Analysis Overview
Threat Level: Shows suspicious behavior
The file http://google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Drops file in Windows directory
Changes its process name
Resource Forking
Reads CPU attributes
Checks CPU configuration
Writes file to tmp directory
Enumerates kernel/hardware configuration
Event Triggered Execution: Accessibility Features
Reads runtime system information
Enumerates physical storage devices
Command and Scripting Interpreter: JavaScript
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Checks memory information
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
NTFS ADS
Checks CPU information
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-25 09:37
Signatures
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:38
Platform
debian9-mipsel-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
1s
Max time network
1686s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/task/1603/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1577/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1590/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://google.com]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://google.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://google.com]
/bin/grep
[grep -q %s]
/usr/bin/x-www-browser
[x-www-browser http://google.com]
/usr/bin/which
[which /usr/bin/x-www-browser]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://google.com]
/bin/grep
[grep -q %s]
/usr/bin/firefox
[firefox http://google.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://google.com]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.8:443 | tcp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 44.240.188.8:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | archive.mozilla.org | udp |
| US | 1.1.1.1:53 | archive.mozilla.org | udp |
| US | 34.117.35.28:443 | archive.mozilla.org | tcp |
| US | 34.117.35.28:443 | archive.mozilla.org | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.48:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.17:80 | connectivity-check.ubuntu.com | tcp |
Files
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
ubuntu2204-amd64-20240522.1-en
Max time network
897s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:00
Platform
win10v2004-20240508-en
Max time kernel
1318s
Max time network
1320s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637819090380180" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "233" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa75bab58,0x7fffa75bab68,0x7fffa75bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4548 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3400 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4352 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1548 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1700 --field-trial-handle=1864,i,10232071194342016013,2934441233624659570,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffa75bab58,0x7fffa75bab68,0x7fffa75bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1940,i,11812413258588815590,8818465200975079512,131072 /prefetch:8
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3942055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3bb51501fea57746596e5f8ba2ff3745 |
| SHA1 | 2791f2bf0205672db383a1c7d37edb560b3ec30d |
| SHA256 | 328f9f32e00b75cf2cb2964d684dc0fa339159ad5cd6cfbd1564582e25d89a46 |
| SHA512 | 877a5942a6e64fb0282988b7a5c9bc3ce4941bb0c823d0cd75c067087df84f4ccb8b58fc27849f4d3f6f7516de891b675cc682dc1f0806e14b8e8876c0d70923 |
\??\pipe\crashpad_3860_ZIHLRNOEOYBSGZUW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4544315f5a1bf7e67375bbae7bb9d97d |
| SHA1 | 86ce33b9f38b06e3bc813e2dca631484ddf6d7cf |
| SHA256 | b034b0141dd4b8df54a64ff2c87f748a15502378c79a124c6251ee5029399f0d |
| SHA512 | 65709af5234d15b6a3d50d8e910bbe0d1dbfd4100bd796aaee93a65010e9cddb119bdea15bcd94ab420937069a3da6d0fd5a8b77db90086043d114672e8d2493 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d1921f0696fca1e28d5bf645edfd8f3 |
| SHA1 | 1a63473949ca456c4feff900a5de63746922e4ae |
| SHA256 | 1c9afce4b7e80c4a8d4106aeead9c492bed2c107b68d485acfbcf39f52b9161d |
| SHA512 | 9ffc4265038eddb41ef6b4f90c1ed436d27775f8e379e0ab2006702eb93cc13fbe6cde54fcc69419a62ebe148ce8e4778967ef50637b9c9aa923767e913f6cbb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 12d494e3dc645537921452786d39befe |
| SHA1 | f4f3b35624137c2ddb179e277251a800c4a32b2a |
| SHA256 | c3e17cc9c90e251d46b8aa932d5e8096715fa26e368185f7162d8e50e2b87143 |
| SHA512 | 360da234a70713e7191031b8079f7051f0c3d530215b91759565ab0f61cb21c9d58cfb12215fdd17a4653dac58003f643e794b2de529e7bb3f7e56f18405fe54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57deb7.TMP
| MD5 | b2a81791090227b5ecd7778824e28aaf |
| SHA1 | 2c50bee3585444683e7833a369bc0aca4343c2a0 |
| SHA256 | dccf6295a4aaf38869d59f8192c6a4a1e238b337f477fafb38f799f3127feed0 |
| SHA512 | 61306a1306245c06b5e03f4e5d16ee7a20e67c9683682e95cf011e26d67d8776fbb087c054dc5cb74db9b073f8794309d2e0c6e2bf762e0bfcae076067a265d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 897c6efa38e99e2612b7124b64cd5fc3 |
| SHA1 | 7c3586774a647bdb4fbeb3d9f1a5f343d717589d |
| SHA256 | c3746665ecf00aac01ad91eb505d195c76cc1d4bbc6b262528cbfebd70273c83 |
| SHA512 | 1845bfe2df9c2ea3a93b66406386ece4b29c89392f7e14be6723bf695823ccfe6f4dfe681b9fe9fdf607f51f70ad413974b066025f8d05a5cac9fa62b256c8b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e95b7a31737f2a7ce5bf285aafea9fdc |
| SHA1 | 4d32025d60a9fb5696128429109ca390e4dedade |
| SHA256 | 0ccecd245f26ef3051959fd0caad5cf847756680b013f54338210b005ad66f0b |
| SHA512 | e8f4206e27c72f4ab86f3336d533c9de04361b585c3e9a5a996a85c909b1bf85c339503541c3372491a5bf62a9fa1d0d27f4c45de599107f71ebb2347dd2b80d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0062c075e4de356247d8b8b7e34ab502 |
| SHA1 | 66e963ba6211e61f8b466b07786f6ecb0873418c |
| SHA256 | 02a7b38f1067fbb561df678fe300e139e1d8152f8b7bbcea5663942a4a1925db |
| SHA512 | 0cfefa72235645a5e3b07abff9452755889659aea232e079c10b82392608d635e2dba0cb45626f4ce941ea5ef32c6bad0878f043740749e1763e4d6fa51c24e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ddd7b6385a0dcfc5b7559c5205afb724 |
| SHA1 | baebb08fe0c69f8440bc83eb3eee6c6653376581 |
| SHA256 | 73e9c3c02956195508416582d902bb95fc2ad59443f4f8fca1bbc9e7f9435a00 |
| SHA512 | a2a48538601ae87b0dea87c51a416a5132498b20ddc3eaeecb211b2108395f03e9070d59e834808c9cfe37e803e7a06bde2d082f6f850d91db082710d16502ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 05582f3425f0b0648f24bfa338d54700 |
| SHA1 | cb8500802526ae584f1605206d49d43defbb1718 |
| SHA256 | a0152639622fd5c9dd49c4e12d3ba2427f0fd14d31cb0555d32ad7ad438c6477 |
| SHA512 | 832a02d6b2b67e54b92649e7f55eb62e4707d9d26522d5d600de061073f8a79021cba2a11bbccc774313acb58c51bb12b68ccbdf822e57df9d1ac6d2adee829f |
C:\Users\Admin\Desktop\BlockDismount.eprtx
| MD5 | ff7d4b020887cdda6bef7e5bcaa31e2b |
| SHA1 | 64f976adb6af36b86a635f8b6d3fd3d447b5b332 |
| SHA256 | 3c42f9708c6f9e43d5c20569ef1966e6ec5dd806e01b0e56fd7b9bded287e200 |
| SHA512 | 20e05a9ac37daf1655ebefc416173f589e49809756840d17a4165de4d48a8257188c4ecfc47fa8713f7fa18d5264e1c050ed1a630b6f21aaccbb86482e2f36b0 |
C:\Users\Admin\Desktop\CloseSave.odt
| MD5 | afb06e2ff49d48887e038735c19a6ba1 |
| SHA1 | 6bf6c8a94d322c0193fe3516f95ed9af9990cfc1 |
| SHA256 | 1623bf58d23cca75076f0dd2cf79348b3b52012fa4b0bd3f9f082bc0516a04e7 |
| SHA512 | b073a45930833d20e57c94c9a6fcbc0ebd0429d5df9099dc9ef86cadb4ddb451ffe67ff38fd5a42aaa458bce1ac90c9a9211a6f1363ea7282c0a2141874e2b1f |
C:\Users\Admin\Desktop\BlockReset.jpeg
| MD5 | b7734ecaf9b34b7091b520d8befeabf3 |
| SHA1 | 155c292eba952e7dfd77814eed00fde6c33b480a |
| SHA256 | 82296cf2dffdb5316d36e4395b64361c9422f261abb18b4020275a2b59b1bf77 |
| SHA512 | c3967256fcd2cc01cb4c66ac0397b693e3b4ce9414321d6c03762f27375a1c36a8bee1a4e789df4b28153a84faf25593a13984f5eb5548e51dcc41505f201151 |
C:\Users\Admin\Desktop\ImportShow.shtml
| MD5 | b1f1cc98a3e2221e7da50e39e9ee68db |
| SHA1 | 2465d5fdf9d60930d276663808bdd5962c2a8879 |
| SHA256 | 53cd3f8df6bec55ef5ad888b81e6eda6b642240edcdd1e5eda4464490b27c53c |
| SHA512 | 4674704d82889e0cec0570aad8a0ab10c9a74b730b47be8eb818ee94225deda760e98b9eae32a684d71a9fd50329ece951c28b56586902cd74588aaa850726fc |
C:\Users\Admin\Desktop\OptimizeReset.mpa
| MD5 | 2acfc76d1170b73511f09cda24566792 |
| SHA1 | e1f6bda0c1f3225988e2b5c8fcb744ea7ded3840 |
| SHA256 | 1dc1364064a63ed252fbba11888bee8a08273cb4603a75022a5c53d848f1a8fa |
| SHA512 | 5047b52ff10e7d2cc8d3173e50e6334587dfbb0e4ba829aa16bb992d1545c86574bfd6b8a109bcf6beacb960a2d2e9a6a25a45b37eedd75f9b10a118baea60b4 |
C:\Users\Admin\Desktop\ResumeUninstall.mpg
| MD5 | d2b4b063c2c9cdac7b0fefc7469f9c85 |
| SHA1 | 786dcac6ffe727707e518293d3e874d48428477f |
| SHA256 | 8a2a1f99ca1171ff90062493b1ed573d227b910420a225f66da0841f2900184e |
| SHA512 | 89ba13a57fde37f621ef969c2cdd230f377a59ba4ebac19b8e5e581dbdd0a5ea80f34254eeea2c3cd8f558802103565574ac104a3ff26154512eec1e14a0005c |
C:\Users\Admin\Desktop\FindSubmit.DVR-MS
| MD5 | 81d48cbc18f09028745b397de20049be |
| SHA1 | f468f1ec0f01786dc2d164c41ce2a66c6835c571 |
| SHA256 | efcc68e808cc787410191828d3df2c01bc4b7baa678253b36399a2976a8aa2a0 |
| SHA512 | b9f2ef1fe1daa38651766d0ae0aea392cd74929a0654ab409d4444004cbc5fbff7ae216bc4dfef41128931a406f88244cc427b3f8fcb0efb3173318ecd38c72f |
C:\Users\Admin\Desktop\WatchSplit.bat
| MD5 | 0e05704d974aa9bd10476679d7e1720f |
| SHA1 | a6e582d0fb9cb7c0ccca801d02251f71c1a676fd |
| SHA256 | c1063ec84273195bf440a2b393a057f42a64a0c49169c435c2d7f613fd056b17 |
| SHA512 | 9654b3f79a05e41e166a69c890e55850dbd3ed6925b4f3f7fe16a6dd10fff8dfc41f3c43b22a6da027855798766228344672bd075950e705d1df5d2e4c36ff29 |
C:\Users\Admin\Desktop\UnblockBackup.wma
| MD5 | 449e8be237cf1c040d94c742c36bd165 |
| SHA1 | 6c23ba283992dfbdeeaad2400fadceabb293ddd5 |
| SHA256 | a603a0a3909a6c9647b6a907f664ec6780ae902cc9bb16acf6a9f8b6e60d48fa |
| SHA512 | 427b21eb940ab44cd1ca6b62b307b1fd8ecabea131a2b8bc025d6cc3aa2e35741799b5e5c3b1d6a8380846ba254f1ecf641b864f473a1f5f5b1b371f4829ff06 |
C:\Users\Admin\Desktop\TestTrace.3gpp
| MD5 | a40b609d099d83035ed8de70c65987d2 |
| SHA1 | 8b924ccb0f96d1d6596dabafc5c4aab6f196a625 |
| SHA256 | fc04655faf998d59975a0c49d1c3c9aa4456a80fee625c837281d2dc5ae77f76 |
| SHA512 | 77778082eb76c3bdeed09f3fd1ab625a823b727bb957c4de587e82333a7975ead4d9f778a02981359befcca364045f5cbce3249e7e2a9e42ee4a021e493df0ec |
C:\Users\Admin\Desktop\SwitchUnprotect.dib
| MD5 | 5ecb4a1fd32ac93e4b6f818072a78ed0 |
| SHA1 | b61adab30958ee0a75351c06125037f7d761d3e4 |
| SHA256 | 71d0ef307d88c8e7c255c3ba8704ee22e0c41c1e7c4b64a1f684c5f3e34d8982 |
| SHA512 | 5e24052ef2ea544f8206b86c2460db2d036072bfca81cd79284951ec3c435203a550bf5ffd7f9acf0e277d642310da3dbcc3b944882752ef5a014c2d25a53d9b |
C:\Users\Admin\Desktop\RemoveDebug.asp
| MD5 | 380189ff82cb7201ec7f325920d2243f |
| SHA1 | 59dbdb38b34e78bd6dae0313c5a21167ee770684 |
| SHA256 | 7876fb98ce5ffbdf1938f17ef2b1619a4910aa8aecfca9ddec37d825b81ce931 |
| SHA512 | dd10af333680b0b08bd333102ce1e176ee6f81177ad03fe50ca1e5e467b055260c17aa870746438ddb393142d7bf1956aee25d31520a47d318f10d0e5468384f |
C:\Users\Admin\Desktop\RedoShow.TS
| MD5 | fc0007e450e8861fca2143759c4f57f4 |
| SHA1 | 28c6e1d3bfefcd609396c8dc10db6b995da02e65 |
| SHA256 | d12b0b458ab0b94cfa734e9a950d6d37a6eed195edbb353914d0c7b7a67b1fa9 |
| SHA512 | 1808f206694898b138b0e932f0ed610355acb7f035b9c59f4c9537842c8c01e4a9704753c0d75897c3dd7fc279b968cd3a26ef6ca8b5a0e939a59c8cb859513f |
C:\Users\Admin\Desktop\PushUnprotect.jpe
| MD5 | 948934a559bb510a15b12fca910a5aea |
| SHA1 | 8e4b6c39c27eabc1e34896199d7445eb88804c5f |
| SHA256 | 1abe95e8a03675a4f18f0129570a028857d3ceb1330889e7a14c7b9e4e198ee3 |
| SHA512 | 8f621b2ca581bb9b941eb6e67e6459d04ccacc5b5d1f1f219ac465a716a543f6b55d374fa29e8e462dcee9c2e5bd4ed19050fb37741540a845a4bad639277a53 |
C:\Users\Admin\Desktop\PopTest.dwg
| MD5 | 1c83664346e599fe4f2c1ff7ce616a30 |
| SHA1 | 2420751bb38d1825ce66e6e26086a057676af00f |
| SHA256 | 26f8726d9f77e1c8993899923761bb3cc6857f540a270ea0cf5c5e3226f14717 |
| SHA512 | 778d4c78c3894d021c62ed042de59a5a4c49e6b32bac440346f1f0d7138c8a33744b4a6a295d166839f31582431addb883233140f182e63e774913e9dc2900c3 |
C:\Users\Admin\Desktop\MountRestore.vdw
| MD5 | f64df46156111c9bdb61f565921c0158 |
| SHA1 | dd1996176411c4febb146483f2eddb89ad05a463 |
| SHA256 | 95722de6bcfbe10ba15873acd1360f38ad87077f2dab04f92f7a6580f3461fcc |
| SHA512 | 56691952bb76903c500557cdc4ce34c98fb152d59013b3976c819417ec969080f61c0d260d5ecefdd76d84cbf007445a5882e2596eb029afe5dced1f2eb0a575 |
C:\Users\Admin\Desktop\MergeRestart.js
| MD5 | bb8506d737e5d0d1f52ebb8ab13c678b |
| SHA1 | a38da6bfa743088e49f169df5b11470caee223b6 |
| SHA256 | 81375e1ea4ff96dd82e60e86abd875b247cd3f6e3f352e6d7503655341f54ea1 |
| SHA512 | 3843db881b20f7baf91f60f9bc133a16955ff44367f19431055ef9b007d3a6f0eb36ff3409f914294280acf4be09a53e4f4468a6eddacb2ffed0c38f6795e430 |
C:\Users\Admin\Desktop\DisablePublish.wmv
| MD5 | 7c1ee3dbf6d5ac44226ca074b0833f56 |
| SHA1 | 8d47beee6dfbbc0453d9682c361168974c681cbf |
| SHA256 | ce2cc67f83147609508e42716097826857668a8749078328295df2242b6695e3 |
| SHA512 | 458c1cdf00af856a46fe09073812dee8bc07b39cf160322b61e6f6c301deb5b3cc82d610dee834d549f32c97b66d0ff6e12276337a63a63c547c572ff719609a |
C:\Users\Admin\Desktop\ConnectJoin.jpe
| MD5 | 0b5075aa8a1754a677a97a0b4abb8ec9 |
| SHA1 | 6d6ce3638bccb30b03e69471a9c55b2b8e2b9e4f |
| SHA256 | a30af20ea55661287218b6a9a05e4382c17499c5129d0ebf4ffa1ffdf83689f8 |
| SHA512 | 70b38a7ddbfda7f8a8caaceb3083e8db996f94b5a7de6fd496e04e2adf3d9eb362e3c2914624b06a7dde2358a60958430a5a49d3ba0ec4c8f1b56996c8189050 |
C:\Users\Admin\Desktop\CompletePing.3gp2
| MD5 | 6fc644348be7e7ac9b7edd4c9428ecd8 |
| SHA1 | ec04262b377d813abea5ab9b82d1ddbf0d5a99f7 |
| SHA256 | c6ab668a3ec6624c9f1bbd1202da315c66c286b1f41f05f4956e2f07cbb943d7 |
| SHA512 | 72d2208054cb7735f9fe686729fb7d38d35d6dce41c58044e9675739bb748da9e7a882429da438f2e45b9cb7fc5bd79b7ccc7ee6fb7428d42e508e7364eae0fc |
C:\Users\Admin\Desktop\AssertNew.zip
| MD5 | 461dcb566c8d9dedf576b205c22405bd |
| SHA1 | 3f734cf29b9a3241083bd3ff594dd039c5c02347 |
| SHA256 | 127753bdd0a5bb864571900bb2fb623b3f313417bb47f62b335d3f518ca1ceda |
| SHA512 | 3957bfe912c9b4b5e446d35e91991ae4ab8be71e85d122a59140f10583fb39f0696588aa8e3ab0aff7233b0baa47503d2fedc2df6caaab5730406219217ab35f |
C:\Users\Admin\Desktop\OutInitialize.wax
| MD5 | 8caf875206b430d89303bea3065d03a4 |
| SHA1 | 0e5c9a64b8585841e3a18053714be707e0939d77 |
| SHA256 | 60d8482deefc0c31e92de42c5445295ce4b3b8eb2a8a0eed80f8cb33074638ee |
| SHA512 | d5b0af2d39a23623530ffca81ec96eb27868202b9a7090f4d31383332589fd7604f5c2ce2b4fe93f2b53dfb214ff433938f171a97f1281f35a509f6104c41979 |
C:\Users\Admin\Desktop\DebugConfirm.xht
| MD5 | 93051325ad34e7bf3de458a6f11270b3 |
| SHA1 | 6b1a095ecfc66123b12567b897b65ac2d2d3eb6e |
