Malware Analysis Report

2024-10-10 07:25

Sample ID 240611-vtw9davdpr
Target https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1
Tags
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1 was found to be: Likely malicious.

Malicious Activity Summary


Downloads MZ/PE file

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 17:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 17:17

Reported

2024-06-11 17:20

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1

Signatures

Downloads MZ/PE file

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 496233.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2584 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 4700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 988 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2584 wrote to memory of 1732 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa4b146f8,0x7ffaa4b14708,0x7ffaa4b14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,13421074881370162805,16395891883508953593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 2.17.107.112:443 www.bing.com tcp
US 8.8.8.8:53 it-takes-two.en.softonic.com udp
US 151.101.1.91:443 it-takes-two.en.softonic.com tcp
US 151.101.1.91:443 it-takes-two.en.softonic.com tcp
US 151.101.1.91:443 it-takes-two.en.softonic.com udp
US 8.8.8.8:53 112.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 images.sftcdn.net udp
US 8.8.8.8:53 sc.sftcdn.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 softonic.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 sdk.privacy-center.org udp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 199.232.209.91:443 softonic.com tcp
US 199.232.209.91:443 softonic.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 204.79.197.237:443 bat.bing.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 3.161.82.117:443 sdk.privacy-center.org tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
BE 104.68.82.93:443 images.sftcdn.net tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 91.209.232.199.in-addr.arpa udp
US 8.8.8.8:53 93.82.68.104.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 117.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 120.186.224.13.in-addr.arpa udp
US 8.8.8.8:53 37.82.161.3.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
DE 13.224.186.120:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 btloader.com udp
US 13.33.218.24:443 www.datadoghq-browser-agent.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 storage.googleapis.com udp
GB 216.58.201.123:443 storage.googleapis.com tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
DE 18.245.31.9:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.235:80 apps.identrust.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 24.218.33.13.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 123.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 9.31.245.18.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 235.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 notix.io udp
NL 139.45.197.253:443 notix.io tcp
US 8.8.8.8:53 253.197.45.139.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 id.crwdcntrl.net udp
IE 52.48.212.10:443 id.crwdcntrl.net tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 10.212.48.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 7fe517ebe9580a0bd83a8c818eac9f54.safeframe.googlesyndication.com udp
US 8.8.8.8:53 api.privacy-center.org udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 shb.richaudience.com udp
GB 172.217.169.65:443 7fe517ebe9580a0bd83a8c818eac9f54.safeframe.googlesyndication.com tcp
DE 18.245.86.39:443 api.privacy-center.org tcp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 ad.360yield-basic.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
IE 34.252.47.70:443 ap.lijit.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
DE 46.4.139.58:443 shb.richaudience.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 185.89.210.46:443 ib.adnxs-simple.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
IE 54.246.29.14:443 ad.360yield-basic.com tcp
DE 108.138.8.164:443 aax.amazon-adsystem.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
FR 185.255.84.151:443 hb-api.omnitagjs.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 151.101.1.91:443 sc.sftcdn.net udp
DE 162.19.138.118:443 lb.eu-1-id5-sync.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 gum.criteo.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 ampcid.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
NL 178.250.1.11:443 gum.criteo.com tcp
GB 216.58.212.206:443 ampcid.google.com tcp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 39.86.245.18.in-addr.arpa udp
US 8.8.8.8:53 70.47.252.34.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 58.139.4.46.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 46.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 151.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 14.29.246.54.in-addr.arpa udp
FR 185.235.86.152:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 164.8.138.108.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 118.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
FR 185.235.86.166:443 ag.gbc.criteo.com tcp
BE 74.125.71.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 152.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 166.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 sync.richaudience.com udp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
SE 23.34.232.193:443 ads.pubmatic.com tcp
DE 162.55.236.224:443 sync.richaudience.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 8.8.8.8:53 cacerts.rapidssl.com udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 193.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 224.236.55.162.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 it-takes-two.en.softonic.com udp
US 8.8.8.8:53 cdn-download.avgbrowser.com udp
SE 184.31.15.41:443 cdn-download.avgbrowser.com tcp
SE 184.31.15.41:443 cdn-download.avgbrowser.com tcp
US 8.8.8.8:53 217.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 41.15.31.184.in-addr.arpa udp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 8.8.8.8:53 216.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 hb-api.omnitagjs.com udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 ad.360yield.com udp
IE 63.33.6.201:443 ap.lijit.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 brightcombid.marphezis.com udp
US 8.8.8.8:53 ib.adnxs.com udp
IE 52.213.20.15:443 ad.360yield.com tcp
IE 52.213.20.15:443 ad.360yield.com tcp
US 178.128.135.204:443 brightcombid.marphezis.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
NL 185.89.210.90:443 ib.adnxs.com tcp
NL 185.89.210.90:443 ib.adnxs.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.94.220.185:443 aax-eu.amazon-adsystem.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 201.6.33.63.in-addr.arpa udp
US 8.8.8.8:53 15.20.213.52.in-addr.arpa udp
US 8.8.8.8:53 150.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 185.220.94.52.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 s.richaudience.com udp
DE 157.90.0.38:443 s.richaudience.com tcp
DE 157.90.0.38:443 s.richaudience.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 8.8.8.8:53 38.0.90.157.in-addr.arpa udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 acdn.adnxs.com udp
SE 23.34.232.182:443 acdn.adnxs.com tcp
US 8.8.8.8:53 182.232.34.23.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f53207a5ca2ef5c7e976cbb3cb26d870
SHA1 49a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA256 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512 be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

