Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file http://gdevelop-app.com was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies registry class
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Checks CPU information
Checks memory information
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-10 05:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 05:38
Reported
2024-06-10 05:45
Platform
win10v2004-20240426-en
Max time kernel
121s
Max time network
144s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://gdevelop-app.com"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://gdevelop-app.com
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.0.1672611879\1365492616" -parentBuildID 20230214051806 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c602123-7650-4127-a1e9-44f16276fa20} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 1824 1552ea0ce58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.1.264074686\485634266" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b08c5ffb-2c57-4dd3-afb4-27621ca65833} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 2424 1551a886958 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.2.2039328941\1771451912" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3044 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55a0fcc6-1886-41c3-9543-8fa85f44dacc} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 3060 15531833f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.3.586441020\1100737848" -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7bf9360-e305-48c2-8045-9e7129387259} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 3668 15533237258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.4.1053564482\811896520" -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5112 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fa3dd5-5d8e-459f-90cb-66fc48d8fabf} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 5128 15535037b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.5.1634837780\1669768294" -childID 4 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b2bc600-af5b-4b6b-bda6-2480723cb10f} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 5260 15535038758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.6.1908434100\661650227" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03188f80-5e59-4efa-b8d2-2a2f924fe45e} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 5448 15535038a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.7.577221831\618296909" -childID 6 -isForBrowser -prefsHandle 5824 -prefMapHandle 5820 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1252 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d3a3651-cc8d-4378-a3a1-ddc40d5e1263} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 3088 1553063a258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.8.913862006\1560855353" -parentBuildID 20230214051806 -prefsHandle 6012 -prefMapHandle 3108 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be1db16-6da2-460d-8e23-ba7eb90e80ec} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 3164 15535818c58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1824.9.622800786\916421731" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5840 -prefMapHandle 5820 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37866a1e-e594-4395-b9d2-5b5227695ebf} 1824 "\\.\pipe\gecko-crash-server-pipe.1824" 5800 15535896458 utility
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:59828 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gdevelop-app.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 104.26.8.65:80 | gdevelop-app.com | tcp |
| US | 104.26.8.65:80 | gdevelop-app.com | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | gdevelop-app.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | gdevelop-app.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 104.26.8.65:443 | gdevelop-app.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | gdevelop.io | udp |
| US | 104.26.14.77:443 | gdevelop.io | tcp |
| US | 8.8.8.8:53 | gdevelop.io | udp |
| US | 8.8.8.8:53 | gdevelop.io | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.65.237.44.in-addr.arpa | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 77.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gdevelop.io | udp |
| ES | 18.172.213.113:443 | api.gdevelop.io | tcp |
| US | 8.8.8.8:53 | d2ej5o8g343oe.cloudfront.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | d2ej5o8g343oe.cloudfront.net | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.usefathom.com | udp |
| US | 8.8.8.8:53 | fathom-cdn.b-cdn.net | udp |
| GB | 143.244.38.136:443 | fathom-cdn.b-cdn.net | tcp |