| SHA256 | 16818578f0ae1676159635d5db123c3655c3e4f32ca17d93fcd8a778d54740e3 |
| SHA512 | 1413def666480293f93a49fdd2cb712a718e60533637ebefd3bb17ed634d80dab7b6880e44173715559ed63dbe1b41e666d9704dc565890fe3fe28584c06acc0 |
C:\Users\Admin\Desktop\StepUpdate.mpg
| MD5 | 28cf61cfa90819d86bec37c5ddad1e2c |
| SHA1 | 99aed023d54537a399da818d0625a5b5f2d50635 |
| SHA256 | f7bb1df6a2f496f133d60f35764acc896529fcd94386d91d7a90be9aa2598116 |
| SHA512 | 75ecef8b6dbc9cdb133e921a381f6a01e18716fe61bb45136237ca4850d006193d42813f5793ae4f251440ce0c0382e522097aa2f1107d905731b483eb46ad09 |
C:\Users\Admin\Desktop\RepairCopy.3gpp
| MD5 | 961c57fc04fbc04dea213ecf2571a680 |
| SHA1 | 101619c670fda780932c645189d0c0113dc99e21 |
| SHA256 | c406ec794205692950efc03f970a0bed774f94ab6f8ccb83ac376add3efb7982 |
| SHA512 | df0732c79f4ba9be6b6b8e7f4184c4d2f0bc2d85f100b18ae687e651a3a0ae3fe4ec5b675be53942638fe648826ec958011d885a2a67e7bca823154f31ef91d6 |
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 5a32eb516e59ab42d2d014aa4a69418b |
| SHA1 | 6665d9942a65fb9b168345d00dbf7bac36284220 |
| SHA256 | c1dd003e476edcd5bc8bdcd4abe4f458fd4b7ed12a77a314c6b9d745e0de7917 |
| SHA512 | 48e224685b5f0cf02792b8aaf0c3b2c967e697ffb10238ae9d514eabc9ddc6952238b543a0d8f1ebd39091a3a65af47ff831aa3d71b08e6311de0954d861e0c3 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | a62f85ded507d9e3b6201ce2026832d2 |
| SHA1 | e56e290431ab577db73c9d92da8463c765ed274c |
| SHA256 | 97cf7e3b3e9ba6f2606cea6f879576497b96224eebbc9506906f6507f91650e0 |
| SHA512 | 387b648828c1619ec2063ba14df67b3197b382e9139b75cf05919301f1a3742c84c72cb39679f3cf41f604811ee87947f3c18ece47230b01fa41e3bd82b96987 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 6f7965131b5e962a9635819f96160aa1 |
| SHA1 | aa2a5ec1bb2339db835982980aaa5373be687359 |
| SHA256 | e7f9942bdf76a6e7c4c4b1b5ad49ab1b8f597a2a00dbd0661cf1f87facecbea4 |
| SHA512 | 7b9f49699eb98382256c6585ab8a00faa567c5d9abdd1f9c7869716a5081a6ef7c49b527451be05f1c05586a861cfb983b869d055341b780d5890b7389dcace2 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 5f1a76469bee19a9bb1104ae60bf2754 |
| SHA1 | 6c18f54f99771b7210c6c6fcdab1fd7ac2db1cc2 |
| SHA256 | 293beef9b87f853dce2cbb18136b323e5b48f858b0dd572941b1d69b1ead27a5 |
| SHA512 | 24644267ad772b0fbfb79fca07bd1deab976fb99358c1ed44ee4854c559fe4b7e6a8907cf1e319217c343cb2783b0c542e2a4a3d02d4f27ebe8c1db14f2a60c9 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | f56cf980a91e2452042aa10e2ac5c6c3 |
| SHA1 | e5d009b4454f1ef8c0752e42b52e8b667c6ea775 |
| SHA256 | cd9bd53dba03846a5575673fd79633a0903997e84d30beabe416cbb32ac627d1 |
| SHA512 | 65e0de31770f03f0b5716d25864fe4bdb3d762a3460912ee49611db30e4818c573daf6c9ba5a37b23511f28da8a2da208de82c2c7ef798f4dec26b50c2c23e4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
| MD5 | d9a49a7d6d5ca840cf0f0e937007e278 |
| SHA1 | 90197e483cc1bf8970cb6012997b1968f43d8e78 |
| SHA256 | 183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876 |
| SHA512 | 142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 757f9692a70d6d6f226ba652bbcffe53 |
| SHA1 | 771e76fc92d2bf676b3c8e3459ab1a2a1257ff5b |
| SHA256 | d0c09cff1833071e93cda9a4b8141a154dba5964db2c6d773ea98625860d13ad |
| SHA512 | 79580dd7eb264967e0f97d0676ba2fcf0c99943681cad40e657e8e246df1b956f6daeb4585c5913ca3a93fdfd768933730a9a97a9018efa33c829ab1dea7a150 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f336c9a9d3dcdd63fc913c81b430c4d2 |
| SHA1 | 2040ae92dea63aa79fa3da48078810dd6907807b |
| SHA256 | e65530bf480cf299628bdfce87af30d6ad06b49c9e2863e597c84973c8700274 |
| SHA512 | 94217a434b77d56e0d9c1783ab325cb32a9eb82a6e6bb395e550a343d94e5224cbac4d3aedb6e0d6e0676de21099dfcaade2ce621a848da7d407b35673799cd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | f89fb01e4dce3eed679ea8df8d3df78c |
| SHA1 | f970a9557ad72059e7521a58084903c8841c7793 |
| SHA256 | 4577694d0528113fb9a27182995e88ee120b6289510513fceeacbc76675b12fe |
| SHA512 | 0e69350bac9e34ba8d920cc529f2d5c27be96bc06481a579adbc14ff5acf05a1daac7ca5cb485e3db019fc44a3daa5f5e115eaadd35ff745c9a09ab4edc71a03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 6c5f9eb50d1976f882e5077539768a1e |
| SHA1 | 918df68894630bc808ff2791acc9345fdb972fc6 |
| SHA256 | 75cd3d41761fa8465b26e725bfc11723617f656a9a413fa7070e6c1ac4fa6bcf |
| SHA512 | 0bd9c9e4d0634d9475fa0777d47db48dcf544589d68a7cd9e034d4acc7f2e9c96605741c4378a22265a591f0289e1dcced39e696ff62f371ff6d29c2d84d9ad2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | b273f2a8fc48e04abe7e78e3d87c01f3 |
| SHA1 | 3b5b15fdaff30adf7f4dd5822f18b362d97125b7 |
| SHA256 | 77aea92571cdb11f354e5bddfe08b93c1b160074487ee717efa0ea7d5da76326 |
| SHA512 | 15ed906d7bbe3bdcd9be1129ab5f5da96157d7dd680a87c3a87a8a0ceebf3fc263374a9ab519d66255cd8389f426ce82ac3434164193091d6ded6ed543d29578 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | 0e72763a7cfa19d446515943ba162f8f |
| SHA1 | 0b17302d457bb90f27e33fa5c93ddd206d2e0169 |
| SHA256 | 8c646a1ea8ad0a00ba76a47d7f5552ae4e5b834317cdeb7a41c80da7e3f21556 |
| SHA512 | b325c0639530a490169f078dafa9c5e53766ccf0a9216771ae90491e58e3d2fd405ad972cae6d19acc3caa28304b54aa538af0cb33984524dbff2fd98bf410ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 838a14dfed4142e4a34a1c3dbbc974af |
| SHA1 | 3367f9557ec81a438b58217fa7d10c7e79ee6da5 |
| SHA256 | 037856e656155db1ce5d9940024d15fa430ec070998f3760ac19be2138b65b58 |
| SHA512 | bc1ca3a9f17eded0812a3a6c7d97f45a2ba2bee9366d204aa7416a010e8c46e0118b6032953e71fe09acf26318635ad54bd85c78eb9778fc698764eb428ab011 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363782232116785
| MD5 | 05d5b746229b1c1eddde99bded4b9f8d |
| SHA1 | 594cef4a83e28b385d5622d09bcb4c4a50642c81 |
| SHA256 | 9602983f78795c1a61ae7ee86740ee0ae8d70400b848483ff69399d3a1548d13 |
| SHA512 | 8ed07d4bd9ae5a8af95ad8c0cfc10e157820ceac78f18246730b3f4b47ef9311b97906067729b4c1aad21f7b7e71c3a3111f986915a76388875634d2a13aaf5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 009b9a2ee7afbf6dd0b9617fc8f8ecba |
| SHA1 | c97ed0652e731fc412e3b7bdfca2994b7cc206a7 |
| SHA256 | de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915 |
| SHA512 | 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 7ea4ccf2cc85c4b904f6d432e1856eb4 |
| SHA1 | f245525c1a6759da04d7aee5b6594c6e111169af |
| SHA256 | 2192e0ba004a4fa5cd2a7ac262c5ab7d75a7172991ca5e85b175f814394c5d3d |
| SHA512 | 482c832069f0990afcc06b12ac35ea2943dd9bb62f2d11cd986a73b10c6236b81fa6dc53eef1d5d9d40788f52b5d94e7ac741c2630158ac68cc50a539b2f9d78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | e186950c5b19ad8c9a6baa5f9664b705 |
| SHA1 | 1b96f964bbd17018b73a8911b46f7d2861dbe7fd |
| SHA256 | 2684283d7385a0aaadd0917b202cba87029a8383e2df5a42ce81a248cd64e3eb |
| SHA512 | 7ed2671b53c70c482c25771e8588eeb6e692fa84a5f3aa37347b430c5d9ca0cccc10ba98148312fc22d9e09c411577beef58246bd5464e5ff8b12342088c4e08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f48fd399664aca060c4f13ea718cb929 |
| SHA1 | 91d6a55e87454ad976195aebf4e51f4c729e7242 |
| SHA256 | 1b45e0da0b48c77f37a4ca50f7f4c524ff741f10c2de2921e74afd38bfa85142 |
| SHA512 | 65a09994a0a333d1f0ce648a3e40c8edae6241f9f39e3f0fc7c8dfcd03e9b2928d93c2e64c0b9bf79ced205b2913cccda59de6b1ad1dd835f6b5336ec189ba94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b931827565676555a475eec77b1754fd |
| SHA1 | e39bbcbe6791b81503634c5338a4defb09d5c38a |
| SHA256 | c286d8a8189295de32cd7e4cb5bc7d5b051d0eaa9c00619dfcbb53520d355b0d |
| SHA512 | c566d0f1102ea7ab73e4067801f3fc6d7eafc4204ca6246d3698b06c1b2ec4fba72a29cab0c00b116b01ff2f899ad5cc71089c2849f2e388ea8ff3d8f43eb1df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7b86e6c98277b7635098cb39382da2f3 |
| SHA1 | e34ed8cf0e654fbe2db22759cafc534599aa7b01 |
| SHA256 | 92eb28ed95bc7db10eb86f7701cbe260bab8113cc38a9a7fc93417820ba0feb9 |
| SHA512 | 39f4785ca1fdf936c0042403f5db1b293edbdd7e282ed8435786f351b86257bc9c6005ba291a9d8c795258f5a5b9d32afb22b3f55f9c42c3449a9c7638be9dfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b988c90d2ed8a3233b791caca0858e28 |
| SHA1 | ce7545e4c5111dcf85c776be9157bc3e59bf8312 |
| SHA256 | dd730509bc8ed119d38d823278208e4f30a463f8d4c96dfbe6deb80dae12130e |
| SHA512 | 37a7385e3f09b6bfd9ec39c3d73cd2c384c650a4fa474b012c4213003b97084931777a7cf0eb88d7be8d442c9282b607d18f123d68b8199586635a7c0290420d |
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:46
Platform
android-33-x64-arm64-20240624-en
Max time kernel
438s
Max time network
459s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 142.250.187.238:80 | google.com | tcp |
| GB | 142.250.187.238:80 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| GB | 216.58.204.78:443 | apis.google.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 172.217.169.10:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.228:443 | udp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| GB | 216.58.201.99:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.180.4:443 | udp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 216.58.213.6:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| GB | 216.58.212.206:443 | tcp | |
| US | 216.239.32.36:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 216.58.213.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 172.217.169.1:443 | tcp | |
| GB | 142.250.180.4:443 | udp | |
| GB | 142.250.180.4:443 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.4:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | region1.app-measurement.com | udp |
| US | 216.239.34.36:443 | region1.app-measurement.com | tcp |
Files
files/dom-0.html
| MD5 | c80631967498a8c4cc94bcd3b056d04f |
| SHA1 | 3a306ff7fbaf590fa56747c3a1a82284631e6a83 |
| SHA256 | 5fafe74cf60165fc358e96586a0254df65a5397a6e648d653911e6aaeabaf985 |
| SHA512 | a78b84bc855671ae7eed31b0a99156fd8955fb289be9644aa7e7005ddcc2673d2f61d481c6e5be4577337044aae099efb3164a4238e47c899f1cb892c2bc7d6f |
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:38
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:57
Platform
android-x86-arm-20240624-en
Max time kernel
375s
Max time network
1109s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 142.250.187.206:80 | google.com | tcp |
| GB | 142.250.187.206:80 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| GB | 142.250.200.46:443 | consent.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 142.250.180.3:80 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 172.217.169.34:443 | tcp | |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| GB | 142.250.200.42:443 | semanticlocation-pa.googleapis.com | tcp |
| GB | 142.250.200.3:443 | tcp | |
| GB | 142.250.200.3:443 | tcp | |
| GB | 142.250.179.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
Files
files/dom-0.html
| MD5 | dd6824e8b9c056211eb990dc5a4b1f23 |
| SHA1 | e6e3af417a45e75274517e06c23cf501d890201f |
| SHA256 | 21930e319bf9d191ab42efb16e54ba19c2b8a3b64b79d0a2d856e7c9e8d0f036 |
| SHA512 | 77376585626e6a0c70171df7f2f0cb453e6e0d7c01731ef54485c440dcccb83853e114d06e5ebe9ac046abdb1e5a34f60503954b05c5c773fe60eab8f5e3ae1e |
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
macos-20240611-en
Max time kernel
1595s
Max time network
1702s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pluginkit.pkd]
/usr/libexec/pkd
[/usr/libexec/pkd]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window http://google.com]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sandboxd]
/usr/libexec/sandboxd
[/usr/libexec/sandboxd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=26]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreLocationAgent]
/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent
[/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=26]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=306146429 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=61]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=306194760 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=61]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ViewBridgeAuxiliary]
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=310523507 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=72]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=310716155 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=64]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=310761696 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=75]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=311320067 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=64]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=93]
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --system]
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=96]
/usr/libexec/xpcproxy
[xpcproxy com.apple.bsd.dirhelper]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=108]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=111]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater2E18A62F/OneDrive.app]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=331232497 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=114]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=20 --launch-time-ticks=334905909 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=122]
/usr/libexec/xpcproxy
[xpcproxy com.apple.suggestd]
/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd
[/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/suggestd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.knowledge-agent]
/usr/libexec/knowledge-agent
[/usr/libexec/knowledge-agent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.PerformanceAnalysis.animationperfd]
/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd
[/System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/XPCServices/com.apple.PerformanceAnalysis.animationperfd.xpc/Contents/MacOS/com.apple.PerformanceAnalysis.animationperfd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=28]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=28]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=32]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=32]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=30]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=32]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=32]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=32]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=31]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=32]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7747584569159228744,1230028493737718766,131072 --seatbelt-client=32]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountPolicyHelper]
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CalendarNotification.CalNCService 331]
/System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService
[/System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.rtcreportingd]
/usr/libexec/rtcreportingd
