=501810979 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=73]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=501816628 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=73]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --store /Users/run/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=93]
/usr/libexec/xpcproxy
[xpcproxy com.google.keystone.daemon]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdateDaemon]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=14 --launch-time-ticks=506100510 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=94]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=108]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=107]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=107]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=107]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=512362282 --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=118]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/MacOS/ksfetch]
/usr/bin/hdiutil
[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.xT09C4bqbz/com.google.Keystone.dmg -plist]
/usr/bin/hdiutil
[/usr/bin/hdiutil isencrypted /tmp/KSDownloadAction.xT09C4bqbz/com.google.Keystone.dmg -plist]
/usr/bin/hdiutil
[/usr/bin/hdiutil imageinfo /tmp/KSDownloadAction.xT09C4bqbz/com.google.Keystone.dmg -plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.hdiejectd]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/hdiejectd]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid CD24617D-62D4-4AA0-B323-0CF26FCAE950]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid CD24617D-62D4-4AA0-B323-0CF26FCAE950 -post-exec 4]
/usr/bin/hdiutil
[/usr/bin/hdiutil attach /tmp/KSDownloadAction.xT09C4bqbz/com.google.Keystone.dmg -plist -readonly -noverify -nobrowse -mountpoint /tmp/KSInstallAction.PXrlxJyHBI/m]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 19038678-2DDD-4EAA-B6F9-179CFCA694E6]
/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper
[/System/Library/PrivateFrameworks/DiskImages.framework/Resources/diskimages-helper -uuid 19038678-2DDD-4EAA-B6F9-179CFCA694E6 -post-exec 4]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -p disk3s2 removable readonly]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./hfs.util -k disk3s2]
/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs
[/System/Library/Filesystems/hfs.fs/Contents/Resources/./fsck_hfs -q /dev/rdisk3s2]
/sbin/mount
[/sbin/mount -t hfs -o -u=99,-g=99,-m=755,nodev,noowners,nosuid,rdonly,nobrowse /dev/disk3s2 /private/tmp/KSInstallAction.PXrlxJyHBI/m]
/sbin/mount_hfs
[/sbin/mount_hfs -u 99 -g 99 -m 755 -o nodev -o noowners -o nosuid -o rdonly -o nobrowse /dev/disk3s2 /private/tmp/KSInstallAction.PXrlxJyHBI/m]
/tmp/KSInstallAction.PXrlxJyHBI/m/.keystone_install
[/tmp/KSInstallAction.PXrlxJyHBI/m/.keystone_install /tmp/KSInstallAction.PXrlxJyHBI/m]
/usr/bin/env
[env]
/tmp/KSInstallAction.PXrlxJyHBI/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/tmp/KSInstallAction.PXrlxJyHBI/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --install --system --enable-logging --vmodule=*/chrome/updater/*=2]
/private/tmp/KSInstallAction.PXrlxJyHBI/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/private/tmp/KSInstallAction.PXrlxJyHBI/m/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=126.0.6462.0 --handshake-fd=5]
/bin/launchctl
[/bin/launchctl bootout system /Library/LaunchDaemons/com.google.GoogleUpdater.wake.system.plist]
/bin/launchctl
[/bin/launchctl bootstrap system /Library/LaunchDaemons/com.google.GoogleUpdater.wake.system.plist]
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/launcher --internal]
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update-internal --system]
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=126.0.6462.0 --handshake-fd=5]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall --uninstall]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist]
/bin/launchctl
[/bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.agent.plist]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist]