\??\pipe\LOCAL\crashpad_2584_ROXKKXQNWDMHNDZZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1 a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA256 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512 e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 be583620db890672f045671df8fa5af6
SHA1 e081a87b277b2fa53a2806b086207ed3bf044bcc
SHA256 e508dba9dcfbcd46a6d9c2199cc87622509eb4ea5d575ec409b5cf9559bc1247
SHA512 7acb51b25b77b900fcaf9598a6351b134b5212657b19b4847416a04f2fbdf277229a315e757edc9799625ec64747e6c8ccf14695cd4ebd30a7d01844a64f3a2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc911db019a78efc1ab35b64ce9149db
SHA1 0df6f98b8cab6076caa11770ee4e145e64128ca9
SHA256 83015e22d66baabc5570607cb20f93c320ee9c3f5d56a55bac5d482e0d778ab5
SHA512 e769a921de30de8e96f717ab50be06c5280c586d88a2b9dc425deedf44651bd40a7ab956c3fd4a5cc89f8d9b9606dbfe6174459ddaa77d97cabfa37ef3b07c49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 34fdcd65c53348eb99dccec90b73ed73
SHA1 4897cd9946de2b647dd598a3aa5256862cd3438f
SHA256 80d47033a215d93e9d6849e3a554c5ccdb9466c2f7ec5ccfb0314313b3c7766b
SHA512 d1383e8a277cd1501bc04b7b9b3fa901247b758a5bf6b97fd7ae5a810d9df5bd985653b57613acffaeb45ce9957824315484289e273de1a969189044f89998db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a70662bae0af9439361e1862b08a71f
SHA1 f1fa5f80ebc3c82fc60dbf7f691f90e6fc4a129d
SHA256 1069d2f7379fbec9109fa829ace88479453287d189c8e49031f474f2454a3f00
SHA512 022e524738c9dd5cf3ea4ff51af2062ca58431b42f923cf43cf259984576385a6ad91e54c7800fa71f2295720cf32b061a3754849ecfb1eb9761c5de47a168be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d3b4a43a74e11e9102494fef1520d8f
SHA1 fab6cfe3e939cfd68f0fec7f825801644e3d6005
SHA256 97a12ae775e2202482aaa49a2cb30426b41cd5ddedbd3b7b98765a2ece6a67b2
SHA512 6f2945e77856d2ba50716d786ae0f0a14aaa059787c866a47ac19610c98381f7b71985624465b72f8b9e99f0aa50d06756207cbc80215011a99f9feb071b7813