[/usr/libexec/rtcreportingd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.adid]
/System/Library/PrivateFrameworks/CoreADI.framework/adid
[/System/Library/PrivateFrameworks/CoreADI.framework/adid]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.6:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| GB | 172.217.169.42:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 172.217.169.42:443 | optimizationguide-pa.googleapis.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | bag-cdn.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 104.77.118.129:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| US | 23.219.244.63:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| US | 184.26.189.174:443 | help.apple.com | tcp |
| US | 184.26.189.174:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
| US | 8.8.8.8:53 | gspe35-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.77.204:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| GB | 17.57.146.13:5223 | tcp | |
| US | 8.8.8.8:53 | 12-courier.push.apple.com | udp |
| GB | 17.57.146.8:5223 | 12-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | pancake.cdn-apple.com.akadns.net | udp |
Files
/Users/run/Library/Keychains/login.keychain-db
| MD5 | b242e35be6507f32087d11cdb4eb3d60 |
| SHA1 | 0cb27f73e49b920a0f58ba8f0b98cb27637768e2 |
| SHA256 | 04b5590073582eefa127fa768cfb3187c7946d5e53a6e848f941382b76a9f669 |
| SHA512 | de1ef0a1f6695947ec39818db31b661271ed0c636a90f98b47bba00fd58b2ca8c381c10af62ff807c22acf1c867a713f89b3e312cafcce0a5677c9116aeeca96 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 6b56fe22ffeffd1900346ee5d4fe4676 |
| SHA1 | 86fae5884a2b1b0cd208a791b4417175fd36e496 |
| SHA256 | 2e93fef751b201c911ff3d80d17b12d49862d1a30812e813cbafb12707a1a8d5 |
| SHA512 | 82d6be0ee0dcf2720916138c0723a6b0685061d14f8b02dceabe246f843a6067a7f12d541fbdd8f2ef814b500d0e7a4f69368c47449a15ef300e42c097ed7246 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 2e9ba0db0a824573a3de0225b75830d3 |
| SHA1 | ebd759bbf90feb2598c8018ca81d476762330486 |
| SHA256 | b071a9af6c689cbff16bb317fd32b28ad2a04de7e16ed96face9c4e122ad408b |
| SHA512 | e73181be264d39f5af11b352ab9744e676ace1d121c634f481592ac8d709a3a5048c92576baeb884d09ab51205d5426166b677ccc35801fd079e5d4d7ad6b142 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 96e80a3cbf15d8ac15961075909fcb2d |
| SHA1 | b5845e8994a065f018e64580b2547321df571ddc |
| SHA256 | 904cc92e3346558d593a4a89753a845b78e186609c2d6ad086eae52e8a0e1b6c |
| SHA512 | 6f51b4f4e9e58ca1e8767c3799cd27a4a305ed25ed5a5781e5ab8ca266dc50a6c7d3ec3f87f12e7eff046702ebc5b74550611c923fb757ea7834a170500bd95f |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 05d6c1b6145fc56e60a322b982902224 |
| SHA1 | 5e4192fa56f4d148a76f071e01ec61b8e0b62e07 |
| SHA256 | 0aa3a06d46c728aaaea445e82e9e2693a523e959e4b7d8351e5e2970928e825c |
| SHA512 | 7575d390c4b66e370cf6cc0819111956f7ba1a717f0df001d28b7f21503248cee51cc0b3d8d8873a9d900507ecdc26e74b7a7d8da4580bb019bab36dc280edf7 |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | ad7af0a00119ff4d48e9ec4427c51ffa |
| SHA1 | d732b021a1c63288a8c1394e41d184aaf29110f0 |
| SHA256 | 273bd9f1bb11e7aaea89d3e310244be7f6d3ff9fdb763d7c1e64fd1d36676243 |
| SHA512 | 1dffe4f7b82ea44808cbb5f32818cebcc063f396642e058907788c8b4b912770ad797c18179d099024f161c63bca7dfb0d43b1aa4ad37717354a920ad5f0cf27 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.3zLKjc
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir42tacP/CRX_INSTALL/manifest.json
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir42tacP/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir42tacP/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/Unconfirmed 83880.crdownload
| MD5 | ca448426c273292a3173a73ea9fc2bfa |
| SHA1 | 43c6d55db0f642891350b281c1ace613134685f9 |
| SHA256 | 0e8fa65848a09eaee4675fb2954c386294396740ea89fe87097f730b15ca495d |
| SHA512 | 27e076a59f770cb79cae38da48273a0f8758f131b5736dca793b1f01a2af0317b4f19df19874daa100b9ad3cbb8620fd08d752bd08a9db206e82115a83aff631 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/1b470bc1-77f2-442b-940d-2087a621e018
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/c137c4d7-781a-4903-92cd-597a8ef69f2d/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 9ba2ec87f1f37ce8d6ea01c730b48a9f |
| SHA1 | c95bdbf2576c8cd8fcada7cd0b6817a403d80f32 |
| SHA256 | e47bf1d8bc39a89374f0ef12d91488fb23010c1f3db98cacc7c9268d2d7d8ca4 |
| SHA512 | 25adb73ae85f0815841ecbaf06840350518e9e9fc9bd0b88e1ae66582890730406f992c7227fa9910ad44c6d8f5807020e2795aec909ec8c164e55eb71c84908 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.u2SzGZ/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.6YnmqU/lmelglejhemejginpboagddgdfbepgmp_453_all_ZZ_mkjuqf56fedszid3zk4gd42uyy.crx3
| MD5 | 4aa8b9b1ac1d935ee36574ca6fe2af27 |
| SHA1 | a158b85a764a7efef5be6a7c0fc7d2ce2735b23c |
| SHA256 | 5ae071feec82fce5632afc7406519c721e8d34d309b12a7332392c81b03cfedf |
| SHA512 | 4ada26fc0afbf9fe079bca4344677d460fb3796e2d685d320d186c7c0428cd725b761a6eb6552a9c8ac67a6bed5f6eac8c7bef27f178fd85ab7f25f97dceb429 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.oZHmJI/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3
| MD5 | ba0c44cdcbb9f1a8b1b2cbed95346caa |
| SHA1 | c9a5e9df64b46db7bf44b091da1c5553137bff55 |
| SHA256 | 3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948 |
| SHA512 | 61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ntryzd/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 39fbc1bf4c6c8f919181e3e72630f974 |
| SHA1 | b73f2394a2c1ac341df75ba63eef4e5e9830fade |
| SHA256 | 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96 |
| SHA512 | 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.pj85jk/hfnkpimlhhgieaddgfemjhofmfblmnib_8877_all_e3cy4kwznxb2fmzpcci6cl5c7q.crx3
| MD5 | 0bb6ce03be341ef8d9f04b75829ac9bb |
| SHA1 | 4506407be75b5df1db8ae1011dbcbcdd1acc8b7b |
| SHA256 | 9acaa3916c1be2d24cb505930eae93a7aba6a0ae956804ca72701253b61bee98 |
| SHA512 | 2c6035d6e1e71a39a7cbb6031bc613852a9ab64451df66e109cb2c90ab10e8fc5968b6c7280ecf9c3a4b35f979bfd0450b44f628c4cd378a64980a1303f1d2e8 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.3sHwtZ/jflookgnkcckhobaglndicnbbgbonegd_3033_all_jk2jdznzkogtplyei4c66klhpm.crx3
| MD5 | 65d941790da74ea39b89e675d7105ca3 |
| SHA1 | 9bbfa8c3c5b37dcb334f951f584b8c105abe7e68 |
| SHA256 | 2e871143703b862fcdf558b45cfe02a93a2cb74518b30f4c1e0f07753b0823b8 |
| SHA512 | 6ec08a25eba3b1d1947a26eb2bbbf772a0603261c78a3c9e94cfffdf6cc2ea8a8e4932996a4461b92891b6589c48ae0ac530643d34a91bb9fd43919bbde7375d |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.CGlU1W/eeigpngbgcognadeebkilcpcaedhellh_2024.06.05.140657_all_ccj7nw5iotmqmvpbhiiji4wfca.crx3
| MD5 | 0b1bbd3a85c6b5b46ff609b906632114 |
| SHA1 | 305db6992df90fc483d44991fd9e98e43715ccde |
| SHA256 | 26c197ab0b2bd999fd5c8b5932e5700a083febf68e6d35f56b2473d6858a02cd |
| SHA512 | 1953eb559161500e8ab1a5aa3738dde247f0682cb632cf0304167c6dd82fa12a08dc971da337c272a4f0945d299331c5f0aa55edbc0479df2354c4d4a365ddd8 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.yqN9iU/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
| MD5 | 49ead9b7d2b2ec477daba795de846db0 |
| SHA1 | 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc |
| SHA256 | 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a |
| SHA512 | 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.D0vYXl/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 0fa505d26fd906c645e60aa05f12af36 |
| SHA1 | ecb1def63dba6d475dcd61c4d3a6938855e6f24a |
| SHA256 | 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2 |
| SHA512 | 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00 |
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.QjpH49/obedbbhbpmojnkanicioggnmelmoomoc_20240429.634529504.14_all_ENGB500000_drh7pqj4o7a7karn7sdqrnqyte.crx3
| MD5 | 3e6d6a61cc262006521d4cdacd51650e |
| SHA1 | f02ed95b7684766bea947be2035d2078bc8e4f82 |
| SHA256 | c9be68fb5ec359ee369c324d2d1a259b7dd9c100a8d1064e887f6311e6d63d75 |
| SHA512 | e84ed2b159664502bcaa8d2277e6972ad936f7817eec4b5bb3538c98a022d70b1d82b0ee950f613fa4a6f1de9e2127485573fdea8643edcbdb225958ed75218c |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.4Fyd9B/7_all_sslErrorAssistant.crx3
| MD5 | 636c653ec2c30bb767533901a18669b2 |
| SHA1 | 4b5a01cfea4c5deb62f3aafa01ef24265613b844 |
| SHA256 | 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a |
| SHA512 | a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.9IqKhL/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Q6wW9f/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
| MD5 | 667e9eec04509aa9e2b318f580addd8c |
| SHA1 | 346267ecad10c54de52a3aeb766ea72449500326 |
| SHA256 | 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f |
| SHA512 | a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Qwrba1/efniojlnjndmcbiieegkicadnoecjjef_994_all_acbytyjxuxfg4o2hqini3r3rzmkq.crx3
| MD5 | 6d5b11c9b75f5d5075d8226c04eadf76 |
| SHA1 | a707607aa30bd41a259aa4fc95cfd5752a53df21 |
| SHA256 | 5a8a63d8fc13d6e93d8523c182e0e5ef0159b8271c3085098981a07f180770d1 |
| SHA512 | 142e1067b8a47f5dbf948bf3b4df0aecf750e16b385c8a7b0690ccd62c303828f517577c44452fd2d523567dc28f014491e62484ab0e9314b4be4cd0f6a54ab3 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ZnTvqj/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
| MD5 | a40c655b337e082c76b6ab04042b7ae0 |
| SHA1 | 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8 |
| SHA256 | 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff |
| SHA512 | fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.iCgZX6/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
| MD5 | 91e1255f92fc76b16509bbd174a992b5 |
| SHA1 | 44cbc6b7b60470149850d375f2e2ae95cf1c012b |
| SHA256 | 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744 |
| SHA512 | ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.WfoiqZ/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 91a8d56c19e60520cf00b78a506b87f0 |
| SHA1 | a794be44a680983ac0f87b1faedf064a65016623 |
| SHA256 | b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29 |
| SHA512 | efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.tRmEHC/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.06.20.00_all_f3og7hwihwqa4rmuwuovfkp43e.crx3
| MD5 | bb92631c710b680ea035d36b1bc4f744 |
| SHA1 | 8daed7513022b3bdee8a917c4f1d259b6d58127c |
| SHA256 | 16784ce19d23309b8ffa9cd4816d024aa17bc230b8fb12b5e4744e351a690be4 |
| SHA512 | 98071bb25a8109316d4529a70f16f083b999fd4c3568c150f3246b923409588ce8c020c0c4b738cead3218376992879e5f5aa6696fd9c72046c0e3d359030a66 |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | a493efbff0839a971444b18b301bff11 |
| SHA1 | bb44e932727a1c7dda7337eacb1bb604f7fcc61e |
| SHA256 | af1d87ef8ee35c624072029a52ce74aeaedf29b1174639493b1bbcec7ea20069 |
| SHA512 | 3778a0227d923fd641922eab2ffcd52be3c21bd7144cac1a2408560963b449ef60e055b061c4a8a3d9eb2f5251d768983ef604f62a711b632e5b6e975b159c24 |
/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-25-09-59-26.event
| MD5 | 9aa7ef5e0beecdeff2ea1c87456ec0f6 |
| SHA1 | e03fbf87f3a1fb428945870bf85c23759d9362ab |
| SHA256 | 0dd7d2d285e94f590b396dbe008d62581830a23d84069500ad6ac2ddc71e2d41 |
| SHA512 | df1c2a663651b18cfd62d7f1fe61a5ce2c8fb9579c652c37d80b2a3200bcf028ae52d836b57c1c34d2d1099318a76d29ed9a4dde6f97326c2e440d59b6e38d9c |
/var/db/fpsd/adi/adi.pb
| MD5 | 491b343500a6e9d566b3ec161961cf78 |
| SHA1 | a9f6b7160b1255b6b5b18b720a9ac6ee180671ee |
| SHA256 | 521ac81d7ae55d4226e2ae5500dad968e5c812255053104a2ec7897d56370564 |
| SHA512 | bcfc68fb17fe5d018d42b2176d40d136059a963e3af85b766f4608b58828b8074d2fbe5f92d39948107601812c193de26f245ddbdb626e9e7a8bf98188d41480 |
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
macos-20240611-en
Max time kernel
1319s
Max time network
1700s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://google.com]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window http://google.com]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=21]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreLocationAgent]
/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent
[/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=28]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=291268086 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=60]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=291313175 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=60]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ViewBridgeAuxiliary]
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=296213559 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=75]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=296355618 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=79]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=296361034 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=79]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=296556649 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=79]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=94]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=100]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=104]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=308419260 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=20 --launch-time-ticks=313806585 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=126]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=71]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,4562911735846932288,10215736992081075651,131072 --seatbelt-client=121]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountPolicyHelper]
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.rtcreportingd]
/usr/libexec/rtcreportingd
[/usr/libexec/rtcreportingd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CalendarNotification.CalNCService 312]
/System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService
[/System/Library/PrivateFrameworks/CalendarNotification.framework/Versions/A/XPCServices/CalNCService.xpc/Contents/MacOS/CalNCService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.assistantd]
/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd
[/System/Library/PrivateFrameworks/AssistantServices.framework/Versions/A/Support/assistantd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.icloud.findmydeviced]
/usr/libexec/findmydeviced
[/usr/libexec/findmydeviced]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
Network
| Country | Destination | Domain | Proto |
| GB | 51.132.193.104:443 | tcp | |
| GB | 17.250.81.67:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.180.10:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.17:443 | tcp | |
| GB | 142.250.180.10:443 | optimizationguide-pa.googleapis.com | tcp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.77.118.121:443 | tcp | |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| US | 2.19.252.139:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| BE | 2.17.107.201:443 | a479.dscg4.akamai.net | tcp |