/bin/launchctl
[/bin/launchctl unload -S Aqua /Library/LaunchAgents/com.google.keystone.xpcservice.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=78]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=78]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --shared-files --field-trial-handle=1718379636,r,11342870735610431216,18098409320870796266,131072 --seatbelt-client=78]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.agent]
/bin/launchctl
[/bin/launchctl stop com.google.keystone.user.agent]
/bin/launchctl
[/bin/launchctl error 3]
/bin/launchctl
[/bin/launchctl asuser 502 /bin/launchctl stop com.google.keystone.user.xpcservice]
/bin/launchctl
[/bin/launchctl stop com.google.keystone.user.xpcservice]
/bin/launchctl
[/bin/launchctl error 3]
/bin/launchctl
[/bin/launchctl unload /Library/LaunchDaemons/com.google.keystone.daemon.plist]
/usr/sbin/pkgutil
[/usr/sbin/pkgutil --forget com.google.pkg.Keystone]
/usr/sbin/pkgutil
[/usr/sbin/pkgutil --forget com.google.pkg.UninstallKeystone]
/usr/sbin/pkgutil
[/usr/sbin/pkgutil --forget com.google.pkg.NukeKeystone]
/usr/bin/sudo
[/usr/bin/sudo -n -u #502 -- /usr/bin/defaults delete com.google.Keystone.Agent]
/usr/bin/defaults
[/usr/bin/defaults delete com.google.Keystone.Agent]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.67.6:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.73.27:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| SE | 23.34.233.79:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 172.217.169.74:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | tools.google.com | udp |
| GB | 172.217.169.46:443 | tools.google.com | tcp |
| GB | 172.217.169.74:443 | optimizationguide-pa.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
Files
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | fcb4024c6dc53a5b72c492fd960762d7 |
| SHA1 | 82c43024d9e274bf2b8a5d1e505d65cf3873fb92 |
| SHA256 | 5cca682cfa80faa97838327d83ef5a2cc39e21b0cf16639aa7c4f095bf1be4e6 |
| SHA512 | 5373007f40ec378d18770218163ffc2870036bf8c0af1128194a60c6ed6d944f2e3833bf151fb5bf4aee9325c1fbab56bacf3f6437daaa59efb0afdc5c5eed8b |
/Users/run/Library/Google/GoogleSoftwareUpdate/Crashes/settings.dat
| MD5 | a30a3013aaafaa0d534dd31655d3c741 |
| SHA1 | 5afd87ea28558f6970f1c17d5305f640ec649b06 |
| SHA256 | 3c3b1523ecf2d67b99ab0d14ab60ff783c4a5fafa5cd8b9facba8ad7356a4a21 |
| SHA512 | 412b333c4a24672dd6592e3d6005cf522ca256e6406daca8e87c56b9e000c393ba5b022354dc78c1230fff9238f4a6b13a678b94d143bd75724ffc346df0dd62 |
/Users/run/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 6487e04972ecffd0aabf7b61bdda8119 |
| SHA1 | 26f0b11a2529a35f6970a914deadfcf2e2d23286 |
| SHA256 | 241a349a63252a8026016a5ef0d713fc18f76735dd0c10963f9a693bfdb9b172 |
| SHA512 | 44db500fa4549808a5ed1db5516fe4d412cc4e3898d102399fa6f467a2ed3fa79f133a0afcc5e1ab91f480267027ea11e48e37247d24513542286310ab2d47ae |
/Users/run/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/Users/run/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/Users/run/Library/Application Support/Google/Chrome/Default/Local Storage/leveldb/000003.ldb
| MD5 | 61a867b6e4a24cfcfd32ddef25ac3229 |
| SHA1 | 87cc4516fbce1700174d8ea27c9d2cb70a60a1fd |
| SHA256 | 9cc80c0d1dfe7205c6530402c3240171966e72b6df8ef0e8571660fb18652cd5 |
| SHA512 | 3678cc5f913c7f6c179be8d8483240a1c9aabbe5b295d6aa2b8037c60a8f2aa473f1fb56a7ee7093aaa8c24b968d32fed99972f6f837868f86b53b45de13f4dc |
/Users/run/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | b5db1f091948de93d7fc96e14aef6da3 |
| SHA1 | 74745f991e3dfe45037366e55c2e6df47d8e6593 |
| SHA256 | b7600cfe0aa091e9ab8540869b7ea120a62b36240acc0370c3fd62655b58bf4e |
| SHA512 | d116ffaa01fa29545758fbe273c10d57879a91983d6b5a86ed410a0ac79cc8370fd2552284afa56f363a75ba6a89cc5c9a33f99071012dba2f2f8298ad0cac34 |
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | b47a44bdd1b765b6af56b347447fd1b7 |
| SHA1 | 8599a1870656af91e432bb35e3497863e34ddfbb |
| SHA256 | 79b1150f1008ed3fbde59417e9727bce33a34ee2ac5b407eec1a82beabdd2c06 |