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3a273c59a86c6948eedb68f9081ceffb
SHA1 92ec02abb4fdd01cfa176f7b19ad20f2347968ce
SHA256 e77b3bd80eb88e3fb37fb21b465baee0d089618427edb8980b7a54c61fe44e9a
SHA512 8b79ead9eae9db3ecef3122ebabfdfe7123a848d1480705c41a6d8dfc09b655e40a3709538708e6838195396bc72aa14a019f3370945455303eedf3f4c2dc592

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57da43.TMP

MD5 b4c90b9d222331a7392462d3a7254264
SHA1 9e3883c60bfb9526b7a1add7d0dcae428d22c258
SHA256 7be64d7bb4041f1363e688c3a8b508745960c99d8b0d1cd66c31ada97299ad93
SHA512 1faf1b3ce4f41e3a5894993935b518b50abde9c7669f78caa9249ab313deaf5bf6b02cb6b2208d4c0fe33744e933546170563f9cefdc8bfb0fd1c51568c830cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a31f376fdbe56ffb4751bbe5e69cf968
SHA1 eb56c0fba2451a3e6e45bfd9cf2baa5b94c823f0
SHA256 c296f4afd93f0ca9bfc85f4b1a73ce4413a48a65fce1612efcf64d82db839064
SHA512 de8eb982d374a1860aa63725fbddbef73b6645b1c613380131d2258c541a918bba72e63749609a3078c88fcd7a4fbddd1695edd47ee917d2e66cbf3ecb9a8b81

C:\Users\Admin\Downloads\Unconfirmed 496233.crdownload

MD5 e126e85516c400f91c7faec6de177490
SHA1 364d5712f99012549c4c0425bebc0c6cd6bba218
SHA256 9742eb6f940a9bdc5a2f4323a0407ed7fc0903620a2fa3a3999a803b208ffd07
SHA512 028e8b84b732750739a9eae771ea8706006377bf184c333ebae26ad9244e00aac769c6cde077bfe63b5e53ea7ef7fce4390e930982dc50b9cd049c0989c11f5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 71a4245f1cc10bb06a96e7d5ed44a635
SHA1 375b2be78d7c86e197b4371e631c64fec6d92acd
SHA256 a178ef93798822478eed69ab4bf3ef043edaa0eba47c86cc49da19b2d86a9f83
SHA512 686e70c60b77064745a5e37e5136bb862e394a3b59876dbb50cfda40f8d70d105ec99b53093bd422b51c3a3ecef0c07180dd9f8401f67095662276a4b33471c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d2ad5d9883d1cc04e34a4f3c14a9d6d
SHA1 8fdca639d2149220116e97cc4f992f13841af683
SHA256 6638b87ad09b92fa3c408ad545a8ee6a5ad98c53662c3487a99724709e9b494f
SHA512 8fe4bb4a3e86398b00302f96533aefa34256ff3dfb6e48b8999e1228c0dc7784c5e0b8f05d0db6f5877cdcd4be1947010a322775b44a33565ef6c60b81b025ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 250c352b39a4125ce45bad8a1c580f9d
SHA1 09f41a00587dcf95af3e76e5b7f0ef627d9b398d
SHA256 90856365dfd9ef318deebc1a25193dd4414aa3dafca8c0eddc2ed85fcab597a4
SHA512 44ae3fb10937735b24a163ec26f56ea9ffd68c333385fc1c595b2c9773344c4e47e8d66f335213653cc2f6f71e29a03381c024b67e2b23ae5294ffb73132a6a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4b75fce6e0e50563d1012ed193ad329
SHA1 082bd3058d35f4da61c56e6eeeb43f322fcd5738
SHA256 35622d1fa85d024a228de144fc5021d1b0fde2aade69d80bcfe16ac285e2b9c9
SHA512 dd01d0a86de03ed97165ba6e9e72f9d283c6bf83fb718ae82323e05b98276ab540f875588b426c645a5e1836d8453edb32a0b2694689266f314bd60614e56c70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0dd7c47ba3da6b68c5ad272b502685b7
SHA1 3b302fcfd0cdc372b70272b162d2f3a20ffa64b5
SHA256 73793653554d7a52490f6f297a7089410b78cb4dd3a1647a534f5fdf037bac07
SHA512 bbdb8ce1332f0498cc53b7a7f0632adf60b621ee8b7ecc5a1faef7ff0b2c0e3473c770deda9d39750200b7bd1329352ec4e539179cb67df88a765bfc3879598d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b8fabf71e5821c5b91bae13753f5bbb8
SHA1 756926c2783d5ecee2e83e6969b37b98483afeca
SHA256 77a0a7e372041d5f2bff87ff3d7a982111156cb704b15e8968111bfbbef1eec6
SHA512 cd6a7592f70a77834311c65f28558d521d1b7fdab75086394d120c4e3a0dc31d2a14bbe95100065164277856622114d5f7992cc073096764247557ada2c79a49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 680332970eb5ff901d8ecb8e23debbfe
SHA1 cc9e8913cf99dfb35f8860e73c2bb605ee53f7df
SHA256 d5133962d7be8061ef707bdcdaf09f60f404a80909136a38b90c582e5eae565f
SHA512 de8c5ee6cb7fc072209dd1c4f5aa45552c18c5408278984efaa34f03249ea86b48e16bd8bb7ca71b34cea61dfffa114f28ee020ff42688ae1e0c97e47b64760c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 17:17