| BE | 2.17.107.201:443 | a479.dscg4.akamai.net | tcp |
| BE | 2.17.107.201:443 | a479.dscg4.akamai.net | tcp |
| BE | 2.17.107.201:443 | a479.dscg4.akamai.net | tcp |
| BE | 2.17.107.201:443 | a479.dscg4.akamai.net | tcp |
| BE | 2.17.107.201:443 | a479.dscg4.akamai.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| US | 23.219.244.63:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| US | 184.26.189.174:443 | help.apple.com | tcp |
| US | 184.26.189.174:443 | help.apple.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 17.57.146.7:5223 | tcp | |
| US | 8.8.8.8:53 | 50-courier.push.apple.com | udp |
| GB | 17.57.146.152:5223 | 50-courier.push.apple.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| IE | 209.85.203.84:443 | accounts.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | gspe35-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gsp-ssl.ls.apple.com | udp |
| GB | 17.253.29.217:443 | gsp-ssl.ls.apple.com | tcp |
| US | 8.8.8.8:53 | ocsp.edge.digicert.com | udp |
| SE | 192.229.221.95:80 | ocsp.edge.digicert.com | tcp |
Files
/tmp/com.google.Keystone/.keystone_system_install_lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | cc99a2673ffe9f75d08dff8642c4aa8e |
| SHA1 | e69cabf7a9fff6471b6f7c4abf780fcfd914ae39 |
| SHA256 | 164a4fe97b368b68a46b9615ef8bc26599d41e259d1f3939c6f7e2c928598a41 |
| SHA512 | 64c80e80417938216b25ae5f5895557de0351b4bf29d9aefe85678be2cdc80fb3c33b22aed04d78cc170e556a4bd00c9227c65fa3add56c72c2e2953eb69685f |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | fcaf772d7eeceae292caf289a65269b5 |
| SHA1 | 361198f69cdf2b4c9383602a850308df030d0b6c |
| SHA256 | dfb82b0f5f76d3962d7e0ff074b110c02de441a78db69520f9441993009279c6 |
| SHA512 | d00de6af904400be9fc3d17414f4f9cb1a859b2c0346aa1cfe7a02c523a80825bb535166407353d87887f8129c67a26f672c1ad7c2068944b6d3e77cd13472f3 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | a28b601a7bf4e4e6f8b96302d6cddcb7 |
| SHA1 | e102840eb54a00f4d6afe189dc4d28a75e5fc177 |
| SHA256 | 4edd05cd0ebf65b640d298ea52578737a4eb44d5b22421f5027f7b71cfe1daa2 |
| SHA512 | 35d2a84b8510757a44a421e7003be1fc855c88f75c5f68eb969e28ee1e6d9aa800b626b0c81860ed665c9b826ffe15de21e2e650a3f64c056b383580fd82e8b9 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 0a116f2a711213ae3c94d9c85a20d89f |
| SHA1 | 8e56b68c7e544c9a6857cabb486e8210e341a163 |
| SHA256 | 88bedfd9eafd55a5fd38e58a927d102a80e62d461e45dc501f741b9ee9bec1fb |
| SHA512 | 8ceaf70fdc39baee0b8389e9b36b0067a08354735c93393d726c1483c60d074a352c66b9194e60113e632eee7fa2808c017dea533f54421244b785543de65ea9 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 0d9e02e3b802615e7af2eca658496c0e |
| SHA1 | 976cbcf024077e455e2fece157839e136d942312 |
| SHA256 | a262fcc8d7d5ba50ff93bbf350b3f81aeadb4f56fdc7717e40eed4ecee16d0e5 |
| SHA512 | c40db1fa0ab145c04727c00b443e1d3498ac68d99a3eb7def1eac3d3bbab126a32b7a3527452c1b4d390325310f2860945e246c14cb79fafb666cbe56514af37 |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | f2b71e8dcecaddda483ef5705eff877e |
| SHA1 | 2f9633e17013acac1df1e1f85bf8526c17f71b99 |
| SHA256 | a7ab5e7be93ffdd5e82477486b980cea7e12996a425d815f3257b24adf266c8f |
| SHA512 | eef8fd1f7e0107428aa2d2c7b9e1afab2cb83f7fd0aad04eb707c735110637a02d6987f9d84fb818378bb7a2c8e70d31ce624731e734aabd76e08d1eb99cf92e |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.voBRcN
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirEfh7XY/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirEfh7XY/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/1465bc8d-99d3-44c7-8030-89213f8e17c9
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/e281916d-4de5-4ab7-a80f-24f99678db45/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 17891985f5cc0f67e748bbe58580d70a |
| SHA1 | 50483fa173911c9765dcd2545811c3bb71400ab8 |
| SHA256 | a413c99502ad22d223061a6c5fab0ffe82314f9d61d7e56e8e967a03afa2e188 |
| SHA512 | dc8a72cfdb29862d5736df97e00f3df5fc3f64f792adbe04393557e28f2e2c7294bb42cf451c9f43942752f56964e85eb9a328e6a788b4ccbef4b2829c1cec98 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a6ed424e1135465fac072dc8c30be6a0 |
| SHA1 | 8cb5811cfe6611074f7e01b8b9a533aa7bed4432 |
| SHA256 | c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc |
| SHA512 | d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.CPBV8l/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.KLwODU/obedbbhbpmojnkanicioggnmelmoomoc_20240429.634529504.14_all_ENGB500000_drh7pqj4o7a7karn7sdqrnqyte.crx3
| MD5 | 3e6d6a61cc262006521d4cdacd51650e |
| SHA1 | f02ed95b7684766bea947be2035d2078bc8e4f82 |
| SHA256 | c9be68fb5ec359ee369c324d2d1a259b7dd9c100a8d1064e887f6311e6d63d75 |
| SHA512 | e84ed2b159664502bcaa8d2277e6972ad936f7817eec4b5bb3538c98a022d70b1d82b0ee950f613fa4a6f1de9e2127485573fdea8643edcbdb225958ed75218c |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.3tgWw0/lmelglejhemejginpboagddgdfbepgmp_453_all_ZZ_mkjuqf56fedszid3zk4gd42uyy.crx3
| MD5 | 4aa8b9b1ac1d935ee36574ca6fe2af27 |
| SHA1 | a158b85a764a7efef5be6a7c0fc7d2ce2735b23c |
| SHA256 | 5ae071feec82fce5632afc7406519c721e8d34d309b12a7332392c81b03cfedf |
| SHA512 | 4ada26fc0afbf9fe079bca4344677d460fb3796e2d685d320d186c7c0428cd725b761a6eb6552a9c8ac67a6bed5f6eac8c7bef27f178fd85ab7f25f97dceb429 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.jJ78eR/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 39fbc1bf4c6c8f919181e3e72630f974 |
| SHA1 | b73f2394a2c1ac341df75ba63eef4e5e9830fade |
| SHA256 | 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96 |
| SHA512 | 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.O1Ouor/7_all_sslErrorAssistant.crx3
| MD5 | 636c653ec2c30bb767533901a18669b2 |
| SHA1 | 4b5a01cfea4c5deb62f3aafa01ef24265613b844 |
| SHA256 | 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a |
| SHA512 | a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.cwvTlT/khaoiebndkojlmppeemjhbpbandiljpe_66_mac_adbxmk3cir53o3v2f66pezkgcbjq.crx3
| MD5 | ba0c44cdcbb9f1a8b1b2cbed95346caa |
| SHA1 | c9a5e9df64b46db7bf44b091da1c5553137bff55 |
| SHA256 | 3658efbb825c2826d2c66de6fdfbdaaffdd1d053105eb7d547e34d3271a59948 |
| SHA512 | 61d9521200a86b583bff7ceafea793513ba34a5ae43309edabd9b19a52277752adcad1f0ddf5e33986511e75a2c9df0b13b9b520fed1d1ef8590644bd4483616 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.xjNT0p/jflookgnkcckhobaglndicnbbgbonegd_3033_all_jk2jdznzkogtplyei4c66klhpm.crx3
| MD5 | 65d941790da74ea39b89e675d7105ca3 |
| SHA1 | 9bbfa8c3c5b37dcb334f951f584b8c105abe7e68 |
| SHA256 | 2e871143703b862fcdf558b45cfe02a93a2cb74518b30f4c1e0f07753b0823b8 |
| SHA512 | 6ec08a25eba3b1d1947a26eb2bbbf772a0603261c78a3c9e94cfffdf6cc2ea8a8e4932996a4461b92891b6589c48ae0ac530643d34a91bb9fd43919bbde7375d |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Uo3you/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.vWuAgi/hfnkpimlhhgieaddgfemjhofmfblmnib_8877_all_e3cy4kwznxb2fmzpcci6cl5c7q.crx3
| MD5 | 0bb6ce03be341ef8d9f04b75829ac9bb |
| SHA1 | 4506407be75b5df1db8ae1011dbcbcdd1acc8b7b |
| SHA256 | 9acaa3916c1be2d24cb505930eae93a7aba6a0ae956804ca72701253b61bee98 |
| SHA512 | 2c6035d6e1e71a39a7cbb6031bc613852a9ab64451df66e109cb2c90ab10e8fc5968b6c7280ecf9c3a4b35f979bfd0450b44f628c4cd378a64980a1303f1d2e8 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.LW8bpA/eeigpngbgcognadeebkilcpcaedhellh_2024.06.05.140657_all_ccj7nw5iotmqmvpbhiiji4wfca.crx3
| MD5 | 0b1bbd3a85c6b5b46ff609b906632114 |
| SHA1 | 305db6992df90fc483d44991fd9e98e43715ccde |
| SHA256 | 26c197ab0b2bd999fd5c8b5932e5700a083febf68e6d35f56b2473d6858a02cd |
| SHA512 | 1953eb559161500e8ab1a5aa3738dde247f0682cb632cf0304167c6dd82fa12a08dc971da337c272a4f0945d299331c5f0aa55edbc0479df2354c4d4a365ddd8 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.d4h3Hd/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
| MD5 | 49ead9b7d2b2ec477daba795de846db0 |
| SHA1 | 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc |
| SHA256 | 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a |
| SHA512 | 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.hRnpUK/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 0fa505d26fd906c645e60aa05f12af36 |
| SHA1 | ecb1def63dba6d475dcd61c4d3a6938855e6f24a |
| SHA256 | 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2 |
| SHA512 | 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00 |
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.zjZlO5/efniojlnjndmcbiieegkicadnoecjjef_994_all_acbytyjxuxfg4o2hqini3r3rzmkq.crx3
| MD5 | 6d5b11c9b75f5d5075d8226c04eadf76 |
| SHA1 | a707607aa30bd41a259aa4fc95cfd5752a53df21 |
| SHA256 | 5a8a63d8fc13d6e93d8523c182e0e5ef0159b8271c3085098981a07f180770d1 |
| SHA512 | 142e1067b8a47f5dbf948bf3b4df0aecf750e16b385c8a7b0690ccd62c303828f517577c44452fd2d523567dc28f014491e62484ab0e9314b4be4cd0f6a54ab3 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.HQzfBz/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
| MD5 | 667e9eec04509aa9e2b318f580addd8c |
| SHA1 | 346267ecad10c54de52a3aeb766ea72449500326 |
| SHA256 | 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f |
| SHA512 | a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.v6R27N/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
| MD5 | a40c655b337e082c76b6ab04042b7ae0 |
| SHA1 | 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8 |
| SHA256 | 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff |
| SHA512 | fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.tZ1sxy/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
| MD5 | 91e1255f92fc76b16509bbd174a992b5 |
| SHA1 | 44cbc6b7b60470149850d375f2e2ae95cf1c012b |
| SHA256 | 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744 |
| SHA512 | ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.BZP5PL/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 91a8d56c19e60520cf00b78a506b87f0 |
| SHA1 | a794be44a680983ac0f87b1faedf064a65016623 |
| SHA256 | b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29 |
| SHA512 | efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.bRPOGA/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.06.20.00_all_f3og7hwihwqa4rmuwuovfkp43e.crx3
| MD5 | bb92631c710b680ea035d36b1bc4f744 |
| SHA1 | 8daed7513022b3bdee8a917c4f1d259b6d58127c |
| SHA256 | 16784ce19d23309b8ffa9cd4816d024aa17bc230b8fb12b5e4744e351a690be4 |
| SHA512 | 98071bb25a8109316d4529a70f16f083b999fd4c3568c150f3246b923409588ce8c020c0c4b738cead3218376992879e5f5aa6696fd9c72046c0e3d359030a66 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 54ac2dfc3277cc71d095814696c9d295 |
| SHA1 | 8f0d1dfbdff79cd6d57bc961c6c3fd097ba48893 |
| SHA256 | c538c601d32e3052f7b1abeba70b33930f59b71d07abeb63578e4340334fc4da |
| SHA512 | 9c6feb5711798bb03f566cfdce44150d28e9ac7cf6b6668aef9e9293b367b91a00d69db06d07198a7e2e3c8ba161ef2238e143bea6b1957cc9298ce8e9e7009b |
/var/root/Library/Caches/rtcreportingd/events/NRM_Events_2024-06-25-09-58-38.event
| MD5 | 4fe0c81d3cf64f8c2767edee08178fe3 |
| SHA1 | caacf0b44482ea2c703859ad3f9b4ca208fe4ed1 |
| SHA256 | fceaae694206ffc076c78d48c597ea8f08d6a4abbdc6787affe94ca00413c431 |
| SHA512 | d4214a5bebf1e858a07f7c47692fc91a83bf58f86de6ed11fac4a630532b7752d73e8bb90d81d10ba7539fd9adffeb9007f3fb515ce006e910dbd6947141a898 |
/Users/run/Library/Caches/GeoServices/Experiments.pbd
| MD5 | 4fe17082455b758156c990a832c3c7c3 |
| SHA1 | 7b0eb4ae116d80c48b59adc4db40f6b051929c56 |
| SHA256 | 0bb0a7f267896f0ea4f99bdd52df2b096a771ba500b7f924f4246afcbe81c343 |
| SHA512 | 89157bf8acd0100bf85efedc42284f6060f1aed17acdab3b1ebc0b76da85074b4781fc101a8b4d1d57d1c86b5b38547ce9d897ae7662373d430c8180ec9c7ddf |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | acc034e41bbb7f6699f9d64cd18f941f |
| SHA1 | a6af37ad1510e829f2a66c496ef789e379d7623b |
| SHA256 | 71f83a7b6e90de99fa6f536d3ce4ffe258c7acaf5af5e1af769f55fa76731941 |
| SHA512 | 996b569305ec5246d2d2638dc0b0ddfd6cd783b80a4c3bd45e258d19c548e79fe3bc87da9257f77b4d7bceecca6122edbb6fbce5b6c4fee26eee8f34e9ac574e |
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:38
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
win10-20240404-en
Max time kernel
1799s
Max time network
1684s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637819075330892" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
| N/A | N/A | C:\Windows\system32\mspaint.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd6b39758,0x7fffd6b39768,0x7fffd6b39778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2624 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2632 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3136 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4604 --field-trial-handle=1776,i,5549691962804605942,13891850366540048605,131072 /prefetch:2
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ClearEnable.emf"
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
Files
\??\pipe\crashpad_4676_EIKZSNMBDPQUPERF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fe51a03a73e2d63409660af68f773637 |
| SHA1 | 7d24d36c7dcff79501a1a763b317087675f1cbbd |
| SHA256 | b182b9c847bdf46347421b6ad4189b3d45b6b5e31c63692592d3cea40c31c0a6 |
| SHA512 | 1f4d7c84a6568d8b1fe154dc6f490bfcb20477652ac24de33da3d1a780aee7cd81511fc4283af08ccc72af130d907b2a26d5df7e37b79823a74220498b0d6e73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 907ae423d8cf555b9c8a4e3792a79e9c |
| SHA1 | ba41b5c6ccde26f8a9cc6e53a5a3d08eadddb630 |
| SHA256 | 989dabf655c3db81ab6259d1e269c3f537ed0743cadd274b1c1cd5698748c2aa |
| SHA512 | 36cc4309dc3dc82d88664e3ad1ef270167b118730d2fb8832ba5e763a329d107c058e603d3e138ab0908ada1ab6e512fa281bbbf5a88b9de267243457384f425 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 34f7c650319b56b69734651b55869164 |
| SHA1 | a22324a1fc961ed641b3bffbf02d7af836d525b0 |
| SHA256 | 725fb732dafd62f720780fd9e3d26fde0329f0d5891218c0df8c3e9adcb83d55 |
| SHA512 | 1da0523c5cf509ab6d222ed2c588e6010e9ef9ecff6be24e528788a146a038aadcd12d75f7e284a326eb861e61c6552310c0b5a52047c3212e24bf6515214e8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ec3cc82112f1e577c69d24b2e151b3a9 |
| SHA1 | 0ba15363541dd1b41cd184665e2ca0d96e5941d1 |
| SHA256 | d02c8f8897a494d3309d5aef82daf9e50efeea7d3493dd6cce7e8c5a1f3eb5a3 |
| SHA512 | c43c1b9eb079490fe5771a51a53872a387d7e0027821f67be75d7cc5b0cb70cdee4dd40dd0ac4b1c051268518839e0470a92a204693b93b404b683545fe73bf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a963f6fce6871701d877ba71d835ea8 |
| SHA1 | 52a2e33337ce9714e39983f3aa3b4a6790b07c4f |
| SHA256 | 76a23361ed039c616bc0f1ea79123c641279d4a479c66f5d19176c8d1302cbbc |
| SHA512 | b4d69d61e7e60108a4eac610aa139e748c6f0650b86f92f31a03575cbcd0993cb76d1534d7d94be5edfcd0fbc4ced84efa5c43c5d2a4ca491cade98198cbbe69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba10d83a5d92b1ca53744a4f24e37b13 |