| SHA512 | bfa1d967125878a40068e4d5ec4a4bed4f211373ef2ca839a51cb9a29d2da5afcc65755134af2ae732dc03391a636fbb222b4ae481315e4213ceb8d74797c9f0 |
/Users/run/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | e0f65ad85a40a32fa91e551005e193ce |
| SHA1 | a145766d5df23ae5fcd23dbb6937606f280f3502 |
| SHA256 | 18b5270537241fdd8a8de2f4435bb9a19acc82d565bf629678c07360e0fa89d8 |
| SHA512 | bfcf2075ba3d99c6bf4840d6c7754668ac65e7b88aced5c727f99de68940783424b6e9755b4d90c28f489f87d88eda0f2b5194c292c7bcd0cebcb6a66adb2425 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/.com.google.Chrome.3dm2tA
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/Users/run/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.32.0/Ruleset Data
| MD5 | 132df2b999906be7b21cc21bc247b068 |
| SHA1 | 0665be201a96e717410a4e61a263bb879b3f08d4 |
| SHA256 | fed1557c8b4e40813114db3b546c043105892dd0895c4d7c02d45a8be351173a |
| SHA512 | 6764c8a425cd010a67a4636f812d43e63bb0815943e9839cf9fa35f3e5f9ba52309ed842306dcffe32a72e7019cb0c28e1d402dfc22dca0603a0cd48d6a26451 |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dirEH5Z7C/CRX_INSTALL/manifest.json
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dirEH5Z7C/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/scoped_dirEH5Z7C/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/Users/run/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/tmp/KSOutOfProcessFetcher.iL4TutFmoX/download
| MD5 | 45584d2a12f55d26a7cc52c950e5977f |
| SHA1 | 10d896511ec3dd9d818caf2f08365a1bc4b3e1c1 |
| SHA256 | ca03a89c7cb3100cc1bb348bfd9ef0445dcef1449b88aad6001d7fb36ff4e28b |
| SHA512 | 37e138324a6055f181466c15be9e3b0ef7d548c3d65039b0b44c15ed485784af712fc371d31fe4d8297d3b4dd2b4cb809b0b5e5843d217f0b6f54a6356d357a5 |
/var/log/fsck_hfs.log
| MD5 | 84b60f1164d09829c273d6bde9386f1c |
| SHA1 | 0131749d8f6d5cefbdb617f7aced3039b9ac8eb7 |
| SHA256 | cf57ea032a84d6fc029ad189b4493f4310692d88b72fa34488a9e9f14de44773 |
| SHA512 | 3ad1e54d9f976d76e2cbeb89eb2521c40f36a51de8cbf7c33f15dfefdc69f6ee650fd43ce7b9fb5e605f7034e2c62709acd997faa9fc53390ad584f600f9fd51 |
/Users/run/Library/Application Support/Google/Chrome/Default/Storage/ext/gfdkimpbcpahaombhbimeihdjnejgicl/def/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Info.plist
| MD5 | 43e69a8b060835d15c76beb272fd4980 |
| SHA1 | ded3c79bc32c01040153201460faab5aacf284f1 |
| SHA256 | bd5b958dac0a276361c48ff6b889829f8a205f23eab0a3daa852b123db0e3748 |
| SHA512 | e831c3b69ada4405bbab5a5551af529dc341fb2bf351abe2b264e4ce94b9044c6d233ef30e5a69267b5140442e8111ce77aba20f7f6a2accda270a6d025e58b3 |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
| MD5 | 545773fecc670ef3a774ca48c0f3253c |
| SHA1 | c9db44c107c88008b0b5c9445b7b6289f4f487c0 |
| SHA256 | e50e41ab6f68109077073dfa7cdeccc4f81ac8935e78654530c83905f2baaade |
| SHA512 | b3f7e639273c11322af9d33d295cf190624a0f8bdc54d64df95cb43d0a20eae88a6ef55ad67f340e96e333fbd803d0cebdc64c0a2bdb859c871c2ff37682bc4b |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/launcher
| MD5 | 29d28e512a164a2bdeb28ef48b2210fd |
| SHA1 | 2350622d2a83737856a752e6dff0c81ef29bc384 |
| SHA256 | f746e940ca1d6578ebb8a3d838b6de05b5693b3bb13c87bdeab809d660b8a1c3 |
| SHA512 | d059d4b19b3a5b508e8d7d44622c0ada73b69b423603c6d38978dfb2cab33a25b1ccabb990fb2ef059acba8f101cbabcebbedc15ff94af3dc7355acf2a3204ed |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/CodeResources
| MD5 | 2918e164033d0771fc8f5994396bacd8 |
| SHA1 | 4ec2ba0270bf788b5dfa187dc253918660888246 |
| SHA256 | a8bacb1b46cc85f1469c69cf6627c401b63c515c350ebd79cdda6865727533ae |
| SHA512 | b8916e0165410315b7d305537cc12753370105aec843c0068c6b65ee937e2b345ffad0f1f01c6fe0d3bcadd037965b007e8b08d1fc44411fe956864d0e9cdac8 |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/_CodeSignature/CodeResources
| MD5 | 842da6bdf4032ddb3d3a031dfd8531a0 |
| SHA1 | 8a5c8bc15c157c36b7e619068fbd7679665d6fc9 |
| SHA256 | bf1ed21e4b827b35fbfd06a27f9b3a4d959969f74081d02111d6de97ace35616 |