Reported

2024-06-11 17:20

Platform

macos-20240410-en

Max time kernel

112s

Max time network

147s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://www.bing.com/ck/a?!&&p=49d8fc172533cb17JmltdHM9MTcxODA2NDAwMCZpZ3VpZD0wNjg4MTA3NC1hNjk0LTZhMTAtMDk2NC0wNDJhYTdjZTZiOWYmaW5zaWQ9NTE5OA&ptn=3&ver=2&hsh=3&fclid=06881074-a694-6a10-0964-042aa7ce6b9f&psq=it+takes+2+free+download&u=a1aHR0cHM6Ly9pdC10YWtlcy10d28uZW4uc29mdG9uaWMuY29tLw&ntb=1]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.2028]

/Applications/Safari.app/Contents/MacOS/Safari

[/Applications/Safari.app/Contents/MacOS/Safari]

/usr/libexec/xpcproxy

[xpcproxy com.apple.Safari.History]

/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History

[/System/Library/PrivateFrameworks/SafariShared.framework/Versions/A/XPCServices/com.apple.Safari.History.xpc/Contents/MacOS/com.apple.Safari.History]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.88C2547B-E67C-4266-8AC8-FCA36EEE9B4D 517]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/usr/libexec/xpcproxy

[xpcproxy com.apple.WebKit.WebContent.1F72FD92-7755-45A5-9BD6-43E5903168E1 517]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

[/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

Network

Country Destination Domain Proto
DE 20.52.64.201:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:53 api-glb-aeuw3b.smoot.apple.com udp
FR 15.237.18.235:443 api-glb-aeuw3b.smoot.apple.com tcp
US 8.8.8.8:53 gateway.fe2.apple-dns.net udp
GB 17.250.81.67:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
DE 51.116.246.105:443 tcp
N/A 224.0.0.251:5353 udp

Files

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsObject.db

MD5 d3a1859e6ec593505cc882e6def48fc8
SHA1 f8e6728e3e9de477a75706faa95cead9ce13cb32
SHA256 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c
SHA512 ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818

/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C/com.apple.Safari//mds/mdsDirectory.db

MD5 0e4a0d1ceb2af6f0f8d0167ce77be2d3
SHA1 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c
SHA256 cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030
SHA512 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20