| SHA1 | 38488deeeb177f90e1851c72d9a253c796600333 |
| SHA256 | 83fdd370d95582ffc484b67c73d6bc7c4cf68dd09583d6bd3d3475fad660e0c9 |
| SHA512 | 2a1da523503044a4e1433aac00d0ff3201b1f69168c76b6573759579009a1cd3e10f67f9b1ed3b2e5ac2c5862747153b9383280ab57eca591452c0f81e839ace |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cec9d8a826c85a17716460293d91060c |
| SHA1 | 518304f585ec56986fa28ae585354b1c2a003a59 |
| SHA256 | a6c05abae4f81edb087d52d9857d34a1dce0af3a35b4ddd891ffa819eb7a7728 |
| SHA512 | dee08d016488d1800551a9a18916f236694815ade51d281b63aa27cf513f826546d0578b271390f2d340f8a742ca02542135b7693118b888d2d727bbac05aaff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ca31c06b1a15c7a44eec68493467065c |
| SHA1 | 007c8faec1e5fe5c2500297238f76d0e620bbf20 |
| SHA256 | 2860a8badaa7a1e26ef7376abe3994b702cae939cafb81e43e6dc51cbaa41bec |
| SHA512 | b6b0c1a949f2d7cd44e463976ed9ddb7337bc0ad3e38f4ee24cb2e84736f81bbf0be42e7722ef359429455dcc6b07326660661299af122216effce57ecadc1ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5efa745f8e843846b2a09eef3d85ac73 |
| SHA1 | 795cf0f2173fb29084da538266160abf456b1e78 |
| SHA256 | 06446b6d262bf21577b991f2bf15ece49aeb94bad144c104ccae1f84aa78705c |
| SHA512 | 610826d52307f422ec3f7dc4371295d1ad3517aadbdb4c2895d9d122f5c434aaf1f63ebdfa0fec0c6971694027a6267b1f343225b9a57e1ecd00a17bbf23ef35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff8a7089e072219680c12a64e6aa91cb |
| SHA1 | e6df0b64a0485a62448ef87fb4f76baf00d593dd |
| SHA256 | 4da4e6052e30e14d6fb202c304aad19f61979cc4cc1ed065ad79e00597fdf05a |
| SHA512 | 8bb504b1e451635637195aca2005b36ebfbe1dfd9fdf043ed9ec2ceeffc3857bce40416d738a4135f4e111dc5283684c5eb178474bc911ff5e9258a2e07c085c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cf54530b4ab2c69da838feff865971fb |
| SHA1 | 55c35c6b402f860ef602eeed40a460d6824a8a99 |
| SHA256 | 2a8fe80506ff1f619f76d83b066d7bc2c721e3c5f912a2b6dd22e17318e9c8bf |
| SHA512 | 583d87208e539ee4086e028a58e923ae9fdc4ce12646aa1b53910f2ec26e16f02fd8a4789ecd5753c26bb7b1d0f7ed5570c551578b64e5bac821184764a0fae0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0bfc754e9a9576898e61e7bfea02fe0c |
| SHA1 | 3e5afe97e56110b96e684df9cf8de3614f89f488 |
| SHA256 | 0efe32d3f8d2d2e053c076d288571e8c4bf830373a98c58e7e297ba631abf24d |
| SHA512 | bd8f50e68ad88730d885000dabb0ccff34797dbd26c050519ae10278c17d17aefdeb791e936a7f3b23209f953d0328371abedf4316186045089fdd046315b5ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4518c642292399b77ab87fca0a870d44 |
| SHA1 | ee9131c3367a3b9f20d624a5a241fefbb484c301 |
| SHA256 | 72065f2b1b38325886f012ff5b6caaf1d51ee0b71b51420372bbc5f195947458 |
| SHA512 | 5d95fe8e7ba739fc77b97aac032655f0483b0b89cf0721769ea77dc3d57adb44e51b48cbf31f94c351ef9fc5d04dad6c81ccfdb20f34627396a011ee9fa074d4 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:58
Platform
android-x64-20240624-en
Max time kernel
1146s
Max time network
1184s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 142.250.187.206:80 | google.com | tcp |
| GB | 142.250.187.206:80 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.179.238:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| GB | 142.250.187.238:443 | apis.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | sticker-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | sticker-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.212.234:443 | semanticlocation-pa.googleapis.com | tcp |
Files
files/dom-0.html
| MD5 | 0360ca9377c344e4a297e5e4c0c3dc67 |
| SHA1 | 9e6c320a26d273154a4fe4d00150a0a2c4fd8b86 |
| SHA256 | 78dd6036561d37af16267c442dab8e489f79333936e663800ea4094f472a5436 |
| SHA512 | 87bd9a9ecce90aa7d9c6c96158dff2add4310d3c6e7e840916d8eb1b4430c5dc4eec76f92d377d7dd497ed8b61b5555e352ab6adde8186b3f2c7615a86c2b6c4 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:56
Platform
android-x64-arm64-20240624-en
Max time kernel
966s
Max time network
1068s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 172.217.169.46:80 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 172.217.169.46:80 | google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 216.58.212.206:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.98:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.40:443 | r3---sn-aigl6nsd.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigl6nzl.gvt1.com | udp |
| GB | 74.125.168.170:443 | r5---sn-aigl6nzl.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.39:443 | r2---sn-aigl6nsd.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.105:443 | r4---sn-aigl6nz7.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.70:443 | r1---sn-aigl6ned.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigl6nzk.gvt1.com | udp |
| GB | 74.125.175.105:443 | r4---sn-aigl6nzk.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6nze.gvt1.com | udp |
| GB | 74.125.168.134:443 | r1---sn-aigl6nze.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6ns6.gvt1.com | udp |
| GB | 74.125.105.6:443 | r1---sn-aigl6ns6.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6nzs.gvt1.com | udp |
| GB | 74.125.175.70:443 | r1---sn-aigl6nzs.gvt1.com | tcp |
| US | 1.1.1.1:53 | udp |
Files
files/dom-0.html
| MD5 | dfb65179b2d1157b5a80d47d0bd22a0d |
| SHA1 | 11b552f59755d8bcef1362361806835ccd92e504 |
| SHA256 | a33e8bd8000bf7c21110f80e126655b047b99dde0e50ba912c078c703b5b57f6 |
| SHA512 | 8570045a4f8a0898ef2c3f7874538fd91cf30c2fc5b53f23575cb2efbec2dcbee782dc2386c6b5c8f9f8e23b04ca4e45b34928e432a67f5da21080c1a81f6a5b |
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
ubuntu2404-amd64-20240523-en
Max time network
80s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| IE | 2.18.24.19:80 | r10.o.lencr.org | tcp |
| IE | 2.18.24.19:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| ES | 18.154.37.188:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| IE | 2.18.24.10:80 | r11.o.lencr.org | tcp |
| IE | 2.18.24.10:80 | r11.o.lencr.org | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| IE | 2.18.24.19:80 | r11.o.lencr.org | tcp |
| IE | 2.18.24.19:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.240.188.8:443 | shavar.services.mozilla.com | tcp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| IE | 2.18.24.19:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| IE | 2.18.24.10:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| IE | 2.18.24.19:80 | r11.o.lencr.org | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.43:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | r11.o.lencr.org | udp |
| US | 1.1.1.1:53 | r11.o.lencr.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| GB | 13.224.132.52:443 | addons.mozilla.org | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | r10.o.lencr.org | udp |
| US | 1.1.1.1:53 | r10.o.lencr.org | udp |
| GB | 104.86.110.232:80 | r10.o.lencr.org | tcp |
| GB | 104.86.110.232:80 | r10.o.lencr.org | tcp |
| US | 1.1.1.1:53 | getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | www.ebay.co.uk | udp |
| US | 1.1.1.1:53 | www.ebay.co.uk | udp |
| US | 1.1.1.1:53 | www.bbc.co.uk | udp |
| US | 1.1.1.1:53 | www.bbc.co.uk | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | bigthink.com | udp |
| US | 1.1.1.1:53 | bigthink.com | udp |
| US | 1.1.1.1:53 | www.cnbc.com | udp |
| US | 1.1.1.1:53 | www.cnbc.com | udp |
| US | 1.1.1.1:53 | www.dw.com | udp |
| US | 1.1.1.1:53 | www.dw.com | udp |
| US | 1.1.1.1:53 | reddit.map.fastly.net | udp |
| US | 1.1.1.1:53 | e11847.a.akamaiedge.net | udp |
| US | 1.1.1.1:53 | gtm-uk.www.bbc.co.uk.pri.bbc.co.uk | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| US | 1.1.1.1:53 | e3365.e12.akamaiedge.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | www.wired.com | udp |
| US | 1.1.1.1:53 | www.wired.com | udp |
| US | 1.1.1.1:53 | www.latimes.com | udp |
| US | 1.1.1.1:53 | www.latimes.com | udp |
| US | 1.1.1.1:53 | h2.condenast.map.fastly.net | udp |
| US | 1.1.1.1:53 | dnere6g15e5vs.cloudfront.net | udp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | news.sky.com | udp |
| US | 1.1.1.1:53 | news.sky.com | udp |
| US | 1.1.1.1:53 | discover-prod-1777428142.us-east-1.elb.amazonaws.com | udp |
| US | 1.1.1.1:53 | e10653.e12.akamaiedge.net | udp |
| US | 1.1.1.1:53 | www.esquire.com | udp |
| US | 1.1.1.1:53 | www.esquire.com | udp |
| US | 1.1.1.1:53 | www.historyextra.com | udp |
| US | 1.1.1.1:53 | www.historyextra.com | udp |
| US | 1.1.1.1:53 | immediate.map.fastly.net | udp |
| US | 1.1.1.1:53 | hearst-hdm.map.fastly.net | udp |
| US | 1.1.1.1:53 | consequence.net | udp |
| US | 1.1.1.1:53 | consequence.net | udp |
| US | 1.1.1.1:53 | www.fastcompany.com | udp |
| US | 1.1.1.1:53 | www.fastcompany.com | udp |
| US | 1.1.1.1:53 | mansueto.map.fastly.net | udp |
| US | 1.1.1.1:53 | www.inverse.com | udp |
| US | 1.1.1.1:53 | www.inverse.com | udp |
| US | 1.1.1.1:53 | www.bloomberg.com | udp |
| US | 1.1.1.1:53 | www.bloomberg.com | udp |
| US | 1.1.1.1:53 | bloomberg.map.fastly.net | udp |
| US | 1.1.1.1:53 | thewalrus.ca | udp |
| US | 1.1.1.1:53 | thewalrus.ca | udp |
| US | 1.1.1.1:53 | www.nytimes.com | udp |
| US | 1.1.1.1:53 | www.nytimes.com | udp |
| US | 1.1.1.1:53 | nytimes.map.fastly.net | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | psyche.co | udp |
| US | 1.1.1.1:53 | psyche.co | udp |
| US | 1.1.1.1:53 | www.theguardian.com | udp |
| US | 1.1.1.1:53 | www.theguardian.com | udp |
| US | 1.1.1.1:53 | inews.co.uk | udp |
| US | 1.1.1.1:53 | inews.co.uk | udp |
| US | 1.1.1.1:53 | www.deseret.com | udp |
| US | 1.1.1.1:53 | www.deseret.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.187.202:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| GB | 172.217.16.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.202:443 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | _http._tcp.se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | _http._tcp.security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | security.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| US | 1.1.1.1:53 | se.archive.ubuntu.com | udp |
| GB | 185.125.190.83:80 | security.ubuntu.com | tcp |
| SE | 194.71.11.163:80 | se.archive.ubuntu.com | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:53
Platform
win7-20240508-en
Max time kernel
586s
Max time network
891s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6af9758,0x7fef6af9768,0x7fef6af9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2120 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3076 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2288 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2552 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=784 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=668 --field-trial-handle=1228,i,11415202545248024588,4004652755683869262,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
Files
\??\pipe\crashpad_308_YVEBBMXKYCRQHIPH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9da8ca2c5aee382b8a58c82d1b7de70c |
| SHA1 | 435c7bec31077a225c78b912a29023c11a87f306 |
| SHA256 | 219a860f4be0fd0b26986761b55bf98e11f8980d184c03279d4ef85f7e2dcbda |
| SHA512 | b0773f4822cef5c111941eb677aaa3fa9e1c23a22c203f74c546bdefdfc1e99c9a516aa0f9bfd32f9d53d727f6003b5f6df3a3a9c7a3a63bc8c42b98fd8e826a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 170365e7f8e5f006f82798897ad06275 |
| SHA1 | e7aa2e788102cf20a3d323b9665a0175ebec4434 |
| SHA256 | 3a0750c6a5a64e36d78e5211be555f5df96e5d816e593b9d532124ad36c83e13 |
| SHA512 | d9776d8116fff5669a5b299451d7ff302f426f9ac77f59f6ca9221baf3661b10c8f7dfb8fa08b30f1ecac631b98460db117d54cbc2e91269785d0e0f38c021dc |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:52
Platform
win11-20240611-en
Max time kernel
835s
Max time network
836s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\x | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\x | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\z.zip | C:\Windows\system32\cscript.exe | N/A |
| File created | C:\Windows\System32\z.zip | C:\Windows\system32\cscript.exe | N/A |
| File created | C:\Windows\System32\x.js | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\x.js | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\x.js | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\x.js | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\x | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\System32\x | C:\Windows\system32\cmd.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Event Triggered Execution: Accessibility Features
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637819090324837" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 | C:\Windows\system32\cscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Windows\system32\cscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\cscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\cscript.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 | C:\Windows\system32\cscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | C:\Windows\system32\cscript.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff | C:\Windows\system32\cscript.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\malware pack.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde934ab58,0x7ffde934ab68,0x7ffde934ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4184 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4192 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4748 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4228 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2276 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1512 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4760 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5204 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5304 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5292 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4256 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4324 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4320 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4716 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Windows\system32\magnify.exe
"C:\Windows\system32\magnify.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 --field-trial-handle=1836,i,2879822873472813185,4867829982756871755,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdd55d3cb8,0x7ffdd55d3cc8,0x7ffdd55d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1740 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0.zip\MEMZ 3.0\MEMZ.bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,15053548771085271081,6231822377650680923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:80 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:80 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | udp |