| SHA512 | 04e77579c92dedfaaa2777b087e909c1e3f0590ac6df3825292fc1c4e6193b144b762c78936de205b20db9a255102b14bee0e741db1724297d4fcee42b49f25c |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Info.plist
| MD5 | e46f9a1729b25b6eb0307ea2ad11624e |
| SHA1 | c65491186ff8f472207025ef15b9aea5962c76a4 |
| SHA256 | d649de3e7adc7c26c2144a109c5fff1a055f3063faaebb75ac9bb05a1ec81616 |
| SHA512 | 97bfc0ecca8381aa3a604774f7965dc5f6e208ab0fecc63399f2d8ba895e03f1ac88a16a269262f959e75c1538a50f5abf3dea060756e0344143935b087093c6 |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/MacOS/GoogleSoftwareUpdate
| MD5 | 2b8398dba56f234af4c4228835bbe86f |
| SHA1 | c873ea26afe669cd0d109a64c148c858eb18c713 |
| SHA256 | 9ece515e7727cfae3e51449c9454292567e7b9bb32d62e407f4e8e8fec7629d1 |
| SHA512 | 62acf5d6dd9d5eb6e5be6dbba6411d9a2659ec99118db58a88a07af53747cc230027fdb608857fbe232343ef346558dd140e92f8f70da69e239eb1fbedc99791 |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/_CodeSignature/CodeResources
| MD5 | 565e66825071ce6fd4c72b7a89f9d2ad |
| SHA1 | f62d5297bd127625fa1f95006ca8b700d26b6b93 |
| SHA256 | e72cd8420385750b55daea0756e2cdb6ce6e968af856c905d4e1aa1ebae50b26 |
| SHA512 | 3fe611c6210dbe7f3e59b72f21b6bc4e42164cb9b91a6036ede2c060d7f1c61aae249248a2ef22df8f55ddfbf06c8f64cf08aa5af855418e91768dd57d22e74a |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/_CodeSignature/CodeResources
| MD5 | c48c1d9c6cf982c32580a9c58b0cce51 |
| SHA1 | 630a08873072069616cdcc31f55e6d7423086d78 |
| SHA256 | 6686de10a28a2fe11b36cbb86dcbacc827cfc4ea116b4dabf1845e5aee629e9b |
| SHA512 | 27f6256579e03e319af66d7fa316935b4e2d5c126429a8b961424a466cab907ceab5d068fb87d763bc3d819a791492c17ab1d1b54f5530cb34224b582d00c013 |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent
| MD5 | 2ce77dd0b52220472c02afaceea66fbc |
| SHA1 | 924dcb8fb160c292b5b502424f8a2fed505271e5 |
| SHA256 | 9bbc6132ba07dccb0e0565ed6ca7dea8f41aae8ce63399cf86f700dc0049bb5b |
| SHA512 | 4d2dcd106f677b2266e2ca664932ea0eb0694bfc97479aecf2b3e64d483d9c1bd494566edb355b770ec466bbb70264d6ed8ecc003729349342bcb4da614a6073 |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Info.plist
| MD5 | 44802a32230ecffbc1dfcffe92d25eba |
| SHA1 | cdd290e6b31adaf0e027d64ff9bb4ca33fe96d9b |
| SHA256 | 7bb7472bd36148b228b390eeadc169cfef9263875e7c2d14f716be913cd22909 |
| SHA512 | 8ec32d77030b645eecf8c80c79298ff36afc3bc9d326b639e7a1175a2ff67937826070393f2c92efc9688a0dcd1ef10e3603dfe725f6c070f55d083aae4f52db |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksinstall
| MD5 | 51587d46ed18f820e5a925df969d8273 |
| SHA1 | 1a5928268a3328642230d07563d5268b8db6fd96 |
| SHA256 | 03d0ca0a48dd0e3e36285c0f7d1ce5bc1af8d859527a3ca1c854ef13b462a64c |
| SHA512 | d54b5fdc5a8c437b9f362a181ec5c85e361686c14d87e3b4407bcc454dbdd980e6bee969b1aae3a89606f09cf10816916a5cea05ef618d66b94fb25b673ebc3a |
/Library/Application Support/Google/GoogleUpdater/126.0.6462.0/GoogleUpdater.app/Contents/Helpers/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
| MD5 | 66d78c6a3e0b37b2c116b1a6a4ae697c |
| SHA1 | dfb1d24ab16accdd0a1300a399f176d36d54b38e |
| SHA256 | 75a83607876198a4dc5fde7f13803e028b386c2efda5ff15bf209ff95e152ce3 |
| SHA512 | 78d51c475e52ef6ee3e07240ba694c51f899c3704c4265a3fd6ae24206218c83190ce4993472d34a234e53187f8e6c7304869914629dc2a9ba39c371b4797416 |
/Users/run/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/3cbd21be-7343-4197-83a6-e404ccfbc401/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
| MD5 | 0971e4051a0fc3d3ed9ff1e51408c5af |
| SHA1 | 03e56c7ccab1cb79628b3fae501a3d1e27dd28db |
| SHA256 | fc5e74285d9060afa97575b73336bbf7a7588ced2a85bb38a0b0a991612c23d0 |
| SHA512 | 37dacef53621a75505ecab05de2ec2af94cbbc353e41ffb5356fbdb198250ec9373826d8d3e2b537320cab4d6643211f928d83822528066879b1e2447c54098c |
/Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore
| MD5 | 6c34ecb18647fe621caabc7e3aa34464 |
| SHA1 | ba70a5c003ec4b373b506024ac9d2a4c732e8eb2 |
| SHA256 | 8abe775fc3426b2326bd53115ca423451c256ffeeca995c761d41ef11e2e3e55 |
| SHA512 | a65180911209def55525401bcb71e8c2314b2acdab72b761e9c38cbbe67a61434457cce45303ce87bb03fd92e57276d4f07d90d1c28bd3c9a37e9e6cc5bfaf05 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-18 12:22