| US | 8.8.8.8:53 | fathom-cdn.b-cdn.net | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.213.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| FR | 172.217.20.206:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| FR | 172.217.20.206:443 | analytics.google.com | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 104.16.80.73:443 | cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cloudflareinsights.com | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:59834 | tcp | |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| DE | 23.53.40.129:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.40.53.23.in-addr.arpa | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | tcp |
| FR | 142.250.178.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | adcdaeefd5cf07fd0c810793ca2f1ff0 |
| SHA1 | 99dbfc048e4953fe91785ef7b228b0c61ba69cb6 |
| SHA256 | b60fe98ff6da9483e523f56f67752633ea0228451368ca45d5bd0eec5c3661e8 |
| SHA512 | 98c4c93477407aa52154feb132e749ad462109d3bde4ed966a685d56249b27ed1b434fec363226cdc9e06348d6e1707cb1a419518e342397fdac97be44f40ca4 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 6adeeb649c007269f7cd519c850cc90f |
| SHA1 | 94b4ed758746982c758dfca662782bc45ec3cc27 |
| SHA256 | d97b5742de031f52dbf6f27d9a2b3ad9696bb5574670116c1d4b825fb3bbf908 |
| SHA512 | 10ec97c4b82d3aef403f40203283ca9188eb4f04de56b17eb91654c17c3f20fb6df960049a84153db82952eaa8b6bed810031ea669ad583643835e131835845a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 10ec7c53a14793e1208d2fd87393fd7d |
| SHA1 | 63781685910b06ec4b13ff10cb41c35b42361a50 |
| SHA256 | 012931897f5e994087d33a87d463201c3964fb5f238a6f768f0b5d0033e9886d |
| SHA512 | 13a71d7521c484fcec53b21d09f7bd59f74ae8f54ecc518dcbe4f56f3ea216b959d2c5745b4dd41319bf424fc1557fa37e9dc7c249d6362e623f9c370e0225e1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | d2a2109539bc863569dc82b38439b357 |
| SHA1 | 1a081ea50a2be74aa6a8addda46c997c25708000 |
| SHA256 | c09ed50f265bcd067fda39a9cf1bfc52c30f7875b600ca01af2aaa765b48c10d |
| SHA512 | 4bca2cedc1a96fc9ca2a975dea068c7f82012e890b86ce7daaec331102b0d971b5aedfe3311a9216832a35711021fb6f7893e2d19ea2073b0fbafafe100e9adb |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | c6dab1b390e55832fd85e057e510144d |
| SHA1 | 8ae0b220a24ba4315ad5c88fff8f4285615377eb |
| SHA256 | 5bb0e9e05f158a319180a35dcbfac13dc69d409f3fce62bf9310adc38174273c |
| SHA512 | 5573e5806d9ec507a21012accaf78cda7ff40656b284234f74a3a40d838c443c2feb25a50b6a73fc0b44f466242904e13c50aa00eda49afb6fab27c7fb071a99 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
| MD5 | 80783aef6667617582416d5bd5d1a014 |
| SHA1 | 5175eec00a26ad496413e5366669300af07a9fd6 |
| SHA256 | 2853fe68d6d135d9939ea0fc0f5b46fd66e6b2d2e630d145406e01c2ad494985 |
| SHA512 | e68bbe4cfff7b9d4d388f36678a5b0e38d5fa7ad67fac9d3d09d5739a6f47923703ad9a77108609cdeb26390184e43fb79c2d69e5ef73c3ef002d748b6912c14 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js
| MD5 | 427d1512b6e37d535c72bcb9017d927a |
| SHA1 | 3ece4fa8ebf7469082e6071585a7d048d803cdac |
| SHA256 | 6b861815dca77d98a99dda1cb7c5aca63af1e5106c06e5dd9714ef5135185a89 |
| SHA512 | 1deecdda4eac1583acb5c48427231f9ab3c7e1f82ece62c67cae9d9ccdc097e8f38c19a78687909689be851557a03b5ec8b93a9828fb76420ecc2d291453cb52 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 05:38
Reported
2024-06-10 05:46
Platform
android-33-x64-arm64-20240603-en
Max time kernel
169s
Max time network
186s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.196:443 | udp | |
| GB | 216.58.212.196:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 1.1.1.1:53 | gdevelop-app.com | udp |
| US | 104.26.9.65:80 | gdevelop-app.com | tcp |
| US | 104.26.9.65:80 | gdevelop-app.com | tcp |
| US | 104.26.9.65:443 | gdevelop-app.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 216.58.204.67:443 | tcp | |
| US | 1.1.1.1:53 | gdevelop.io | udp |
| US | 104.26.15.77:443 | gdevelop.io | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| US | 34.149.250.58:443 | tcp | |
| US | 104.26.9.65:443 | gdevelop-app.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| GB | 18.245.187.6:443 | api.gdevelop.io | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.212.202:443 | remoteprovisioning.googleapis.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| GB | 143.244.38.136:443 | cdn.usefathom.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | udp | |
| US | 216.239.32.181:443 | analytics.google.com | tcp |
| BE | 173.194.76.157:443 | stats.g.doubleclick.net | tcp |
| BE | 173.194.76.157:443 | tcp | |
| US | 104.16.80.73:443 | cloudflareinsights.com | tcp |
| US | 104.26.15.77:443 | gdevelop.io | tcp |
| GB | 172.217.169.68:443 | udp | |
| GB | 216.58.212.196:443 | udp | |
| GB | 142.250.180.4:443 | udp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| GB | 216.58.204.67:443 | udp | |
| GB | 172.217.169.68:443 | udp | |
| GB | 172.217.169.68:443 | udp |
Files
files/dom-0.html
| MD5 | 8afea07ef13bed6300f53cd5ef3e07c4 |
| SHA1 | 3336f1b9385210311e7c8696333f8899b4cbfe58 |
| SHA256 | 5f5535cf5bcd556a08a6c151ccef2f4b7c96ccc01754a67dbdfe39f993054a1f |
| SHA512 | 244b4c5bf117a62761d1493f55801b52e48861b4dffa5c478387fc00b15642d38c40163e74fdac73f3aeef9b5871b708ba77898fecc7948d3fbe160c1686a552 |