| SG | 172.253.118.94:443 | id.google.com | tcp |
| SG | 172.253.118.94:443 | id.google.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| SG | 172.253.118.94:443 | id.google.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 3.212.162.207:443 | www.abbreviations.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| SG | 172.253.118.94:443 | id.google.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.234:443 | scone-pa.clients6.google.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | tcp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.180.10:443 | scone-pa.clients6.google.com | tcp |
| GB | 142.250.180.10:443 | scone-pa.clients6.google.com | tcp |
| GB | 142.250.180.10:443 | scone-pa.clients6.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.234:443 | scone-pa.clients6.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | polyfill.archive.org | udp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 8.8.8.8:53 | analytics.archive.org | udp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 8.8.8.8:53 | 241.239.241.207.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.225.241.207.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.212.206:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | ia803405.us.archive.org | udp |
| US | 207.241.232.195:443 | ia803405.us.archive.org | tcp |
| US | 207.241.232.195:443 | ia803405.us.archive.org | tcp |
| US | 8.8.8.8:53 | 195.232.241.207.in-addr.arpa | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c43.gcp.gvt2.com | udp |
| NL | 35.214.142.18:443 | e2c43.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 18.142.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| TW | 74.125.203.94:443 | beacons2.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| TW | 74.125.203.94:443 | beacons2.gvt2.com | tcp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| TW | 74.125.203.94:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 94.203.125.74.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | lens.google.com | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 104.86.110.105:443 | tcp | |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| US | 104.208.16.95:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| BE | 2.17.107.112:443 | r.bing.com | tcp |
| BE | 2.17.107.112:443 | r.bing.com | tcp |
| BE | 2.17.107.112:443 | r.bing.com | tcp |
| BE | 2.17.107.112:443 | r.bing.com | tcp |
| BE | 2.17.107.112:443 | r.bing.com | tcp |
| BE | 2.17.107.112:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.107.17.2.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| GB | 172.217.169.14:443 | lens.google.com | udp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:443 | google.co.ck | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
Files
\??\pipe\crashpad_960_RUDNQHBQFKPWDOEH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | dda7a677273d54d9aa2613f75c525ab0 |
| SHA1 | ce62b85b7261ef87c61a2fecb44ecf008791dd42 |
| SHA256 | 82f8d8268bb3288bc7e625609b78a00406cf96f873875d10781aa14468262d2a |
| SHA512 | 5d566f52f40163b6127488ed0e253073f0475e5d64a9dddcc50283a1731f63798bb7cce44c4212e626bb39b6e5433587cb71342ea87a100b34467114fc41d724 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cda23c44f75664d123b76323fa3a2cc7 |
| SHA1 | 39af01fb8691d8db147b741e4c3ee59dd5c98592 |
| SHA256 | c441d7d2fd18e831ef0d92bf51614d7676a999c9139bdfae7e7a22b6b5a16dc2 |
| SHA512 | 44e43a0499603cda685de51a3637d60632d75e1f444cd052447620f0acc860288ca5a2d7e8538281eefa04e534de0fd1c1b084f379e1419c31aaba39a9d5e9fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e07edb2248ed6e9fa0d5607e933e2acf |
| SHA1 | d146be9490964c2510c2625e92f4cc76d46c1095 |
| SHA256 | 18b01523850f6209bf2db6339c320e1ee3503882411a6ec8c907f27e15fd8d58 |
| SHA512 | 33b8120157ebb1a52d5b50b28f6c0d6e2b28f79394141f947cb8884b4e66b94694967f47ba454e677704df05db30e6fdc42992c0067b22fbff3d6cbf56becff1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97821e7e28e92d0575126d9d4219f6e6 |
| SHA1 | 441aef73e305eb51d26e19cea1497656a634c41a |
| SHA256 | 1de4d61cc272abf7d6f113b4637a40f38b4c4bf1edb7c8b1ea633c1e23fa3c7b |
| SHA512 | cfa4a1f49619e0599bcd8899291cebf1adeb6e1d2e7b6a25a62780243f9eedaf6fed16e5d0b5dfdbf72f204851ca644f725c021861b68eae9367858a2f650fc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 11c3ca5503cdf99c3690c800f6bf979a |
| SHA1 | a800e0f0ba23ec9e322136b57cc94f53c1cfe4bd |
| SHA256 | 8f7c8b27f794f3b797a086b3936371ceeeeaa3a04e591592deb5480bb1f07e6f |
| SHA512 | a6021fd8d562b9568ccdc4b383a57cb78987cff8eac0e2085af7cdd80963012c826e2aaf5dcc6f11257b748825b7f88b1a0fd763581943813960f356e80b1f6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3035309ba58929e02f19c1e5bdd0d314 |
| SHA1 | 7226636a8e1e2b47168863e98f4b8c76dc0029b0 |
| SHA256 | 362d2f07934c5782e88990f32f3cb27c53fa1bc3c362bfd32bbc1fd3f2a5ffe2 |
| SHA512 | b12c2a62789c96ca71d1310941a41ecccca4c1845f9b79cd82fbe157097086d088c94e50e3bfb8bedf293266fdc4df9fb278e2fd987019191f685efab955375e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5ee9ca6af80ee5742c4cbfab2f9a96ea |
| SHA1 | ce1021638bff4bd3ff2e037286ce1df67c1b26f4 |
| SHA256 | b187c1cdd4207ceb39090921243401e97fba2e7184b321ce30a91996e1ae333f |
| SHA512 | 2b513d9146e02aa7a050439f4b791757e96eade9e3f3736030a5ae5f30f59c54f41395d68135e4ef609ea2d6d00e225abce175a6f2f0a8da1c5eb52eb98226f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5fe8192ea218ab15a9baa1b52566c12c |
| SHA1 | 1d6c91954aa10a2fe61a2c39ea9f71a28ec905f8 |
| SHA256 | e1f41d20464a6e9c81534c442cf5759336bbeed095423b2583aa2bec4469ac7c |
| SHA512 | ad462a044362c7495c66dbcef4dfcb97f414ce0a52149888b7dfa8dd34662b20c760e209a7e609fd7c62b8b2e33553027b14aeb010bf7806a2ee024e6e68761a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
| MD5 | 2280e0e4c8efa0f5fc1c10980425f5cf |
| SHA1 | 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23 |
| SHA256 | b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74 |
| SHA512 | b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | eef13c2f2cabb4f7cd7aab415cc60e1f |
| SHA1 | 75193b9da9152e753dcb0a70e9f67db4553e7b9a |
| SHA256 | 084fb36570257b40772a08193601151b3b3353cb9e40abdb33b772b9a473e990 |
| SHA512 | 9fc0c169d8ed469dbf41683dc7bd2430d2c02487ab24ceb0a2efeab9baa4620069f60226db830b7f37b6f56d069a5c38de42495e91ccbe4fb3a196a14e6e1f12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | a6c6c07467460be4471c05c0c34c2d79 |
| SHA1 | afd05780e0710552bbb85b3d12399bf9dbff44f0 |
| SHA256 | 078e37130427dede15284c0371112d07c7f0b72bc3f20788b010e1f9eac50703 |
| SHA512 | d03028a035fd1f0a842d02682f25e80a5332b547f3eeb71ae07161041310b7a86c625deaf0863a8928358e3111f1b84895226428cc90d4e052211dd6576bacd0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d79421407ec52f66bfd6c16f9e0a4eb7 |
| SHA1 | 6a7ee6dbe09c4a7df40aca0f34363cff2ea4153a |
| SHA256 | 551b4a794f294f8a9423882919686469918ff7a0400e95e69dd73c0dfd32e03a |
| SHA512 | 0e3c38ad5617033075cb7b4795881fb1965a1eb77808f6cda745e0cc8b41204efbca8bfb55f3a4b8d3d849df13f94a8558cb79c4966110575af221e17318c958 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 74cd8f92503d185d338579d9064bd5a7 |
| SHA1 | 50d115d35e0769d82a1f4d00cc4c84953adc2d6e |
| SHA256 | bf2a31d359029a7cab81bdf44c3dae2ea36d86b3c974115b83be94fd0e99e16c |
| SHA512 | 29be9344c38377295ff650ecbe68967f90b30d0353ce9284028ffec052b55e3fe0c29c0bb63dc93fb558353a195cf15ec529899e8945d437d584a7bc81e1f289 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a906a.TMP
| MD5 | 723d2c55955b7cae61e4e27fd0b62672 |
| SHA1 | 2f38c5d85968ad07e634971446ca97b1712af9ce |
| SHA256 | 5e1c0e0d14b9a8adf8920d6d38c3f01f986f5bfdd641edcbc25baa0ea018b4a6 |
| SHA512 | 6337dcf4d7043c4bdc796ffd04fb693d8e6f369e41a63732470c3033f87d8e1f057838f9b7d7b19e6e34e060148fc235f8af8ccdd99ade521b2f4c92520e44c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 55aee9d5b84d725b801f3ab1fb7d7132 |
| SHA1 | 66377e4fa6f6a545df9c10122258ed39fa28c326 |
| SHA256 | 803b1a938f60762cc79dd904f5d284ba0148de931e72edc11cc15cfcf617f64a |
| SHA512 | 3e870fdd8ca12b8487d1570fb0754be3e3d9ded60b519724ba0e6b998b0a24b195dd52f7371a946217166ae85e24d291284f8c7e4ed15bd57f679a9014e8729c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 30d982e828b5c524980da42245ee9e90 |
| SHA1 | 7364e3f1f7ed95e2d772ec151b49b73e4972fee6 |
| SHA256 | c41244b589eae8e53d412f7da31782c1b6389dbef2d422a58971e5f32346adb0 |
| SHA512 | c40ad603cfae96e89e4b852dc29a0ddd8f8bd259c2b7acb4fdc2d9100d039a05b6624d533851a375267e8d4bc55aed0b079651129477bcba4b32cedbfe901100 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 2078cecf6e1cb55e505651668169fa0d |
| SHA1 | eec7020c2cb9b6b68eabb5852b1c629a5517ad81 |
| SHA256 | cfe71823765aa71a9674c6ea411b1660f9851e074ff2fd5f90bade6abaa38d6c |
| SHA512 | ab1da5da4f443e32f26e507fd3190e30ff63c6f4a454d68eeb2fbcb9b1a9bf61ef3f80ba1ae881291387b0fa420a185880527a2bcc61c564337b4486cccc90e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | b05a4b509bc2599903f3ca63bcbc8ebc |
| SHA1 | 5709e2014ab82f8a6d460bfb8b3fc5d6488c4889 |
| SHA256 | 9dd2fd33862e07b7f3024f97c2ed1fcc0607b44f6d4eee94966ab09d5ed6a68a |
| SHA512 | 7bfa3f4fdcdc1159176c9b40010c8122bfa8125f0519f77934bd12fbf26a984f5e5f7317ac8a3b4d8ed337e31acdd6a95e107338069b29be1bedffaa4410a4d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75173c90adc0b9b9a6cac28ed76a4d5c |
| SHA1 | d43ae12ca0a728f3b49bb81b40e9790b6858c907 |
| SHA256 | 386ee2a6aeb2e3bb8f7127668752aa1cfda2a373aec54c6422c10872c5c72bf9 |
| SHA512 | fe0dab46f3c5aca665312a39cf7f7a5402b2ae15e8d3c10b28230784ce53b408f6a6053e54f47862818e48ff9fdad9a46cdffb2cfdd5eba7b1340517e083d194 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c436c9f355e6b22482e60dc701c04bec |
| SHA1 | e6abbdaf21747498fe3702f5b67e4289f45f2caa |
| SHA256 | ac68a21b7125af46eaaed538c86a3917a0d3fdd8a2b8d346429be52c04aad703 |
| SHA512 | 3f9f66f4e6c6e0c91fdc601e7c3ffc49c843f04d5e57acac30f42e9956228299ed8f307910d6d460e0b64a7cb6a1567b5217fe68124f137dc6a008a968178fb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038
| MD5 | 7f5a5d45ee4ea0bd1ccf5178c63f43c0 |
| SHA1 | 71cafbec33de805f8c65c04ab40a7fc072420df1 |
| SHA256 | e47f30921e1d3fda22de0ed56c9847b80e379396ea95d3fe60e04cf9e4c9773a |
| SHA512 | 11dcabf8a16fd008783be04cf72e9ebcdc3b37a9a92c0769daa32fcec0a7ac5f1380d5e7636dca14eee05e5787419d2f5782726c94846c39085b325099c123d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3bc6a96e2c172919aa642528ac6f1ba2 |
| SHA1 | df10e51efa7ec21e0592c9982f88b71979c97138 |
| SHA256 | aa55385557c8645bb2272620288502ca037c21ae04d0f987040eaa5b9376ff17 |
| SHA512 | ea4aa51b02ad38fb9996281b8e63aafc5e252ddf8d2e94879caa25acf32036e46607df43d5f16d9fc6988a3073acfdf23faccbe1c2b391f36c1d6ef68ba61d25 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13a51e1ca4527a0d7de3dc9245a5c366 |
| SHA1 | 128e287060d5a01cfbb997dc6c3999f315143138 |
| SHA256 | 5341af85d0b9a1a39e0248a5eabce00682a3cfdb779f6a0141a57afa9b30441a |
| SHA512 | ad65b657366965aa62b00f239806d3943221f7cfe9d8d73a6190a30f1a432cc0f1efbd5758642a5ade853f9d9f35e2aad54e17471dc3fa99832cfcd1d6bdf836 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 58d2d16463f463f31d8528297f84fae6 |
| SHA1 | 7a296826fbd6257b638d2526f1355f42a038aa98 |
| SHA256 | f369ca2b3950d57ccf49dfd80a128d6bf64574d9c76ecd9d8545918606e6b036 |
| SHA512 | 42b9eba8a410e3def2046dd39c3b905a9f9eb08c0547263a3d58d66247847cb0b5b07e78366bef72eea9cc3dea2d79dad9e05a4ef2caa530e8e94c4a24fd0807 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8cc4fb1dea149d61650c289b36b5d93a |
| SHA1 | 7014d40ca1222ca479d682f8dbf93707d10d5977 |
| SHA256 | 2649590d7aff1e5a6e4d4a1b0c7dea3a9361d7ac8c0199faa9b91f1e6a31166c |
| SHA512 | ba6b0a7e3b75416f1cd9aa9955472d749f624f090ba176541045e1178b05e26f81c33ffa4e280ef99de229c93e1f0ee76498ef853140cfec2c6e9a2ee7515725 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9aad2af521c047ee60a7769a2e517e38 |
| SHA1 | 839504eb2962a6e93b8e157e3dd7581cadfe1b32 |
| SHA256 | dcaead8e0b8ef0506ad831c8d39afaf91c5aedadf41e664a152085fd21738359 |
| SHA512 | b89038f060733b135100754be6187d7d4bd52bc8cbc9016639238cb5df5122e3fa4d481bd22204ca3859c68abe19b8e2839029ff1c0b2ff5b563afb47a7f7cef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 53226c9368bd76b58ce50508ad0fb181 |
| SHA1 | 20cc420de485e2bf9e255c10a6debeac52e0517b |
| SHA256 | 56dac334002a7eee1cd7fb1c663266ccb41e44045494765a114d73305aa8e9e8 |
| SHA512 | 291c89ecc76b24e6f24ba5e09e929b5795e754713875f322bdcd9e3f11538f395afc2e04bbaba4dd5da2b0f7b5e9b7e8795eb2efdbd256f77292eb88cd95f6e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\34bb6a9bae9fb394_0
| MD5 | 813ee1573adb35d230eb24546226568a |
| SHA1 | 145189b4c3ba4d451e2a96c0d306fc190eadc495 |
| SHA256 | 47c71c6cb99d44ef6ee43735c7aaf31d3ee475de7703b8738b59c37b5e0d1d64 |
| SHA512 | dcb26385de48d7e46f193213873de4fb4bb3a83f0dc86d60acdbfb1053d403aae121548f6579827765237a79a02cb40763dd0c6ca0e82c8c80d9e7f87a268153 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d0e8caaa10047fd8_0
| MD5 | 2fed63397e1f1500e00b2b9d715eb36c |
| SHA1 | 04baebd24bd6119e714de6665119c8eb1d58ef72 |
| SHA256 | 054a817ab8d7cbce22489c0b2aa33021233206cad94319492451408b2cec26a1 |
| SHA512 | b8afa8b7f8479f9c1591cce98d3c0aa85f2231825a0f538f456e420899406d8ec549b3d3091549f805a324fe67f8e8903647405b42efb876954baa1419397cd1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a3089b4f33519acca1e5701eb402c244 |
| SHA1 | 9915d15c33fbc3908ffa7511be703036bce661a5 |
| SHA256 | 08066e92dc017a1951201164310784eec5a5032777d17f43f62cf423a7c891be |
| SHA512 | 868648f24773af459c142be2c0e828dd2b0a537fa9127c9ede681f2f6e52349ddc0f9122e6efe7dba7af361e7907347803a148d4a24d70bbd968d41cfb3a140e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 59d6f5239d53e1c37b19877c2e01ef87 |
| SHA1 | 2785bcae76642b18c9caf52b6a432c1881971312 |
| SHA256 | 4e9835c25d4cd45efda62f0984cde7fbba7f6f726a7bdc1b231a74275bafa4c1 |
| SHA512 | 0abe2dd12ed9feff21e744bb9a52a51bb38b9f4f0746fd6022513e97ce4c801d161b6e30b14188471d704d5062c4fc0df69e16088e3b09688c6228ba45ecf515 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fed5e122-943f-4f99-bce3-d77b57dbf5ac.tmp
| MD5 | 67af191826baf4d382c1bb921aa47125 |
| SHA1 | 62ebdb1b2826fceefbe98c6ef5f72b92d328e65a |
| SHA256 | 0a144c558798e120192430bd1e10d232db45276d85cfe254a3d2e6a9a4fa8996 |
| SHA512 | b02af38f676223e761ac0b0443fe8be4ae6caf95becadf5511291b7c8f0ad10c2407200052810a0d404e4386705208fe3c7054f192d0f83d459afd4438012737 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | ff0bbe1ba8f294f444962c13177f550a |
| SHA1 | b4c2b35a43a6acd578aefbb6f265fe4937a3859e |
| SHA256 | 3c0e6885d64e8c839751f35832153a02de36334e6fd7dc48ed9d6aa5748ff350 |
| SHA512 | 20c14e46921a629b2e548f6403aa99bec18617e3195ab5ec1a2399d5b62a6e5a076d196374aa3085e1a428cc5d69779249b3a205606187a39e5af201003bbdcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 082b29317074fc097be1c17a7e9bbe76 |
| SHA1 | d4a3daff45a0d1d64181460fe0124c0c8170a2a7 |