Reported
2024-05-18 12:28
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
310s
Max time network
315s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1689/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-identity-service | N/A |
| File opened for reading | /proc/self/task/1527/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1590/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1575/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/fd/152 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/1896/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/fd/32 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1872/status | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/self/task/2047/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/2120/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /proc/1580/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/61 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1879/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/fd | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/158 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1885/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1891/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1839/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1525/root | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/1879/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/148 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/153 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/1615/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1783/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/86 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/1599/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/162 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://kimcartoon.li/&ved=2ahUKEwiZxNKemJeGAxWgg_0HHbkCA2gQFnoECAcQAQ&usg=AOvVaw3SkHgAjB3ylGggNrL4lMUM]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20982 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {b1c1532b-ffa1-46e2-b04f-a75daaf8d1fc} 1525 true socket]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20185 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {a6e41e54-2dbd-4e18-b907-306afc33ecd9} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28832 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {c514ffcc-b68f-49db-8905-97774025367d} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25371 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {d5e406b3-93c9-455a-a7e8-5407cc0d0f41} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29430 -prefMapSize 234904 -appDir /usr/lib/firefox/browser {3cde1a97-ae51-4650-87a5-22352162e498} 1525 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {069be474-9ba8-4017-acc0-ed9aac04e31f} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {01ac37a4-c01e-4e89-938a-17faf204d8c3} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {852e26fb-d15f-4ba3-b633-8f426c67a841} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f0c1df93-3d6c-4b83-acbf-a2c6ee50c6bd} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 25649 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {8cba29ee-aeb3-440f-8939-0a3d87ef4d4f} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 25792 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {76a700f9-08ef-42cc-8c5b-d81fcc61245b} 1525 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 28917 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {c058eb3c-e89e-4b84-8372-eb6d7e43427d} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 11 -isForBrowser -prefsLen 28955 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {39bcb8dd-a7d9-4962-aa2a-f058fced7303} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 12 -isForBrowser -prefsLen 28955 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {88a75558-c061-4e23-80df-4467a2cf3e50} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 13 -isForBrowser -prefsLen 28955 