| SHA256 | c645b9f1e0fcef85b2bcbb55b7217c448e56d6b0a6e75a874ec474ab408fc0e8 |
| SHA512 | 4bedd8846b302ea36f3db3d6f09c1c9199d65c6f8ddacd1d8d22673d4600033bd3cb713b1caccadb21ac5b9c8ca513ad9aefb1179b4805ab0958c1df0d1f81f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | c5ab8eb9c1fe939549c96a076563b07c |
| SHA1 | 01d419cb58f4f13b8768d06d005c766a706f13fa |
| SHA256 | 453c4f7235e9a057a103444e24d56bf7ce7773d90fe6acc8cef6de9bb2a2dd41 |
| SHA512 | 1d4b50d8905c54ae4c6c5b15bf2ccd134f8ad8d493cc480bb6a09ce184e142749b5e023d3df4e0748e6bb98c0d92a2f635923b87316112a1832873fe1f8afaf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | aa34a9479e72643ca33f10ed5cae5007 |
| SHA1 | e8db3f40417a2b8aaadfbc258b9bc3a7f552dfc3 |
| SHA256 | 7f935d61fa9ce5a3884963bc1039f4d79ed5c4dfd981f2240611c4c1992d02cb |
| SHA512 | 689369289884540939a4be0fb881e2ad4e1fd553487e9cab7ea3e9c56acebe26e74c84f8a98b7dc8ed8e84fb66777f4865fd4b395fbec254793164f11d4539d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c
| MD5 | 1ff9ce2b9d89139fcfb4de209c3833b8 |
| SHA1 | 3d4ca93716801e8075803ced92326f8a82ed7280 |
| SHA256 | 98b80b9d54be376f7d277cd0ca5e610fa26f4738785f4b3406c9cfbcf96b15ab |
| SHA512 | 338de1efbdf6b4e4d710b4e2157bde91ea05717c642736d1e0b02870fd6e5ea2b9c8ebe5506d865f3d9c378415116648534cf126704d0e5eeaab137402a6832a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f24103a46f69cd07e7f3b5f6d6bd8aec |
| SHA1 | daf9a1be687d1e797d042cd73276547ccc50b4d6 |
| SHA256 | 7572b0902232d19d6d055c988d55277631e2766783bd6c2daa03b3df4f4e581c |
| SHA512 | 8ae93f4405d094dec1440805eb7335c68f799b32d37238cb8c5aafd89660682c4433e35955d21f385b35b83b228a68407fff80c58834b1cd8fe804efad195dac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 29b86aa4bd8fd63913d3d8aa7a9178b5 |
| SHA1 | 4d16539d56bedcc4459d8656452c8a4d5bd611cb |
| SHA256 | 8c0d8d0f7d022eadf23b4c2c1be8bf4388d6473f1d95ba4fd114e242e327fc24 |
| SHA512 | d0b7d21b3c8b3562fa53837d8e8b1a7c72b3e13474c9d1a1e149df76ccdba5ee5441ba667cb9dd1d28c6c3fd87be317875495843f71dd8876a9aae98b444fbb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 32fb7367a25b797e4024f2346c672140 |
| SHA1 | 27d923c7599bcb7846984eb056e07ad27cdf0ce1 |
| SHA256 | e7a2cd2aa3beebe261d8d2158c4e2abff5375d945d37230f66940df81ddf96d7 |
| SHA512 | 95fc86eb15aa254e153e67c65a58687470ef87f38f2a38e6d34adb992a65190500868cd07d9f5ab0f5b97db02b848c76e9974c491d3836ab3f5c52452209c66e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4da0b4265b9f7ed3cc508c3737fc03cf |
| SHA1 | 28932927219dbd8a461357fd91aec6001236383c |
| SHA256 | 4a5883c85ff6766bc7c09770b24128d0d856824ed551bb9f467ea64560083a1b |
| SHA512 | 0fd4ab2dae3837efff28b36caae06d3f79af289e7d2ebe5003989df1c59bf23e6a96128c248e06ca23cbb4ecd591a35c7c1826b4f03be79e3bd02c0d83c4c3e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\644dd214013a4b8f_0
| MD5 | f359fa71a3f7987aec6b00064571c708 |
| SHA1 | 68fe8978cef744a223b6b1b9613f280f26a3be1f |
| SHA256 | 2fa1dd8d1f270f688a4bfeba255784c2cb4cfb2aa3b7fc00d817d3146804f666 |
| SHA512 | 2754eb803b4527028db45df392f0034dee22dee45cac150d2162d6fe67e5c35593a8542e99a716a69644bde368c357a5d0f47ba3cb06967267787fe4a045f453 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\117f39197efd9541_0
| MD5 | 467a54a32b931819af7242ebd2bc951c |
| SHA1 | ce4fa1d42d8e8be1c5d62e9486d79e10c63bf766 |
| SHA256 | f79f3bd8f8333302a087d7b9c5c78a7379ae98802f4584a2be2c9b74acf7357d |
| SHA512 | 5ab979c321bccb3b9cdcaf9de5dfd3a9f6ec94f98fa3675d3d82657e581b4e99fabe81170c1a32157e11be407550c91bdbe72532f2351670ea7a25777e11132d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9effad768acbdeb7_0
| MD5 | 8f2f64fe8d5d2fae5eede8295c5858ca |
| SHA1 | d8cdb69edf387b0d9bc2d165fe47e5786913b357 |
| SHA256 | 154c65ef7d5a9ec19be0d0fee00859db5986c38515b80c5d32444ecf4fb4f519 |
| SHA512 | 11a7af8e285395e24d870e3975b799bd6d9e0dfc3b2fec89a51ec1ccd7b7471828f190719be36a0c083f5ad0a4d7cdd948e3b3bdd6bbd645c73f19bfaf9dec7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\854afec89c4cf64d_0
| MD5 | 637a1c38b2f5620fc4b7337dc3cc5df6 |
| SHA1 | 321115803bc44ea076e63a9bd7d209eb3843319d |
| SHA256 | cd6d1ad7d74f6c90883edb313e5c48773f3d26ee39059db7e0df61a30302986b |
| SHA512 | c1113b6c611a01ec22a4f3c1da643c5f77dfe3fa95b16348d72f4d85c8f7f200cce00217dcc4a1c937db20cf08dda7b3fe63b820729c037df6a3caa953651042 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8f693c0c1fa99999_0
| MD5 | da0741346c1cc585438ff64d34046c3d |
| SHA1 | 143005cdae1076175ea9e06316f86bde1c7a8e1b |
| SHA256 | 4b8df484dd5c7625b32514aad6efabd5b24e686d1e865f557322831773a86575 |
| SHA512 | c9778d5df67419ffd681b970f27a3c3e825d0fe38ea44e32ed85a32ce09f9a9522ae3ad2d5171e6427b8de5fbfe89c7f7a83c1626334afc274bb414aebb164c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c43a6686f448f978_0
| MD5 | aacb7b81f45bc332d53108d952d9567a |
| SHA1 | a715053fe46187a5a1f6bc05fb5d74f51de4dc9c |
| SHA256 | a5782391544071f1d1133ebc09c2853df2dcde9861097423fd64634506ffb02b |
| SHA512 | f2aa820005331523fcf5468c8e8a82651c30887bd5c0af48e477ae6508c1b8705e63d555fc4b784043cd0ac225b08db71892ba1786b9595595e8dc73552481ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b930edaaa50c813_0
| MD5 | bbc470789705763de66359a995ecbb13 |
| SHA1 | bfeb3feb6fdcd246521c93c6be0496ec4f481b55 |
| SHA256 | 69c283480d7c974e6de6c6838da5ce4648c23d5c4080152a0d256fe0022cc02e |
| SHA512 | 708f4abaf2670435b3e4cdc9ef932a6e35e00cc3ee5eed54ea86b587f39d4183350a090c22ac795d679ecf097321761bc676b25c78216d409e115d5108595528 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9cbfb83987318adb_0
| MD5 | 448860a8a4ca02bd92f371e8878e3cfa |
| SHA1 | 88d3b91972f1fe2d30045876cdd94251c5b32277 |
| SHA256 | d7a3354dae7270ef97a47185c9b07b1dfd3e509042b17095e66e1e7f836d7819 |
| SHA512 | bb2fa0769eb51f534b1c5adda96ed77479065d6cab6019b3646e14face584ad60fb6dd63d1fe6be4b1cd82549118cee41bbbfea9e69bcfa7e2ad610c4de718db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a62da7c7a2128d0d_0
| MD5 | de4544699974852b3dff357986c4b7ac |
| SHA1 | ce3376592f4b0a3f617f39bb96e3550f52fa2da1 |
| SHA256 | f5e761d5ad7df4158ab39037b5cb49be38792fb9abba0f7fbd26c28a676f47e1 |
| SHA512 | 42645812bca4ef53c5c741695500b58e38428ae28d2157d59b722dd8c3a37298e8703aa4668be71134170fe8c5785b77abd84cab9e76a4eb91a7ac0ab5a2d326 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\404cef15c446b9a5_0
| MD5 | e9cf63c14dbcd60813f7d9e98554bb8d |
| SHA1 | 1a6cc6195ec4a64d2f9942e48a2b21b87a74bc89 |
| SHA256 | d93adf437f88de8b012bac74d6d9fbe266ca42705c9f48fb9a65ab5b0437466b |
| SHA512 | d8284a1ba80358e74fe84ff9c69e57154ab737e13cb39fb5474bf35c6818b2e8defa54dcdb53d252607aecd5d75c451e35976d6fc26e177aba1cc24b3bc148f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f67dfe766ff779f8_0
| MD5 | fe3da2800db0e8a7828c533f45d41c12 |
| SHA1 | b8e0e6fc18525fb192e647ce938c68d268271a6a |
| SHA256 | 3006c4572f42510c8d24bace66ee67ea5c1e9d889f0c5142379076d68fabc1b0 |
| SHA512 | 2d7216358456228fafd6871dbdc45fe54611e305e1ec71e469e91f7fb5bb59fb1c18def7c8e16c48baf2e8beff3c8106ae84bbe58cb6e05bac657ce6d9090265 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08cc2d0e9fff97f2_0
| MD5 | 029298a17f283bba588127d49805994a |
| SHA1 | 49b61686802b45270c83f406f24c1790047090c6 |
| SHA256 | 0b5df5c7462cb868ddfc56a989eef0ea72c040c3b734af19af5b256cdd7a9c2e |
| SHA512 | de7c711c7368baf88ef7aceaff4755c948d28725a6514356a9b25c44168dfcb28ccea582ea6abb73272dc452c63aad853c1fa3078ca1287a6c3f83f07cefb151 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 541c8a08776b2a01332d6f9bae33e0df |
| SHA1 | 424ea9bfbc47a4bd5667baea850ba5aaad429c47 |
| SHA256 | 74bc2881bd2ce741c61d0d7a6118d893b9ff36f4b075a7d65771dd19215d71d9 |
| SHA512 | 4f697294f83f348a71c0e9c3e37db91373e7f44effc7ec746cca65376bea5a14e09fbcc5bc1f70f68e026be28d7bd704834726f38373021e46d25e245d38064f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old
| MD5 | 6022fba123701689d7dd1c90e9f09a77 |
| SHA1 | c589eee92cd6c1dedec31e0f2f31bb3e323fb752 |
| SHA256 | dc8bd7c17e522932acb55df5a824fc0faf599476fb3802e08a7f028f02b7d673 |
| SHA512 | 07770d8abb35f1a58223b5dcb392045b87c80a37868c3efc35b1af3e01dc78f724fe07082daa8f3ae2999f21adc1fc034acfd85cef008ba783f4f4da42afd671 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe5b9b91.TMP
| MD5 | 789d1161ace5c8e4dc36ad494300dcc4 |
| SHA1 | ff574e57892f8812f5ffb323547e389bb3987949 |
| SHA256 | aa183f6b20dbb13255f18c731e4accea175bf0446bdb11a9ca113b1c3df66f72 |
| SHA512 | 79b5978560a823a5daf2929653436c8f2f1357275e2e4723f9b261daca8a61d0a086a4bc746dfacd9f788e016c6680fd9857b33f75737478a1c3171588d98134 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log
| MD5 | d6bda667b157d809135ae4483088e530 |
| SHA1 | 310ee30436bf96a3ba1e167e7dcefdb86ff0f694 |
| SHA256 | ee1e0b55fa5b032a7e4f06976cc86fbde2930ab97bca942a9b73469942033fc2 |
| SHA512 | 0888b0dfa78032a57bfbc43bcf50aad16f22edc09bf4e12b006d41cf6d686acc9fd815d15637528222d7ae56af01b734be1fcf3dcf767dcffddefbf46f5366e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0def3adbc64c55794642e056ca21aace |
| SHA1 | 85b51321d25b03b8a300809fec119cbc4dd78785 |
| SHA256 | 108c570dc896a2362b8c4b35183a9d36589e2733bf74859afc68bb8ba8c46c40 |
| SHA512 | 27f048eeb3e738102b6a258f6a14ec10907b20d5232a63c5266adea727b2518ba5a31b70048e0f0999a5199ed64326de75df94b46fc29a057ac039f9593a9e8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cf3b30a22bfe7018a9331a4a8ce9ba94 |
| SHA1 | 282cdd6ad7b3f6234b0a1b9b8f1aca305312eb9c |
| SHA256 | a4edcdc4eede4060af7e86c1c607effd46a82503f08dc340849b16671264cb96 |
| SHA512 | c4ac227e6a1db8473f327f53b064f7415908522760a54f475e4f572bd30f0bb078c070a54243e98869e416dd0946aeed32fd81627fe2bd93113afaae726c4c1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9d5aff8ea6645f19da948a300ad8891a |
| SHA1 | e0c443e720489bae7ca2267c3d554770f57eccd8 |
| SHA256 | 0ff42580ff1ee7db5a4fcf6f9bde0865f3023c2696526d5c1bb9e5ea7b10a682 |
| SHA512 | ca4ded619084ae6deb10cf6fc4fa31c782fe7ca15bc91e93619f5ef588002e2fb8ecabe78283cc50e6220675578c898b78d616395c22b4aacfa78d2cee629bb0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5bee73.TMP
| MD5 | 1c8feb17c5e115d5563736d6944e4219 |
| SHA1 | 94fae22c658cb12419c640e6cb964e23f62ef87f |
| SHA256 | 03a6f75835f49c442cab56efeae97ae6ba39aacc35cf4ab3177c4d20f41f2fbb |
| SHA512 | 595705d70cac2aaf173ada0c932139ab5036ffb7ab898652336f638e301b7b6b8cc3a92400cbc73b6aba3654e3fdb1ff226b8c9ae79a08fd5444635b3fa8ada0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2cc3ce2fb2e3493f386a17b0b63805d6 |
| SHA1 | 3c1e79ee2b8879ff033dc33c8d33fa8f23d826fc |
| SHA256 | fb5a375fb8ae1c8e1b9b15a79addb9c3f1f58efbd24fb94f2b8fff6d01adcac7 |
| SHA512 | 9bfc597ef16a7369fa06b856469e2665e6ae14f4c6bde273adfbe9eec2ee87b8b5845489388ca06519b2c1cb59ce252ae0ff5fadf7d4608d3e00e36d75520651 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 41e8b2494ff8bb040a3c9f49665ca80a |
| SHA1 | 9064c7bfc834976c09ca5ba940fb019a447a5531 |
| SHA256 | 273f5d185878b34f2f3fee4d45a60d4afa8f6b27934b926678382a89608bd266 |
| SHA512 | eada073faa7df261b4ec79f459b61a3cbb14e5b5ff6568868e5801c5a1e4465216e9b3d414d520e45b36c5a956963bdf8ae69d0aa2140a7af7b9970b8257f258 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 923de70b60ec5af1b7749054f96c2815 |
| SHA1 | 625874671c49fb829d65125cbfdee0017871c2dc |
| SHA256 | 58b3862c1b6593c02fcd017ee69524fa5b0b0bd19ae6af85cd92b9ec33f97a16 |
| SHA512 | d2f19eb6028e91888e56f44e7e10bd8fa28e954f29d386520d8a8eb81e09c45329d3e187ea3db33ad951b2a62caa45376e9a6e0c62d013c93f2ddf1e8ae55d60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c718f83dd84f7e932367b024693e29f0 |
| SHA1 | ab61225f4157711b9cab2b3d7d72143151838552 |
| SHA256 | 82d02fb671594b9c694d0034359c26eec3fa1e3cd6f1ca4f6ee8ed3ccc23bc88 |
| SHA512 | d80608e4a29706d7b0b0092fc7f23076ce2f453288131d6f0622e510dda3715308305436aee5de8eb187d0b7773cda26640e2533c7f5d00c829deada9f4caf37 |
C:\Users\Admin\AppData\Local\speech\Microsoft\Speech\Files\UserLexicons\SP_2D9DD7E1F19A417680F680FF1BE35F81.dat
| MD5 | a0ee2e2ee4a9ba13cc0dc6452f3e00f8 |
| SHA1 | e2f8300e8408f243dfcb5ca68e04fbcab67d38bf |
| SHA256 | b681aca11860c33275fc368874409aa50af188bada9b644261304130589f4de4 |
| SHA512 | cad21df0ddcdb4407ea4100812a4f58dc659cb0bd36ff7716d927788b0f5b9dd7544578afae93fcfcb3759c502351ed7a2df2c2c692a31df02835b55a7964060 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | dfe2f4061c3af62029722d23bb659775 |
| SHA1 | af63fbeec07c2ab1f2da40837e15805eb8261bbd |
| SHA256 | 4200c799371c33629c51d4dec3009d87683c3d6e8942a1b51085b839508cbb56 |
| SHA512 | 01bb5bfc4991e8179e0e9924725a516f02f0b826cbac556ce7c59e88fd8e068541aec8406e60db1381e403843e45993b051928079f0948beb66cc8222c696cf7 |
C:\Users\Admin\Downloads\malware pack.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5e8b4b1d41382e887f2b4e74c8632e48 |
| SHA1 | cc065a3c1609737e8c83f0d1fd121078a4d14065 |
| SHA256 | dea991cbb353b640971de5b8f69460a57ae0bcb0f056a00816965e9b296bf9d2 |
| SHA512 | 89526db7ca3e6528b8849be40ae4616abd7891c818b15a7093584a0b66a54d230b6e8e141e893ce301b91e1529e6228b49d46f993bb468b2d3cf0fe5ab6c4be4 |
C:\Windows\System32\x
| MD5 | 969e3a1fac1236d6bdf35eff69f9b241 |
| SHA1 | 945a2a0d1653d61b0121e9bfb4e59bc3ef4ca155 |
| SHA256 | aa4917602f1ce3b0b210ed309cd27887cb2ab73ff18f928e07e9423180b88eb9 |
| SHA512 | e7801007cc0e94b4470c108c4540df57b1867bc0889fb0c6ee1754ab82ed7260a0f21ac79ca3ad9577b340ecf1dd069b60ec04a48cb34986401326853f21fd31 |
C:\Windows\System32\x
| MD5 | 3f7105990762acdeab73dad5893a0968 |
| SHA1 | 3bba599c9db8686561ca67f32c5b95fd79bd3339 |
| SHA256 | 97330e7450ed724e86fa930489e40d7eb8ef7f2eb8440f900b17c2b3e6ca8144 |
| SHA512 | 771f79408eaecea7b26662b5e4cf116cad56369700d99bf6b8b7b1ed5c3ac85900bfe3c6f3fd8c6b8e38c6ae1a3c98bbc3236ff5fd8aafef3de588828ab0641e |
C:\Windows\system32\x.js
| MD5 | 8eec8704d2a7bc80b95b7460c06f4854 |
| SHA1 | 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326 |
| SHA256 | aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596 |
| SHA512 | e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210 |
C:\Windows\system32\x
| MD5 | fc59b7d2eb1edbb9c8cb9eb08115a98e |
| SHA1 | 90a6479ce14f8548df54c434c0a524e25efd9d17 |
| SHA256 | a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279 |
| SHA512 | 3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1 |
C:\Windows\System32\z.zip
| MD5 | cf0c19ef6909e5c1f10c8460ba9299d8 |
| SHA1 | 875b575c124acfc1a4a21c1e05acb9690e50b880 |
| SHA256 | abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776 |
| SHA512 | d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f |
C:\Users\Admin\AppData\Roaming\MEMZ.exe
| MD5 | a7bcf7ea8e9f3f36ebfb85b823e39d91 |
| SHA1 | 761168201520c199dba68add3a607922d8d4a86e |
| SHA256 | 3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42 |
| SHA512 | 89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523 |
memory/2732-1329-0x000001F543560000-0x000001F5437CE000-memory.dmp
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 68de3df9998ac29e64228cf1c32c9649 |