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {1096120c-21de-4a4d-9b7f-ad0b0893aeef} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 14 -isForBrowser -prefsLen 28955 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {28a98564-9762-4e03-a54d-071d12ccad98} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 15 -isForBrowser -prefsLen 28955 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {0137b331-6bae-4f21-a2b2-46634ba693fe} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 16 -isForBrowser -prefsLen 28955 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {8f25c49b-9b33-4336-8e65-70c7ecf968d9} 1525 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 17 -isForBrowser -prefsLen 28955 -prefMapSize 234904 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {1d83afae-30ba-4ec4-b6e3-d2c730714c84} 1525 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.241.205.248:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| GB | 172.217.169.68:443 | www.google.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | kimcartoon.li | udp |
| US | 1.1.1.1:53 | kimcartoon.li | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 172.67.132.243:443 | kimcartoon.li | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdn.adschill.com | udp |
| US | 1.1.1.1:53 | cdn.adschill.com | udp |
| US | 1.1.1.1:53 | platform.bidgear.com | udp |
| US | 1.1.1.1:53 | platform.bidgear.com | udp |
| US | 1.1.1.1:53 | pk910324e.com | udp |
| US | 1.1.1.1:53 | pk910324e.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.26.15.57:443 | cdn.adschill.com | tcp |
| US | 104.26.3.107:443 | platform.bidgear.com | tcp |
| NL | 212.117.190.201:443 | pk910324e.com | tcp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 44.230.111.112:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | pubmatic.com | udp |
| US | 1.1.1.1:53 | pubmatic.com | udp |
| US | 1.1.1.1:53 | propellerads.com | udp |
| US | 1.1.1.1:53 | propellerads.com | udp |
| US | 1.1.1.1:53 | admin.genieessp.com | udp |
| US | 1.1.1.1:53 | admin.genieessp.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 15.197.165.128:443 | pubmatic.com | tcp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | fireworksane.com | udp |
| US | 1.1.1.1:53 | fireworksane.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| US | 1.1.1.1:53 | console.genieesspv.jp | udp |
| JP | 222.230.178.143:443 | admin.genieessp.com | tcp |
| US | 172.240.108.84:443 | fireworksane.com | tcp |
| JP | 222.230.178.143:443 | admin.genieessp.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | scontent.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | ad.a-ads.com | udp |
| US | 1.1.1.1:53 | ad.a-ads.com | udp |
| US | 1.1.1.1:53 | imp9.bidgear.com | udp |
| US | 1.1.1.1:53 | imp9.bidgear.com | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| DE | 213.239.209.209:443 | ad.a-ads.com | tcp |
| US | 104.26.3.107:443 | imp9.bidgear.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | s.click.aliexpress.com | udp |
| US | 1.1.1.1:53 | s.click.aliexpress.com | udp |
| US | 1.1.1.1:53 | e11956.x.akamaiedge.net | udp |
| GB | 104.82.235.52:443 | s.click.aliexpress.com | tcp |
| US | 1.1.1.1:53 | static.a-ads.com | udp |
| US | 1.1.1.1:53 | static.a-ads.com | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | 3pkf5m0gd.com | udp |
| US | 1.1.1.1:53 | 3pkf5m0gd.com | udp |
| US | 1.1.1.1:53 | ad.a-ads.com | udp |
| US | 1.1.1.1:53 | cdn.bncloudfl.com | udp |
| US | 1.1.1.1:53 | cdn.bncloudfl.com | udp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| DE | 144.76.38.164:443 | static.a-ads.com | tcp |
| US | 104.21.35.62:443 | cdn.bncloudfl.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 104.21.35.62:443 | cdn.bncloudfl.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | pk910324e.com | udp |
| US | 1.1.1.1:53 | 3pkf5m0gd.com | udp |
| US | 172.67.132.243:443 | kimcartoon.li | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | ws.sharethis.com | udp |
| US | 1.1.1.1:53 | ws.sharethis.com | udp |
| GB | 99.86.114.44:443 | ws.sharethis.com | tcp |