| SHA1 | be17a7ab177bef0f03c9d7bd2f25277d86e8fcee |
| SHA256 | 96825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43 |
| SHA512 | 1658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f738fcca0370135adb459fac0d129b9 |
| SHA1 | 5af8b563ee883e0b27c1c312dc42245135f7d116 |
| SHA256 | 1d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63 |
| SHA512 | 8749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ec8e130ba4309adbe49ffdbf218f11d2 |
| SHA1 | 5c204c4d88f22921debe4ef5f9b226906e88e99f |
| SHA256 | da112346f35f0a72c0db9797a402b820f1c89577612d5aec23d8dd4a41c4a30f |
| SHA512 | 76ab3d367649888e8914ec1a8406e90e7622facab59372030a0dccd5c38baad80aa808964200dfb3b674632a57e3fe796667c7ff20b2a728dcdacb39a941d599 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 081c4aa5292d279891a28a6520fdc047 |
| SHA1 | c3dbb6c15f3555487c7b327f4f62235ddb568b84 |
| SHA256 | 12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f |
| SHA512 | 9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69 |
C:\Windows\System32\x
| MD5 | 152e0ab8d0a112b3417acce6ee1d2a0f |
| SHA1 | 236f0784466ae83f26df6f4a4094d1b95acbb451 |
| SHA256 | 0f1d27850230f42f02defe840a14807bbeeeb79184d77a27367b77deb9033bf9 |
| SHA512 | 5cbd26cecef2848d9bd7ed54c1b6ca6061feae3761b621a12ae19ff3ffe9ba971dac60fe8ec1e2dd73a4ec6a0e080a1e2f4be3deacfb2bd814d652c4161a2e9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b1cabe83239d7bf858584374eb3e3399 |
| SHA1 | 509e9533733a4c38023d95b2e9275c55866b7f25 |
| SHA256 | c641531ae1fc634eef3dc6deda9494adeae747c819b7c058140cc1819c34ee1c |
| SHA512 | 819aacff59952702aff5197ec543650605f4aa0520861ca62ad77ce3a955bc57d97fd5b731a274fdec3d7959870f141cf52deeedc8cc5ac88420dbc4e7566234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e6c5db069607a6d5699ee326c2da4e19 |
| SHA1 | d1239d133a0d8c664e858909003b8e28b126fd8e |
| SHA256 | b7e62e759a039eac4a9ac25109db646f368881e97c0a70562382b03e52477903 |
| SHA512 | 1e59859b42ae2ef9380fcd51149e7eb9ded4ba610d55754bbb85507615b9fd6b7fb03cec4318dda3b48a72d0c015326c10c2ff24fb98eef6d70d1d7a1615c001 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:58
Platform
android-x64-arm64-20240624-en
Max time kernel
1146s
Max time network
1188s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.212.238:443 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.14:80 | google.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 216.58.201.110:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| GB | 172.217.169.78:443 | apis.google.com | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.178.2:443 | tcp | |
| GB | 142.250.200.35:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 8.8.8.8:53 | tcp | |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.40:443 | r3---sn-aigl6nsd.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigl6nzl.gvt1.com | udp |
| GB | 74.125.168.170:443 | r5---sn-aigl6nzl.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigl6nsd.gvt1.com | udp |
| GB | 74.125.105.39:443 | r2---sn-aigl6nsd.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigl6nz7.gvt1.com | udp |
| GB | 74.125.168.105:443 | r4---sn-aigl6nz7.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.70:443 | r1---sn-aigl6ned.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigl6nzk.gvt1.com | udp |
| GB | 74.125.175.105:443 | r4---sn-aigl6nzk.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigl6ned.gvt1.com | udp |
| GB | 173.194.183.71:443 | r2---sn-aigl6ned.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6nze.gvt1.com | udp |
| GB | 74.125.168.134:443 | r1---sn-aigl6nze.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6ns6.gvt1.com | udp |
| GB | 74.125.105.6:443 | r1---sn-aigl6ns6.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigl6nzs.gvt1.com | udp |
| GB | 74.125.175.70:443 | r1---sn-aigl6nzs.gvt1.com | tcp |
| US | 1.1.1.1:53 | sticker-pa.googleapis.com | udp |
Files
files/dom-0.html
| MD5 | e9a7b0e81bcbbf2c499f808e9b015c1c |
| SHA1 | 8cb011436bd6ccfea5d4311749b0016506ce776d |
| SHA256 | e6ccdf4105c384cae84a03f04c3db9680ccc25fd933eca596733cf3b4f86eb72 |
| SHA512 | 2900f60f408c6ef3ced07a1749be9fa04e047ba43a5ad602da21bfe708f035de1e15eeecf3ebdc80f996d1f783cd7f8095a0e0e88df4800d77fae1573018358b |
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:38
Platform
debian9-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
win10v2004-20240508-en
Max time kernel
1781s
Max time network
1790s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637819088851336" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe986aab58,0x7ffe986aab68,0x7ffe986aab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4392 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4700 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4724 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4600 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1552 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4568 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4548 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=740 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2452 --field-trial-handle=1928,i,11273653391812788499,14114235925001918829,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons5.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7a0471468a41580130264c6e6a3c22fd |
| SHA1 | a40baef3a5e0d051c1f5930a3a839419747071cc |
| SHA256 | 134d25160431b7029e96e5291dd80790ce37980ab99b78c979bbb54dfcb404e8 |
| SHA512 | 636dd745a472b464659b2dff1c4470ce26a3d1dca4a29fba84420b4ee10919777b76563c58f37023bbeb8ace754828b8f2edd8d15a88943b0e2bad335d72845f |
\??\pipe\crashpad_3560_FVRIXPGGBHTTYXPS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d5dc1879-de7c-4f1a-b649-51a667f55478.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a18409f3315cebbf05435fd4f9821433 |
| SHA1 | 058e52e11f7fd9378a0c39c9ff52e6769d8c24ff |
| SHA256 | 7f4e14975db0bbf3218f90e9eec961066c8cf9ae4c8789f77087f926055e6046 |
| SHA512 | 9cec0e4a20591730474caae22fa56f4570bffbf0322fe5eee60ed1ca56a75f2a46457646efe0f732159e47d0264a4d81291a580998f4d9261c08cec5f852418c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 799a4e5341df4da1fd6c048967abbdd1 |
| SHA1 | 44d028d62b0514f4b64b3bd7bd2db637c4557a4b |
| SHA256 | ded856357a1a4f9561994d8a72140876304cc87c7e4e20f43eda1cba5c7f090c |
| SHA512 | be1335ca0da9c7503a3b1a5ba14331fa5a19680ddb83f2e56f77deb127591796be59cff164b10dccbf4395297465504c5d83b585ba8cd37664ee9af295538f2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 12d494e3dc645537921452786d39befe |
| SHA1 | f4f3b35624137c2ddb179e277251a800c4a32b2a |
| SHA256 | c3e17cc9c90e251d46b8aa932d5e8096715fa26e368185f7162d8e50e2b87143 |
| SHA512 | 360da234a70713e7191031b8079f7051f0c3d530215b91759565ab0f61cb21c9d58cfb12215fdd17a4653dac58003f643e794b2de529e7bb3f7e56f18405fe54 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57de3a.TMP
| MD5 | b2a81791090227b5ecd7778824e28aaf |
| SHA1 | 2c50bee3585444683e7833a369bc0aca4343c2a0 |
| SHA256 | dccf6295a4aaf38869d59f8192c6a4a1e238b337f477fafb38f799f3127feed0 |
| SHA512 | 61306a1306245c06b5e03f4e5d16ee7a20e67c9683682e95cf011e26d67d8776fbb087c054dc5cb74db9b073f8794309d2e0c6e2bf762e0bfcae076067a265d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 126ac243530b5c9aecf7d5af392f9b3a |
| SHA1 | d9902d8c2792e54f3da9c03a621d6c167481cc38 |
| SHA256 | a76b6c9cd751924a4f95744438fe0ad7d71e204450864a911c0270622bef5ba8 |
| SHA512 | 21a44056e7771f69013f67980294bdc55a23b7a09da521fbf8a9dfc10dd2c7062f65312560fe679035563919d463c45df6694ddeaeda73ff0919077eb4e3ec0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b49cf434e44d4ebaaac587c471861734 |
| SHA1 | 011815009918239b88c0478af2be799ddeb4d23b |
| SHA256 | c94c0d637fb4506f085f821b2ce2f8c3c968ba5f377ddd70f55d5818f017ca41 |
| SHA512 | 9e226d81f31f7bf9a7ecb03eca95d2b60627aff28a124caa9fdf1524881d04653a877480c5c84b847bd81d9b5267d99460e54673bad7a0083dac3db04b1ab32a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 01be8da81459d1b79a0527af36333297 |
| SHA1 | 6d7c1b2e3fa4fb83811299bdab69869e34e4b6c6 |
| SHA256 | 4a55f4dc83d7f0fdab3fc10c418768f262a019ccdadad9489f532269db7d5848 |
| SHA512 | 1189ac10df0dadb6c1efd68bd399b6ca1a6a35ccc5cfee4e87bea5d450d48298d24ae4337019cac3f98e8533a01303d0259e383ef436f27714dc06ad98ebce94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | dec68a047d554341a02128b21c0f2254 |
| SHA1 | fc03560979e6b8e50108561ce3055142a239b3ca |
| SHA256 | f7e45ec77964d99855ca43536bf050330c4c8b5b75fe0e1fe5dabf383b16b7df |
| SHA512 | b7f5ca624cd5c11138715a35e01614fb7259000a5ddd603ebe4d29cc83956a7c7f6b0eb3a63097b87d89f4188a52a8a34a4aedc6eb400d06acfb494b38259c95 |
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:38
Platform
debian12-armhf-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 09:38
Platform
debian12-mipsel-20240221-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-25 09:37
Reported
2024-06-25 10:08
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
1798s
Max time network
1702s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1786/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/1567/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/140 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1577/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/fd/57 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/144 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1776/status | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/1823/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/1615/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1669/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/100 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-identity-service | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/67 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1722/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/task/1724/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/110 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/34 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1776/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-afc-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/1792/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/1581/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1681/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/130 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1394/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1389/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1562/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/fd | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/136 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1512/root | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1556/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-fuse | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/nautilus | N/A |
| File opened for reading | /proc/self/fd/77 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/93 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1749/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/dconf-service | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://google.com]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://google.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://google.com]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234760 -appDir /usr/lib/firefox/browser {b0519a8e-1471-49b2-9f72-f94ec686c96d} 1512 true socket]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20193 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {0e487085-880e-4d1d-bf8d-d61419c16442} 1512 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28962 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {0b8dddca-dcbd-4f33-9c33-951b52c089db} 1512 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25458 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {6032828f-3d5a-4c63-8540-1fa826471aef} 1512 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29617 -prefMapSize 234760 -appDir /usr/lib/firefox/browser {391abd72-7b52-4e8b-81d2-ebc0b81e5248} 1512 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {6d9dbf40-3099-4789-9a4b-ada84c6a0f43} 1512 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {a70fa6f8-d3a1-4c23-b0b9-5f7ae0472a82} 1512 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 25736 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {f4e57e62-1217-4db0-825c-fc9a95cd4785} 1512 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | google.com | udp |
| US | 1.1.1.1:53 | google.com | udp |
| GB | 172.217.169.46:80 | google.com | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| GB | 142.250.200.36:80 | www.google.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 52.25.243.81:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| US | 1.1.1.1:53 | apis.google.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 216.58.213.14:443 | apis.google.com | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| GB | 142.250.178.14:443 | consent.google.com | tcp |
| GB | 142.250.178.14:443 | consent.google.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| US | 1.1.1.1:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 1.1.1.1:53 | lh5.googleusercontent.com | udp |
| US | 1.1.1.1:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 216.58.213.14:443 | apis.google.com | tcp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.180.1:443 | lh5.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | id.google.com | udp |
| US | 1.1.1.1:53 | id.google.com | udp |
| US | 64.233.180.94:443 | id.google.com | tcp |
| US | 64.233.180.94:443 | id.google.com | udp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | encrypted-tbn0.gstatic.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.18:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.98:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-chains.prod.autograph.services.mozaws.net | tcp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.49:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.96:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-chains.prod.autograph.services.mozaws.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
/root/Firefox_wallpaper.png
| MD5 | 2c5a14b6b04e085a6a431512af4735b5 |
| SHA1 | 78926ad3361608a4c5c2b06c5e683f4624624247 |
| SHA256 | 90fcc3a4266bdc3229abad7130d381a65a9eccd31fdd1426204d645012362834 |
| SHA512 | f431971a64a041af9a3aa74f2d4e27a015763f6211d76bc0546649ec5f37e4860686e9b81e88899f5a8069ac1c4d62159b425e4e71222d512cd288da9c1be1c8 |
/root/.cache/dconf/user
| MD5 | c4103f122d27677c9db144cae1394a66 |
| SHA1 | 1489f923c4dca729178b3e3233458550d8dddf29 |
| SHA256 | 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 |
| SHA512 | 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54 |