| US | 1.1.1.1:53 | scontent.xx.fbcdn.net | udp |
| US | 1.1.1.1:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.147.23:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | udp |
| CZ | 185.104.210.16:443 | propellerads.com | tcp |
| US | 1.1.1.1:53 | connect.facebook.net | udp |
| US | 1.1.1.1:53 | connect.facebook.net | udp |
| US | 1.1.1.1:53 | l.sharethis.com | udp |
| US | 1.1.1.1:53 | l.sharethis.com | udp |
| US | 172.240.108.84:443 | fireworksane.com | tcp |
| US | 1.1.1.1:53 | wzww.wylmzwkywjvaj.top | udp |
| US | 1.1.1.1:53 | wzww.wylmzwkywjvaj.top | udp |
| US | 1.1.1.1:53 | httplogserver-lb.global.unified-prod.sharethis.net | udp |
| DE | 3.124.61.113:443 | l.sharethis.com | tcp |
| US | 1.1.1.1:53 | feuageepitoke.com | udp |
| NL | 23.109.170.255:443 | wzww.wylmzwkywjvaj.top | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 1.1.1.1:53 | count-server.sharethis.com | udp |
| US | 1.1.1.1:53 | count-server.sharethis.com | udp |
| US | 3.162.140.46:443 | count-server.sharethis.com | tcp |
| GB | 157.240.221.16:443 | connect.facebook.net | tcp |
| GB | 104.82.235.52:443 | s.click.aliexpress.com | tcp |
| NL | 212.117.190.201:443 | 3pkf5m0gd.com | tcp |
| US | 104.21.35.62:443 | cdn.bncloudfl.com | udp |
| GB | 157.240.221.16:443 | connect.facebook.net | udp |
| GB | 157.240.221.16:443 | connect.facebook.net | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.48:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | click.a-ads.com | udp |
| US | 1.1.1.1:53 | click.a-ads.com | udp |
| US | 1.1.1.1:53 | ad.a-ads.com | udp |
| DE | 213.239.209.209:443 | click.a-ads.com | tcp |
| US | 1.1.1.1:53 | www.recaptcha.net | udp |
| US | 1.1.1.1:53 | www.recaptcha.net | udp |
| GB | 142.250.179.227:443 | www.recaptcha.net | tcp |
| GB | 142.250.179.227:443 | www.recaptcha.net | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| GB | 172.217.169.68:443 | www.google.com | udp |
| US | 1.1.1.1:53 | www.catchcoin.com | udp |
| US | 1.1.1.1:53 | www.catchcoin.com | udp |
| US | 172.67.216.211:443 | www.catchcoin.com | tcp |
| US | 172.67.216.211:443 | www.catchcoin.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | kit.fontawesome.com | udp |
| US | 1.1.1.1:53 | kit.fontawesome.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | ka-f.fontawesome.com | udp |
| US | 1.1.1.1:53 | ka-f.fontawesome.com | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 1.1.1.1:53 | s.adroll.com | udp |
| US | 1.1.1.1:53 | s.adroll.com | udp |
| GB | 18.244.155.115:443 | s.adroll.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | static.doubleclick.net | udp |
| US | 1.1.1.1:53 | static.doubleclick.net | udp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.178.6:443 | static.doubleclick.net | udp |
| US | 1.1.1.1:53 | jnn-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 172.217.16.234:443 | jnn-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | d.adroll.com | udp |
| US | 1.1.1.1:53 | d.adroll.com | udp |
| IE | 54.246.93.89:443 | d.adroll.com | tcp |
| US | 1.1.1.1:53 | api.iconify.design | udp |
| US | 1.1.1.1:53 | api.iconify.design | udp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| US | 1.1.1.1:53 | relay.walletconnect.com | udp |
| US | 1.1.1.1:53 | relay.walletconnect.com | udp |
| US | 1.1.1.1:53 | relay.walletconnect.com | udp |
| DE | 3.71.155.187:443 | relay.walletconnect.com | tcp |
| US | 1.1.1.1:53 | relay.walletconnect.com | udp |
| DE | 3.71.155.187:443 | relay.walletconnect.com | tcp |
| US | 1.1.1.1:53 | verify.walletconnect.com | udp |
| US | 1.1.1.1:53 | verify.walletconnect.com | udp |
| DE | 18.157.123.166:443 | verify.walletconnect.com | tcp |
| US | 1.1.1.1:53 | www.walletlink.org | udp |
| US | 1.1.1.1:53 | www.walletlink.org | udp |
| US | 172.64.150.248:443 | www.walletlink.org | tcp |
| US | 1.1.1.1:53 | explorer-api.walletconnect.com | udp |
| US | 1.1.1.1:53 | explorer-api.walletconnect.com | udp |
| US | 104.18.26.46:443 | explorer-api.walletconnect.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |