Analysis Overview
Threat Level: Likely benign
The file https://voxiom.io was found to be: Likely benign.
Malicious Activity Summary
Checks CPU configuration
Changes its process name
Reads CPU attributes
Resource Forking
Drops file in Windows directory
Writes file to tmp directory
Enumerates kernel/hardware configuration
Browser Information Discovery
Reads runtime system information
System Location Discovery: System Language Discovery
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies registry class
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks memory information
Suspicious use of WriteProcessMemory
Checks CPU information
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Analysis: static1
Detonation Overview
Reported
2024-08-24 23:07
Signatures
Analysis: behavioral17
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
ubuntu2204-amd64-20240611-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/module/apparmor/parameters/enabled | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1593/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1577/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1577/attr/apparmor/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1572/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://voxiom.io]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://voxiom.io]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
/root/.dbus/session-bus/f2de92a803c744e586bd87567a26b68a-0
| MD5 | 932e3ec73bbd53743220f67a02a1ea46 |
| SHA1 | 2f16333b8f14e206d88e683a1d0a6e090d45cfa3 |
| SHA256 | 2e53edd41e567b26b2fc939651a158fa1d1008936b5a28bb6c43081765226738 |
| SHA512 | 0234e7d2d8909c621046dfd2262301fae35b691d1182e973ed238ff6c3405c551307eb2c01ce3d053dd1e2e7d96e697407085114cf51917da0a5f9ddd4f80d95 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
win7-20240729-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430702763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEC35B71-626D-11EF-9E5F-7A7F57CBBBB1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f0b4947af6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000bd6a10b7698dbe1499f928a58f3e2645d9d77900427e651a254146caf926e42f000000000e8000000002000020000000d443dbc73ea142b3f51652e0161dc70d17501db0a36b485aaf5a5ce38a1c5b54900000001ca5f5acb198ade6c124291c14cbd3cd140cbbd752a6e8cbffb4d6994977df47d732f2f98128b7c866ebf095634ce7eacd846566b0bbfa708724cd7720020fd2c785da5dce7b5454c033696875bb2c9a5e48ad7e1e4e3e83966114b372441e25494bcce58cbc8b0326c0d7652d8cef40f5c0ff44ac5b4ef3c7ff355c88d4489de81895e3efe58c5191f098a1622d086c40000000c824a11e87bb8eab2c99dfe515fd99afcdfc601430cd5da2d12ff2a3e022b0c8ab29dabfa5a6551fb4e12f79b63bcba84b90d1ba6e7fd868343626f75934d7b9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000002cc19e525ccbed4a7fe0d3b891d4758031bee00891d9ebd99de438adc2a05115000000000e8000000002000020000000be8b2693bab17d15d713e96832b4cf6c08588e8a4ed76b08b483380a8f25e9ec200000002840b0d86af558d7d945c14f9d87369d303cccea49f1831a149c9181cd2997f740000000eb62f2ac214d8965ab2bd505255282d755af052e2ef4d43ef0deef7409abcd0801163028c57ca6214784d55f96fde262b5f77e5b15d3cb009e787704634fca4f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1792 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1792 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1792 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1792 wrote to memory of 2772 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://voxiom.io
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | matomo.voxiom.io | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\0048a147801f815194c5[1].png
| MD5 | bb48b87176e04a277733372fecd69bc4 |
| SHA1 | 9d65d432eb2487f76f2339fbdbe0c28f750d67ba |
| SHA256 | aff3a66cd65c640d87b3f8f8d3587f6fa2d958b9b7c157bd1e83c14ec6d7fea5 |
| SHA512 | 9720b4d2680bc31bcb18319fddf00669d6ddf7677759b6d037526c2f13f1bb09318b1527a3cc70dc29d27a62d8f6127501b8ac8c1181a56991871757d27821c4 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
| MD5 | 722e99900deadfc2b90e8926d6dfb598 |
| SHA1 | 9eda1446104db9fb9a346b3d83237b2ecdc75759 |
| SHA256 | 6ae7d88f351cb41b9dfa8d7411dae8192d55bfc574821421b005a8945b67b4aa |
| SHA512 | 5aaa57fdcb944cfd642a2c89ac1a11f496c70900f495292274eabee97fc14f16e5c3a65a4808ead1c8736c593313d54b7a9535138f84169fd5eaf2ed39979078 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02638bc990825c6ec3c981320a0805d1 |
| SHA1 | 18257b5b81be4e8b6d1266e6a2c617e0667239c3 |
| SHA256 | 94ed4e729353ea1324ab2e0644c6a5572208192f74a43f843a8d57deb617d944 |
| SHA512 | e854695882a46411663b68e7ad2ff8f001b23b120dc4923de39eef84d63782d9daddfacdce7349234f898f82b9defc3629e8adbb7268d206b30f16e32e37c43f |
C:\Users\Admin\AppData\Local\Temp\Cab6088.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar60F9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e949135ec10287404f0d4a9a3968ac6b |
| SHA1 | d417683f59973a778f9cdec097b31a98fba02a32 |
| SHA256 | 4deba26e531d475c2bf2c487ecaed7576021ddbeee63425d9732555b87058e82 |
| SHA512 | 98b5b35357ff5b19022db7da569a76e4d4e4dbb0c5264de22b94d8212a3d7f513b4825a81c08904748b58cae72298234fd68d04b8427ddb77a36e5e8580cdd5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccc3b1b909cb67d4f410b9e0a648dccd |
| SHA1 | b50dca731477cdb6104081abd24a564d27edf4a5 |
| SHA256 | 6474afa67e65e1f3369ab7cf87273ffac07f607b3aa8088a194f723e278e4c3c |
| SHA512 | 53a1d3b2ce1339874cd18d1b918660ccac121e03559c0bac2e9dae8c1fdd1ef93967355d3f07ae995df99368741059dd14ec31223776261adaf54409c5699db0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94e32379394d92bcb0b5386d482ee0e3 |
| SHA1 | 5b598e2eb4815215386c7235a0cdd22975c15be8 |
| SHA256 | 79d28e7f4e91647d4364e42ac541c46ae68b6a9d21f28631ecd9ccb56d96370f |
| SHA512 | 935255038c6607723087bff870932ce5fb40d22257e6b2f781f1c963d2e09f69ebcf8228dfaed83fe624c1359afced3a01f55486198afa25ceae6275f2cdcece |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f261bdae887d6557c855277093e383ec |
| SHA1 | 3c7cdc4d1ead918451481d49b5399050456946a1 |
| SHA256 | 51c9199a6ceae4cdb604bcf294147b02e2bb669f5e836f8d70f0359adf2b22fe |
| SHA512 | 9111398694d013746323249d5fd36cfab98189f7c71603cbca0726965976f5be3cf4ba31962420d3e9a23f8da9d19d612d7579eff9b5ffe4e6d4ca3d282f58de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4e924cfdded83800dddcd464a5affd5 |
| SHA1 | 2ab5f498b5cf1f81f6b8d7de0449e6ba893fc281 |
| SHA256 | 544138955e699672d3d6d5372c47ff5c54b02601ce39080a2ed6bf66ea6993b4 |
| SHA512 | e94dd6865f29e4f5132a45a37504e2dfa80b5bbc98d144f147cb81d8a41ca5e1aceb32bb6c3267b67d68c9e65c5daaa1b5280273696a9b2456cdc72751cd1c2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d617147ceb3d8ccd8d6f79ebec780e82 |
| SHA1 | ee00441261eabd52f3399c82ff53baf8909e0cc3 |
| SHA256 | 09736cb0b93398e8e3af3fc429038947a0d3006f3d810aa9fe8a0aca026268e6 |
| SHA512 | 937bb60b92abba931e13d9fe54e593721a91293bd9940bdc4f47217000148ac1c75695527769faf017794764cf52fd7b15d9a0b8ea81ca80890f7d5ef1643288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed3951d3916682c19e224a122da6f820 |
| SHA1 | 9be377ef89a1fcf7a56c98dfed16eda369e48542 |
| SHA256 | 664bc19a2dd04d94b39062de925925b36063eb7100d4dbc22bfa008fa24ba584 |
| SHA512 | 85e27f4fe0c94ac4d62cc8dad7d0bd8857267ae3b982aa316cc0590af2d30de5e4ef40b61ade3a9d0e009fb1fc3f5bdf4c81ce9dde992ca474861b0a276c9504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b53a04dea8e900bb07df95dcd7e88f7 |
| SHA1 | f88d9aca15bcae0c038a1fa8819f8c1ad93c8a1a |
| SHA256 | 782cb74aa88a382a36238fb893cd0db8adf8bdad815558cd95b01181b79e0937 |
| SHA512 | f526a2cc24233d60ed48c0e43702e212cd495a71ceb8aa63eea2f2e990c43b7e319a0575f9623806eae309347ecf8694d2aa9b4f4109c4dd70ba9a7c86253259 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 820de585a3401304ee7e2d4fc22a2b2f |
| SHA1 | 1e05a9f72b7545492b16cd9402872fe34913da36 |
| SHA256 | 5434be8f610b095a43d3ef3af2daba080421dcc694e0b871bcf57cd355ee73ba |
| SHA512 | 2a285ca8bf6d8e0caec39a802983214806ddb5eadf2419c503368347acd79d3e7e73dc653acd76cf256334fa76039bf8811677adf3d3b76c3aa13ee34113bb4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa4ddca579b80d1c94e828ffd1b5a40 |
| SHA1 | 855c7ecffde0d3074ee25c8c42b0a19d13eb7495 |
| SHA256 | 69c58c509f6e7cef54c9b7a9c34039f0c9fb97b963c12a1d0b19dfc54c58d68a |
| SHA512 | 4aaeb39865b5b2c04d3b8368e08e30be148e79a2e3458cd5f5bed60a9a1a49f411bd7f02ee02f54ed1378e3b96e37567b4142d6a71673ba1aee2e8c0d1aaa86f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe6cd9b405324c32e744c307da2aaf1f |
| SHA1 | 79fce4f334461e924823cdbfee0a7b1d8b79504a |
| SHA256 | cde903fd1c22e8c813cb3884c17a116c1597bcd24dffe25ac092b0d82476ebcb |
| SHA512 | d17efdb67e5cbc2dd0effed58d94f4e12472560b8dc1417829ed1d435e16cdf8fa83507a9aa7ffa729616097c166399ff3b8d02aad7d4b22c18eea0c2d26eadb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67d7040404dd9824afdb351612692606 |
| SHA1 | c920725e49f9adca9a9dffeb0bec2df377bc42c1 |
| SHA256 | 429477d0278e33b0924c3f4023e60d5916bfc6eca8a0a87101e7b7d58c28035d |
| SHA512 | 763b59670670da6b15d387d9f8e510cc7444d225460e3672af0402ed318ce6c854ebf1c362c176a2ff974ababb7a15191ae962b05aea6a4ac098b131328eb2ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 580a52c544b9050152cc75d6a85161d3 |
| SHA1 | a9998f10049ada877701c6461dbe49f8dbfdfb4b |
| SHA256 | 889a4cd8694a510a1873a6977f16b272c4e1195ebb3305be1a4d3ea0ef231828 |
| SHA512 | ee38aac03ce9c983e2c6d3c66bb512f4191d8f8a1b5f96b068047f23f8be252071133c97d95b006d19b193a1233bbd8ee1196732bf2f9db83beb95f60c8ef8e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c938a9bd512dd817eea883960cf4305 |
| SHA1 | 348a8af7d4fe4da0941dced7e8bdce3167e3e6a0 |
| SHA256 | 36042a5191124b96e19edebcc4e8183d7616d4a12eb6df147fdb162d9996c649 |
| SHA512 | 4936abf7e40d321cac3757287557eb3410657bba18abdcff3830be1c38bf98380afcf05506b7d5b598f25ba26f82b079438e5493e64ae216ccc1e411e4f7211d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 033bde7f7822c2ad08dec903b6d9601c |
| SHA1 | bb5b488f614cb0b57f3c0ce34737f97562b81585 |
| SHA256 | a9579e8db3664875d5b709db407377fe7214cb53bca27df504b6cc6b3489db12 |
| SHA512 | 46bd4fc5b870e7903d7f2a6c93baa2b3fee06f734b75c8ff05c33e5d6f52baeef50ebac5ceb554b301b8e5b4f9e0ff6577b49cc4df69c42832da02cf0ef6a103 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe3e0bb7a5dbcff716dd8211a2c54e6b |
| SHA1 | d71fcfc77fd9775008cf0aef047230e648108092 |
| SHA256 | 096ca41ce9ba9b777d5c84331d237f668a2ea0a753eb70926db0f420d40a8f3e |
| SHA512 | df056bb4876671d51b632d6045612b380e7e3a7b8dd220f77731f2228eec8cf4377b029f3bc17c4c2b2d6da44ecb12338672918d2467c310ab7df0bf8fcbc68c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f7abc530497a29a179eaca836de9907 |
| SHA1 | e9e9703a0e74a7c1f594b678f251bd9edfc9d3cb |
| SHA256 | 18eaa96c179f4597a1b2f74e313bf7856fcef4e06728b35c4ca203978cc5dfe4 |
| SHA512 | 1e2f5443c3e74ec83f63168ca6a92349204c23767b6c84a9d809e666f656da7fbc899b24e303b7a5ad40145290b941318a19cf55ba68e380962984adee5582db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d957035724cfe32c351790db20ec4f57 |
| SHA1 | 68e093ba34cb39c6ab7d377d1dc4b3d752d79a72 |
| SHA256 | a7dcb20a3dbc72baf959139ed265a7e31c55b5f474b2e9d0b785729490500701 |
| SHA512 | 98b1671923109e6a8f04b48143a698965f931427fd935f3eda5d4518a4091e31c7c67f28924a85c3236ce3e6c8a23c2b4ac2e98cd5ad5f1b7f773ac276e785ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b67ba1992278f08c140deeffd9c0b92c |
| SHA1 | 6a6f8341c7a5b353f7e389798554b46ffafd4322 |
| SHA256 | a07fb30097f7444ecd618545b94271dac26216b1bee8b0a98212b7ca89c1f972 |
| SHA512 | 00a8f871a9171b274af816f3110f8d9da71b4e85b0b34fcb63a54c4f9dccc690b1a58567add781b3fda97180e878e6f7ccf4d3b70175b8b8a2054355f95c76f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a41dc8faac68e3fc833db6b813bea27 |
| SHA1 | 14ff030e801f234e49079c8e62843fb51e558fd5 |
| SHA256 | c6beaf324f0fbdd47828fc9f5b7f7eda7f4dc3a88e5a190bfdf3358e49abbf8e |
| SHA512 | 2ec23340443228b878a932f28283cd2fee378b6f2adce7648cb8c4e5e93f00d12a797be1fa1e1d51d5101e773724286c36743e2f126b29b7db5c34973ffbb0a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d05a0c66d2dbd140a0df70e8e0b3967 |
| SHA1 | d0aa01d7a2cd8efc62d93875822a2516a231630a |
| SHA256 | 9bdcb7a09f4ca8ba7befdb81db5ea5a1688f8cf2035875e9bc703eaaaeb41d37 |
| SHA512 | d8d4dea8217bfbe5ef9c56c8e82f26ea44598f01273a1f0bc03f4d72cc83c955f412ffcbe92f3a8f5d6ae8311d86b977fa0f461e96edc4050b3889c716b74d3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4f2d0d4de535b043b629044a415d96f |
| SHA1 | bc7d6b6ad93339f291677e5bcb55cdc7c0f50644 |
| SHA256 | aa5d0ecb2ec36bc62604b8bc82e9a4e438abbc0f639687c6dff2c3b8f96915df |
| SHA512 | 732cbf827d6207b30de989ade15ab4ec5afc00a2644017e3cd017840ad1e87e83283befad8bd688872644036d7e477094d8adc3e2972ec28dbb4ba76c8a6cbc9 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:11
Platform
android-x64-20240624-en
Max time kernel
178s
Max time network
186s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.184.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | matomo.voxiom.io | udp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.26.3.232:443 | api.adinplay.com | tcp |
| US | 1.1.1.1:53 | cadmus.script.ac | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | country.adinplay-venatus.workers.dev | udp |
| US | 1.1.1.1:53 | c.amazon-adsystem.com | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | imasdk.googleapis.com | udp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 172.67.173.227:443 | country.adinplay-venatus.workers.dev | tcp |
| US | 1.1.1.1:53 | stats.adinplay.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.187.202:443 | imasdk.googleapis.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| US | 1.1.1.1:53 | c.delivery.consentmanager.net | udp |
| US | 1.1.1.1:53 | cdn.consentmanager.net | udp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| US | 1.1.1.1:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 1.1.1.1:53 | config.aps.amazon-adsystem.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 108.156.39.27:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | invstatic101.creativecdn.com | udp |
| US | 1.1.1.1:53 | tags.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | static.criteo.net | udp |
| US | 1.1.1.1:53 | oa.openxcdn.net | udp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 1.1.1.1:53 | e65c4a55be9d9194882b6bfc694256c8.safeframe.googlesyndication.com | udp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| GB | 216.58.213.1:443 | e65c4a55be9d9194882b6bfc694256c8.safeframe.googlesyndication.com | tcp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.34:443 | ep1.adtrafficquality.google | tcp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.178.1:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | script.4dex.io | udp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| US | 1.1.1.1:53 | elb.the-ozone-project.com | udp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| US | 1.1.1.1:53 | hb.yellowblue.io | udp |
| US | 1.1.1.1:53 | ib.adnxs.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 3.78.168.176:443 | tlx.3lift.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| US | 1.1.1.1:53 | rtb.openx.net | udp |
| US | 1.1.1.1:53 | server.cpmstar.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 108.138.217.61:443 | hb.yellowblue.io | tcp |
| US | 1.1.1.1:53 | mp.4dex.io | udp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | htlb.casalemedia.com | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| US | 1.1.1.1:53 | onetag-sys.com | udp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 1.1.1.1:53 | aax.amazon-adsystem.com | udp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | js-sec.indexww.com | udp |
| US | 1.1.1.1:53 | ads.pubmatic.com | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| GB | 23.219.196.188:443 | ads.pubmatic.com | tcp |
| US | 1.1.1.1:53 | acdn.adnxs.com | udp |
| US | 1.1.1.1:53 | adinplay-d.openx.net | udp |
| US | 151.101.129.108:443 | acdn.adnxs.com | tcp |
| US | 1.1.1.1:53 | eus.rubiconproject.com | udp |
| US | 1.1.1.1:53 | eb2.3lift.com | udp |
| US | 34.98.64.218:443 | adinplay-d.openx.net | tcp |
| GB | 104.115.33.62:443 | eus.rubiconproject.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | api.gameanalytics.com | udp |
| US | 34.193.160.81:443 | api.gameanalytics.com | tcp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 1.1.1.1:53 | cms.quantserve.com | udp |
| US | 1.1.1.1:53 | c1.adform.net | udp |
| US | 1.1.1.1:53 | aax-eu.amazon-adsystem.com | udp |
| US | 1.1.1.1:53 | match.adsrvr.org | udp |
| US | 1.1.1.1:53 | cm.g.doubleclick.net | udp |
| DE | 91.228.74.166:443 | cms.quantserve.com | tcp |
| DK | 37.157.3.26:443 | c1.adform.net | tcp |
| IE | 52.94.223.37:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 1.1.1.1:53 | ssum-sec.casalemedia.com | udp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.200.2:443 | cm.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | image6.pubmatic.com | udp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| US | 1.1.1.1:53 | token.rubiconproject.com | udp |
| US | 1.1.1.1:53 | us-u.openx.net | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 1.1.1.1:53 | dis.criteo.com | udp |
| IE | 52.94.223.37:443 | aax-eu.amazon-adsystem.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 1.1.1.1:53 | sync.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | cr.frontend.weborama.fr | udp |
| US | 1.1.1.1:53 | mwzeom.zeotap.com | udp |
| US | 1.1.1.1:53 | um.simpli.fi | udp |
| US | 1.1.1.1:53 | pr-bh.ybp.yahoo.com | udp |
| US | 1.1.1.1:53 | ups.analytics.yahoo.com | udp |
| US | 1.1.1.1:53 | eu-u.openx.net | udp |
| IE | 54.72.42.145:443 | sync.crwdcntrl.net | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| IE | 52.50.71.3:443 | pr-bh.ybp.yahoo.com | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| US | 1.1.1.1:53 | simage2.pubmatic.com | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 1.1.1.1:53 | image2.pubmatic.com | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| US | 1.1.1.1:53 | simage4.pubmatic.com | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 1.1.1.1:53 | t.adx.opera.com | udp |
| US | 1.1.1.1:53 | x.bidswitch.net | udp |
| US | 1.1.1.1:53 | dsp-cookie.adfarm1.adition.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 1.1.1.1:53 | sync.srv.stackadapt.com | udp |
| US | 1.1.1.1:53 | sync-tm.everesttech.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| US | 54.204.207.243:443 | sync.srv.stackadapt.com | tcp |
| US | 151.101.194.49:443 | sync-tm.everesttech.net | tcp |
| US | 1.1.1.1:53 | uipglob.semasio.net | udp |
| US | 1.1.1.1:53 | pixel.onaudience.com | udp |
| US | 1.1.1.1:53 | pixel-sync.sitescout.com | udp |
| US | 1.1.1.1:53 | creativecdn.com | udp |
| US | 1.1.1.1:53 | pubmatic-match.dotomi.com | udp |
| US | 1.1.1.1:53 | dsp-ap.eskimi.com | udp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| CA | 148.113.153.94:443 | pixel.onaudience.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| NL | 63.215.202.172:443 | pubmatic-match.dotomi.com | tcp |
| US | 1.1.1.1:53 | sonata-notifications.taptapnetworks.com | udp |
| DE | 54.93.104.240:443 | sonata-notifications.taptapnetworks.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | p.rfihub.com | udp |
| US | 1.1.1.1:53 | match.prod.bidr.io | udp |
| US | 1.1.1.1:53 | ad.mrtnsvr.com | udp |
| US | 1.1.1.1:53 | ipac.ctnsnet.com | udp |
| US | 1.1.1.1:53 | d5p.de17a.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| IE | 34.252.6.15:443 | match.prod.bidr.io | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| US | 1.1.1.1:53 | csync.loopme.me | udp |
| US | 1.1.1.1:53 | core.iprom.net | udp |
| US | 1.1.1.1:53 | cm.adgrx.com | udp |
| SE | 13.53.196.230:443 | d5p.de17a.com | tcp |
| NL | 35.214.180.88:443 | csync.loopme.me | tcp |
| US | 1.1.1.1:53 | ad.turn.com | udp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| US | 1.1.1.1:53 | match.adsby.bidtheatre.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 134.122.57.34:443 | match.adsby.bidtheatre.com | tcp |
| US | 1.1.1.1:53 | rtb-csync.smartadserver.com | udp |
| NL | 89.149.193.104:443 | rtb-csync.smartadserver.com | tcp |
| US | 1.1.1.1:53 | bh.contextweb.com | udp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 1.1.1.1:53 | cm-supply-web.gammaplatform.com | udp |
| US | 1.1.1.1:53 | green.erne.co | udp |
| US | 1.1.1.1:53 | a.tribalfusion.com | udp |
| US | 1.1.1.1:53 | sync.1rx.io | udp |
| US | 1.1.1.1:53 | matching.truffle.bid | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| FR | 141.94.161.158:443 | green.erne.co | tcp |
| US | 104.18.37.193:443 | a.tribalfusion.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| US | 1.1.1.1:53 | pixel-eu.onaudience.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| FR | 54.38.113.7:443 | pixel-eu.onaudience.com | tcp |
| DE | 23.88.86.2:443 | matching.truffle.bid | tcp |
| US | 1.1.1.1:53 | s.tribalfusion.com | udp |
| US | 1.1.1.1:53 | sync.targeting.unrulymedia.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 185.89.211.116:443 | ib.adnxs.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 1.1.1.1:53 | ib.adnxs.com | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 1.1.1.1:53 | ib.adnxs.com | udp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| US | 131.153.151.114:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
Files
files/dom-0.html
| MD5 | ee0dcecb8142557b3b481f0896375d8f |
| SHA1 | 76ddc8a613bb3f8a900462a121101906e7a50caf |
| SHA256 | 95d0d8ddf1c9dce17ad1da959283d32392643209fb13ec087b0214f9cd8b5f7d |
| SHA512 | 52eb38e6a18f876a4186f32470171462b123cdd85f0814cc5df92587b6e06afd478ec8b13aa5a296e054a58d5a72acab903d68433506a1f3b8fd1ee179603e5f |
Analysis: behavioral6
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:11
Platform
android-x64-arm64-20240624-en
Max time kernel
176s
Max time network
184s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | matomo.voxiom.io | udp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| US | 1.1.1.1:53 | cadmus.script.ac | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | country.adinplay-venatus.workers.dev | udp |
| US | 1.1.1.1:53 | c.amazon-adsystem.com | udp |
| US | 1.1.1.1:53 | securepubads.g.doubleclick.net | udp |
| US | 1.1.1.1:53 | imasdk.googleapis.com | udp |
| US | 1.1.1.1:53 | stats.adinplay.com | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 1.1.1.1:53 | btloader.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 104.21.30.224:443 | country.adinplay-venatus.workers.dev | tcp |
| GB | 142.250.180.2:443 | securepubads.g.doubleclick.net | tcp |
| GB | 142.250.200.10:443 | imasdk.googleapis.com | tcp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| US | 1.1.1.1:53 | c.delivery.consentmanager.net | udp |
| US | 1.1.1.1:53 | cdn.consentmanager.net | udp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 1.1.1.1:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 1.1.1.1:53 | config.aps.amazon-adsystem.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 1.1.1.1:53 | ad-delivery.net | udp |
| GB | 108.156.39.35:443 | config.aps.amazon-adsystem.com | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| GB | 142.250.180.2:443 | securepubads.g.doubleclick.net | tcp |
| GB | 108.156.39.35:443 | config.aps.amazon-adsystem.com | tcp |
| US | 1.1.1.1:53 | cdn.consentmanager.net | udp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | script.4dex.io | udp |
| US | 1.1.1.1:53 | mp.4dex.io | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| US | 1.1.1.1:53 | onetag-sys.com | udp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| US | 1.1.1.1:53 | elb.the-ozone-project.com | udp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 1.1.1.1:53 | htlb.casalemedia.com | udp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 1.1.1.1:53 | hb.yellowblue.io | udp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 1.1.1.1:53 | server.cpmstar.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 1.1.1.1:53 | rtb.openx.net | udp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 1.1.1.1:53 | ib.adnxs-simple.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 37.252.171.149:443 | ib.adnxs-simple.com | tcp |
| DE | 37.252.171.149:443 | ib.adnxs-simple.com | tcp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 1.1.1.1:53 | aax.amazon-adsystem.com | udp |
| GB | 18.244.138.116:443 | aax.amazon-adsystem.com | tcp |
| GB | 18.244.138.116:443 | aax.amazon-adsystem.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 1.1.1.1:53 | invstatic101.creativecdn.com | udp |
| US | 1.1.1.1:53 | tags.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | static.criteo.net | udp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 1.1.1.1:53 | oa.openxcdn.net | udp |
| US | 1.1.1.1:53 | b1e8d83e12d21d9d200ea7055b75793e.safeframe.googlesyndication.com | udp |
| GB | 18.245.143.83:443 | tags.crwdcntrl.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| GB | 216.58.204.65:443 | b1e8d83e12d21d9d200ea7055b75793e.safeframe.googlesyndication.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 1.1.1.1:53 | script.4dex.io | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 1.1.1.1:53 | eb2.3lift.com | udp |
| US | 1.1.1.1:53 | js-sec.indexww.com | udp |
| US | 1.1.1.1:53 | adinplay-d.openx.net | udp |
| US | 1.1.1.1:53 | eus.rubiconproject.com | udp |
| US | 1.1.1.1:53 | ads.pubmatic.com | udp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 35.244.159.8:443 | adinplay-d.openx.net | tcp |
| GB | 104.115.33.62:443 | eus.rubiconproject.com | tcp |
| GB | 104.115.32.236:443 | ads.pubmatic.com | tcp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| GB | 104.115.32.236:443 | ads.pubmatic.com | tcp |
| US | 1.1.1.1:53 | api.gameanalytics.com | udp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 34.198.39.43:443 | api.gameanalytics.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 1.1.1.1:53 | tpc.googlesyndication.com | udp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| US | 1.1.1.1:53 | ssum-sec.casalemedia.com | udp |
| US | 1.1.1.1:53 | udp | |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 1.1.1.1:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | cm.g.doubleclick.net | udp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | sync.crwdcntrl.net | udp |
| US | 1.1.1.1:53 | dis.criteo.com | udp |
| IE | 54.75.251.201:443 | sync.crwdcntrl.net | tcp |
| US | 1.1.1.1:53 | cr.frontend.weborama.fr | udp |
| US | 1.1.1.1:53 | mwzeom.zeotap.com | udp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| GB | 216.58.212.226:443 | cm.g.doubleclick.net | tcp |
| US | 1.1.1.1:53 | um.simpli.fi | udp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 104.22.51.98:443 | mwzeom.zeotap.com | tcp |
| US | 1.1.1.1:53 | c1.adform.net | udp |
| NL | 34.91.62.186:443 | um.simpli.fi | tcp |
| US | 1.1.1.1:53 | match.adsrvr.org | udp |
| US | 1.1.1.1:53 | pr-bh.ybp.yahoo.com | udp |
| US | 1.1.1.1:53 | aax-eu.amazon-adsystem.com | udp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| DK | 37.157.5.84:443 | c1.adform.net | tcp |
| US | 1.1.1.1:53 | ib.adnxs.com | udp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| IE | 52.19.72.68:443 | pr-bh.ybp.yahoo.com | tcp |
| IE | 52.95.115.196:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | ups.analytics.yahoo.com | udp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.179.225:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | simage4.pubmatic.com | udp |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| US | 1.1.1.1:53 | cms.quantserve.com | udp |
| US | 1.1.1.1:53 | t.adx.opera.com | udp |
| US | 1.1.1.1:53 | x.bidswitch.net | udp |
| US | 1.1.1.1:53 | dsp-cookie.adfarm1.adition.com | udp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| US | 1.1.1.1:53 | sync.srv.stackadapt.com | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| US | 54.197.234.7:443 | sync.srv.stackadapt.com | tcp |
| US | 1.1.1.1:53 | sync-tm.everesttech.net | udp |
| US | 1.1.1.1:53 | dsp-ap.eskimi.com | udp |
| US | 1.1.1.1:53 | uipglob.semasio.net | udp |
| US | 151.101.66.49:443 | sync-tm.everesttech.net | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 1.1.1.1:53 | pixel.onaudience.com | udp |
| US | 1.1.1.1:53 | pixel-sync.sitescout.com | udp |
| US | 1.1.1.1:53 | creativecdn.com | udp |
| US | 1.1.1.1:53 | pubmatic-match.dotomi.com | udp |
| FR | 54.38.113.3:443 | pixel.onaudience.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 64.158.223.137:443 | pubmatic-match.dotomi.com | tcp |
| US | 1.1.1.1:53 | image2.pubmatic.com | udp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 198.47.127.205:443 | image2.pubmatic.com | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| US | 1.1.1.1:53 | simage2.pubmatic.com | udp |
| US | 1.1.1.1:53 | cms.analytics.yahoo.com | udp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | simage2.pubmatic.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| GB | 172.217.16.238:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.200:443 | r3---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.200:443 | r3---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigzrn7z.gvt1.com | udp |
| GB | 173.194.135.105:443 | r4---sn-aigzrn7z.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.234:443 | r5---sn-aigzrnsl.gvt1.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.202:443 | r5---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.10:443 | r5---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.198:443 | r1---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.6:443 | r1---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.199:443 | r2---sn-aigzrn7d.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7e.gvt1.com | udp |
| GB | 173.194.5.42:443 | r5---sn-aigzrn7e.gvt1.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| US | 1.1.1.1:53 | acdn.adnxs.com | udp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | p.rfihub.com | udp |
| US | 1.1.1.1:53 | match.prod.bidr.io | udp |
| US | 1.1.1.1:53 | ad.mrtnsvr.com | udp |
| US | 1.1.1.1:53 | ad.turn.com | udp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| US | 1.1.1.1:53 | ipac.ctnsnet.com | udp |
| IE | 34.250.109.179:443 | match.prod.bidr.io | tcp |
| US | 1.1.1.1:53 | match.adsby.bidtheatre.com | udp |
| US | 1.1.1.1:53 | d5p.de17a.com | udp |
| US | 1.1.1.1:53 | csync.loopme.me | udp |
| US | 1.1.1.1:53 | core.iprom.net | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 1.1.1.1:53 | cm.adgrx.com | udp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| NL | 134.122.57.34:443 | match.adsby.bidtheatre.com | tcp |
| SE | 13.50.192.155:443 | d5p.de17a.com | tcp |
| NL | 35.214.180.88:443 | csync.loopme.me | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| SE | 13.50.192.155:443 | d5p.de17a.com | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| US | 34.102.163.6:443 | ad.mrtnsvr.com | tcp |
| US | 1.1.1.1:53 | cm-supply-web.gammaplatform.com | udp |
| US | 1.1.1.1:53 | green.erne.co | udp |
| US | 1.1.1.1:53 | a.tribalfusion.com | udp |
| US | 1.1.1.1:53 | sync.1rx.io | udp |
| US | 1.1.1.1:53 | matching.truffle.bid | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| FR | 141.94.240.143:443 | green.erne.co | tcp |
| US | 172.64.150.63:443 | a.tribalfusion.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| US | 1.1.1.1:53 | pixel-eu.onaudience.com | udp |
| SG | 35.186.154.107:443 | cm-supply-web.gammaplatform.com | tcp |
| FR | 54.38.113.5:443 | pixel-eu.onaudience.com | tcp |
| US | 1.1.1.1:53 | s.tribalfusion.com | udp |
| US | 1.1.1.1:53 | sync.targeting.unrulymedia.com | udp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| US | 198.24.161.244:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 51.38.120.206:443 | onetag-sys.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| DE | 37.252.171.85:443 | ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.26.7.168:443 | matomo.voxiom.io | tcp |
Files
files/dom-0.html
| MD5 | 5d6b0228a7364d2b9bcb9a04b4801460 |
| SHA1 | 6a3d8c7ed0a4c4f497a5d49d47f0c3c836b6ca9d |
| SHA256 | 27e3611001a617126be6a2c0353526c6eea0928384831e8cebe56f9d30a1ec01 |
| SHA512 | 1137501869500d15690e11df785b18f6a0604c0b64f83e074a12055144006fd5cea63a00bfeba8998eb1d8dc2ec8f53f7caa7fea93470d535e006d1e5a71cdc1 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:11
Platform
android-x86-arm-20240624-en
Max time kernel
166s
Max time network
186s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | matomo.voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 104.26.2.232:443 | api.adinplay.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | api.gameanalytics.com | udp |
| US | 18.233.144.99:443 | api.gameanalytics.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| GB | 216.58.201.106:443 | tcp | |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | game-server-d3zrp.voxiom.io | udp |
| NL | 128.199.36.37:443 | game-server-d3zrp.voxiom.io | tcp |
Files
files/dom-0.html
| MD5 | 0ab20042e95d2f69c4fb35cf1046c8de |
| SHA1 | 77c4dc856d5cdd7e75673e5dc9be542e47b17dcc |
| SHA256 | 22af84a2fa91d9158156bb8f6143edd6e900311cf23cb483eef3af239bb4a4cb |
| SHA512 | fc0b52cdfc0b6937cfebbd651ae527da364eef3a34a8e1cf602be544380877314190db0f39693fc11cc19e18ee58cd2fa02d5bb9f7524c37349e7f870dddc9b2 |
Analysis: behavioral13
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:08
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:08
Platform
debian9-mipsel-20240729-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://voxiom.io
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd76d846f8,0x7ffd76d84708,0x7ffd76d84718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5796 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x514
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | matomo.voxiom.io | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.adinplay.com | udp |
| US | 104.26.3.232:443 | api.adinplay.com | tcp |
| US | 8.8.8.8:53 | stats.adinplay.com | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | country.adinplay-venatus.workers.dev | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 172.67.173.227:443 | country.adinplay-venatus.workers.dev | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 2.18.190.80:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | c.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | 232.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.15.119.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.173.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 166.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | e8abd68ff08d6fb0b22f016c10fd747f.safeframe.googlesyndication.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| FR | 142.250.179.65:443 | e8abd68ff08d6fb0b22f016c10fd747f.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | server.cpmstar.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ib.adnxs-simple.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | i.clean.gg | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 131.153.170.212:443 | server.cpmstar.com | tcp |
| US | 131.153.170.212:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| NL | 185.89.210.20:443 | ib.adnxs-simple.com | tcp |
| NL | 185.89.210.20:443 | ib.adnxs-simple.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| GB | 108.156.39.15:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 18.245.143.58:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | 65.179.250.142.in-addr.arpa | udp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 8.8.8.8:53 | api.gameanalytics.com | udp |
| US | 3.228.54.209:443 | api.gameanalytics.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | 103.252.227.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.69.95.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.64.124.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.170.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | adinplay-d.openx.net | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| US | 35.244.159.8:443 | adinplay-d.openx.net | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 209.54.228.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.189.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.111.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.108.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.179.250.142.in-addr.arpa | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| FR | 172.217.20.162:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.170.212:443 | server.cpmstar.com | tcp |
| US | 131.153.170.212:443 | server.cpmstar.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| US | 8.8.8.8:53 | 84.211.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.65.101.151.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| FR | 216.58.215.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 54.72.42.145:443 | bcp.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.179.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 145.42.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.170.212:443 | server.cpmstar.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| US | 131.153.170.212:443 | server.cpmstar.com | tcp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| GB | 2.22.101.110:443 | secure-assets.rubiconproject.com | tcp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | aax-eu.amazon-adsystem.com | udp |
| IE | 52.95.115.255:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | 110.101.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.115.95.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | u.4dex.io | udp |
| US | 8.8.8.8:53 | game-server-d3zrp.voxiom.io | udp |
| US | 34.149.40.38:443 | u.4dex.io | tcp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 128.199.36.37:443 | game-server-d3zrp.voxiom.io | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| FR | 154.54.250.80:443 | ads.stickyadstv.com | tcp |
| US | 8.8.8.8:53 | 38.40.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.36.199.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.250.54.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 34.149.40.38:443 | u.4dex.io | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 172.67.40.173:443 | spl.zeotap.com | tcp |
| GB | 185.64.191.214:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 69.173.156.149:443 | pixel.rubiconproject.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| NL | 89.149.193.116:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 216.200.232.249:443 | sync.mathtag.com | tcp |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| US | 80.77.87.166:443 | cs.admanmedia.com | tcp |
| NL | 89.149.193.116:443 | ssbsync-global.smartadserver.com | tcp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| IE | 63.33.11.39:443 | ice.360yield.com | tcp |
| US | 8.8.8.8:53 | 173.40.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.191.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.87.77.80.in-addr.arpa | udp |
| FR | 142.250.75.226:443 | cm.g.doubleclick.net | tcp |
| FR | 142.250.75.226:443 | cm.g.doubleclick.net | tcp |
| FR | 142.250.75.226:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.11.33.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.75.250.142.in-addr.arpa | udp |
| FR | 142.250.75.226:443 | cm.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gameanalytics.com | udp |
| US | 44.219.108.192:443 | api.gameanalytics.com | tcp |
| US | 44.219.108.192:443 | api.gameanalytics.com | tcp |
| US | 44.219.108.192:443 | api.gameanalytics.com | tcp |
| US | 44.219.108.192:443 | api.gameanalytics.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_2136_LCBVQNUIOLUJEJVJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e4c3e3f43b1ecc9cc3e677476f94f2e4 |
| SHA1 | 0b330939c7242436f168ada9117873c417362ea5 |
| SHA256 | 56b6913c0e90e4bc0d6ab0e6f4afb50fa7b5eb539d0e5e13cd4060e94e778c1f |
| SHA512 | f798db78eb701c7be60d149b8591e8482956b304f06acd4e824f28696f3a7332aa196105d1b2b7486c16876da9cbcead9116e327d87aceddc03ec6e44e3d1526 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9ed574466d5cadca2909595619f94b36 |
| SHA1 | 877c0481a67e3b7ed7571f011ba182c7cc2207f1 |
| SHA256 | 8caf102e1548b4a28a7e1c6c481ba06d1131d1b2cfcbf726a4fdc3a097cccf6a |
| SHA512 | 63c99aaa3bd9340a874dffe1753fcf2b9802d30c7783bddf856b516c61ba774e8f399aea0c7892d71fe8ef0fb17caac486215b8849f7988484f255e6d29d3bba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb3df61d02e4593f8a78e29d32eeef3e |
| SHA1 | 060837cb11d47ce70aa1297be4fe9d7bce089c34 |
| SHA256 | c522e7549b2226f5e58b191cf934d694eadafeacb692cc0643bda7ae7e9e7ff4 |
| SHA512 | c37ab3ab07d6032a27b5832694e25a1dbfdfe2268cb0aef9ca3804016b09228439857e4b8ed0bfbb3fdd610e1b1b1e7748d32048b4732e2e62ff34d6ba80b89f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c47da9df397caf3abda1079ab549d691 |
| SHA1 | f8c0baee7e2b158b629e2b011669a94e20dbb76c |
| SHA256 | 03593149d8d3b30e0d7fd9403298cd76e49860b3275e5a580bc8a0e07f561872 |
| SHA512 | ce0c4cc402bc45c7e1cf0d48993453ae930c5f71dbfecebf85ac42ca5b962e824bef4caa9b980c8ccb14339d2e6793a023d9b94502a0674138c9085dc579395a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582219.TMP
| MD5 | 1db62f26a828f36001cb9ceea6afa611 |
| SHA1 | bd2965cbea403f5f0ae8557761c3286a16e45319 |
| SHA256 | 1914e555f32b15bfd0547a82b1c1c33a8725b4d660d78429d0038c319e968f94 |
| SHA512 | 0ab82b2d3ba1eff91177b9eb11f3b0bca78ffb0472d65dc97a549621b5b1ee64cb811d65405f533a603cd60b9708a4179a5e495dba6c8d1e2d56aa2835e03128 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e89be27731129b91e70fc0ab873bdb11 |
| SHA1 | c174c7ac7843a297fd9841e25b1ed707661a6fbc |
| SHA256 | 219d6f8f8da25d846492708476a3facac190076752e8422b1945b49560b3b49b |
| SHA512 | 8725117cd8ad94ef6b169aa628c274f05aa6e5971a198808a53a137b8b17b90954139b68ca6331af6b545c6dd98b9d61448b2de503d785765f83676dee08d8d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bd39f24cf0f751bd6fbd0f9995edbe67 |
| SHA1 | 19889d609d81bae6e4292689c760911463b8dfbb |
| SHA256 | 7c7ce66594473c85e4a8eb53fc17d6e2e5adb24faa6d2adf98b891defd026a7c |
| SHA512 | 1dd7b08ea31800884af0a1ce9c9bea9fcee9e379a3c597ca2319b84a0a9ed04adf0a4ada23ce2250bffa8ade9f8bed5013e9547363dcdbeb8dce0eaad9545b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1dc9af7d0e6f7d5655aa47fd7f65f659 |
| SHA1 | 8c706ff6fb3c1ada7f7072fe62525c27c6d1642a |
| SHA256 | e547ba96b32336af0dbbe8e3ea7ed538adf4d956fab9b16eda9ec12be8e6634c |
| SHA512 | f4100085fed7ccda856b56b38254770d799eb9ae791d9a37fd324622fe3313dd54f29acee866d2da394356462080ebf86494e905c253c5e7ec41dd247b1df55a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3eebd7a944dc244167cf259d2c94b56b |
| SHA1 | 0c93d95cdf0d4b44b5d22ac49916717373619110 |
| SHA256 | 1a2fb12c6ce19e6af5b3429110f30254878a11d76a7fb69c01137edf25c3b6c1 |
| SHA512 | f19eae61b40d0588d1fa5df096ce060409a07cdbfc531d37a392dd96b369b2e135b5e8aa98fa4611d299f1dc4831390f5e6eb1b21cf0ffb28ea62d55ae7ea84a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3c13287d5bf95f35cf04c35604a46ad0 |
| SHA1 | 3dbd11f89b091912a7cab34d5fa4d066ef433fd3 |
| SHA256 | 56d9edbba4ed8a52b4b187f3a525160a97e81e2d64842510277da116fc7ef852 |
| SHA512 | 375d9d88475093960cda9ade9d751d9ba5b218290350499b6708bf32701e87dc4f886353fd19ca1a3b46b6a11d8efbc730d7efdc538ca99d00a3552b87870b3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b26747babcec484c07cd52a5b712f8e0 |
| SHA1 | 5b089240d88326a6ced6ccd7ecb177cd44b18ff1 |
| SHA256 | cd94bf8e17e431bb6e1918d607ec1579faf08134c259d4d472c26b47485d932b |
| SHA512 | e73ee72abce9649eb62affbff858e0e9596ead390f4cf5219cf0f7352899b9bc834b93503ed6ae98c965dc36c7649739bc11a5fff0c0f3d81c7edcee398e6612 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48a02d71f125b37467f332742904e44e |
| SHA1 | 43b74e43a72a22dd0ea2d8d900b51ac72ab18f59 |
| SHA256 | a84426b0b36308b0c45b5f9fdcb34319f57c266c011b54ba0b28daafa70b9eea |
| SHA512 | 0cdc017ee7f3d42e9da9154fbca25d28fd07ebdff9363cd34694aaeb09be622d1a0d7d3573f4093fbc5c5f2dc399d3cdb50973aee6a15cd537b0965b0dc61154 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8b0e93e694ce5f967df8487b0e118052 |
| SHA1 | a692ce06d32915159ee73db38a8847b124a925b3 |
| SHA256 | d539ff9721ae6ce1ca5531c03e8654fd6e93682d2d1e0d80ba01ed6c0837daad |
| SHA512 | e7627d835f1afd0f0e2a308e7545e6e23f1a87e0b463e49b89054cb905e4078bc386bf4f556918065bce1288587e65e8fe703420ac02be991847525b35672c60 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
win11-20240802-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://voxiom.io
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3ef73cb8,0x7fff3ef73cc8,0x7fff3ef73cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4792 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1740 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 172.67.173.227:443 | country.adinplay-venatus.workers.dev | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| GB | 2.18.190.80:80 | apps.identrust.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| FR | 142.250.179.65:443 | b803379ae92ad9978941f26f4f741315.safeframe.googlesyndication.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| GB | 108.138.217.66:443 | hb.yellowblue.io | tcp |
| GB | 108.138.217.66:443 | hb.yellowblue.io | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| DE | 51.75.86.98:443 | onetag-sys.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 131.153.148.2:443 | server.cpmstar.com | tcp |
| US | 131.153.148.2:443 | server.cpmstar.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| GB | 18.244.138.116:443 | aax.amazon-adsystem.com | tcp |
| GB | 18.244.138.116:443 | aax.amazon-adsystem.com | tcp |
| GB | 108.156.39.15:443 | config.aps.amazon-adsystem.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| FR | 216.58.214.66:443 | ep1.adtrafficquality.google | tcp |
| US | 34.194.76.96:443 | api.gameanalytics.com | tcp |
| FR | 216.58.214.66:443 | ep1.adtrafficquality.google | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 51.75.86.98:443 | onetag-sys.com | udp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 34.98.64.218:443 | adinplay-d.openx.net | tcp |
| US | 151.101.1.108:443 | acdn.adnxs.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 8.8.8.8:53 | 98.86.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.171.252.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.34.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.138.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.76.194.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.148.153.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | 194.20.217.172.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| NL | 89.149.192.75:443 | ssbsync-global.smartadserver.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| DK | 37.157.2.233:443 | cm.adform.net | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 131.153.148.2:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.148.2:443 | server.cpmstar.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 131.153.148.2:443 | server.cpmstar.com | tcp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.148.2:443 | server.cpmstar.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| US | 104.26.6.168:443 | voxiom.io | tcp |
| NL | 128.199.36.37:443 | game-server-d3zrp.voxiom.io | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 058032c530b52781582253cb245aa731 |
| SHA1 | 7ca26280e1bfefe40e53e64345a0d795b5303fab |
| SHA256 | 1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e |
| SHA512 | 77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f |
\??\pipe\LOCAL\crashpad_3648_VAVGWWSVNWRHMYLN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8276eab0f8f0c0bb325b5b8c329f64f |
| SHA1 | 8ce681e4056936ca8ccd6f487e7cd7cccbae538b |
| SHA256 | 847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da |
| SHA512 | 42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21df1d77140b1506680d62e2465bad9a |
| SHA1 | fbbcf39dc63111a242f022efe2aaf67a90e6c532 |
| SHA256 | 5787103dafb9d243a8bccf8f34da6887ed51b4926cb9a0dc63baf13bf95949e5 |
| SHA512 | 020af893f3ef6c65471fae4e6d41be97d60c1eefc02807fd857cd8837c7949dce36a0eb94988dbead8f3a2e6a1df1a9d9909401fef39c68ee00a97d625908cb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 995ab8b5dd37ace73a6029466f271c94 |
| SHA1 | 6f5d2ec5c223f419f26a43dff580473d7b076a74 |
| SHA256 | 01cc026db78bc17799b7272411cb6cff7980c3ef9b397f8d2cb5733b466f3dbb |
| SHA512 | 560b9be70343b6f394b43c8d5531fb0fee3fa9cf82f0f0f3a6fc9af5ab02241cf563add12923b4d40a43bdd22db8420a82464d1023a9333b3fdcdd35ea819c5a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aae42cbd84f9e39d80c1c771d4452bf6 |
| SHA1 | 9a3f23f226fb72959eba61eafeac6447b3d228cc |
| SHA256 | d103d3ac8df918c926b148009fc9bb289370c9cd44c51d471a05334b110bd4c2 |
| SHA512 | 9fc2508b2b6ea96311c2869b6d59b40a82f5c83d2da97a0b4898a33c5afe64eccfbf74ac92b47f9d564c448a963e66a43879d68bc7dae7050d26bf7c4eebdd71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c1a4bb09480d278d6aee6f585657b13f |
| SHA1 | 6a09ca88215423d056a9fff6bed4b4534e695cd3 |
| SHA256 | 7090b077ca1212e273e6a7ae414a0a7f8eecc7b703db5f4dfd6d71bc58b5ec53 |
| SHA512 | 2eb13d29b0df5048413dafcd885c6f98b479ecb2cc1cc6aa2d9d7b22bfd5e3bb781892cc5072eb628ac399b147b6c3b74581375ba0a19050ec01a4551914afca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d8033227629dc57b1db5172b67fddbf |
| SHA1 | 73f6796ab7fc373f97ebbbfd81a23840c0726315 |
| SHA256 | 6511e2a1fa15055307b15c5f8748d89c0ffe58ceb79b58b915e1bbe5072d5be2 |
| SHA512 | 9cd65bce65c8a21bd1248c2d941c5bd3dedb507ac76c13fea41e10082cf3ac653c255b9eb56bc39e763eab6c4535b2b71768e01ae91b5a5df88cb4e59b57425d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052
| MD5 | 6b04ab52540bdc8a646d6e42255a6c4b |
| SHA1 | 4cdfc59b5b62dafa3b20d23a165716b5218aa646 |
| SHA256 | 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d |
| SHA512 | 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 65fa5d580272b90bc278bb41ebbea6d6 |
| SHA1 | 8820c2db356d553f00c39d82c668985d0e7fa57c |
| SHA256 | 51943d1a9309cd2442588a3a1546c51e3ac7417fd8bf4c521edf4775f6ba97d7 |
| SHA512 | 6ec4da7d285ba69500c8e2cad2a24570ccd8dce93d6a3288e84521ef2f2a7c4c28700f4de5d0d20a13d660efb1bc75f09fddcf588d3df236245b5123dc819a98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585242.TMP
| MD5 | 48305949f63bcd1087e75a797d37e2d6 |
| SHA1 | d0af8f4269af108e7bce33cc7cc0754b7200a0af |
| SHA256 | abc4d48116f73d95fe5e425349bc90fbdd5d443f0a1d92d9018d15499d614c20 |
| SHA512 | 9d9554c103fb4dccbdba473f36d51273a6f6a76604eff2b2665802efc3315fbca13c28c5d30ad039b53889cffca2559944a8270e7d2003742cb96fa7deca6c25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b68dcde90e650c975eefd80c31fddf1f |
| SHA1 | 7a44301516a18a96d91377524277afa8dc09d8de |
| SHA256 | c1f21cef687d7f327ffc1f3dc13ec0a9d00a7c3ee04a8cbf401c9b656941a95a |
| SHA512 | 0b98b74d4c2d9bcba6f49806024c6b31e2219c04cc5266298d1cf2e6dc119356238b9fc2b4797a037e1b6c8d67b3c5d6f9ff171dc1ebb4b784f440cf5af6be8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | f08ec39000a18e56ece74f894cf3e332 |
| SHA1 | 3087b1db8c63953ec002fcfe76e8b12001e06abf |
| SHA256 | da0f09525e15906dab79ca31725ca9e8cc245d4f5f51ba98d5a2bfce32cb41e1 |
| SHA512 | 355bd9ca3e4341d78e33d8dcde93fc79dfaf97f6ddb104bc43dbe58d43711b15f357de79785d7827b76a388f243f598bf9a4411404336b0fdf231f1498befd17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a7b4a1c0a0e86ef8c4ed62019e5b3038 |
| SHA1 | 8e491f2c9906395349c2e7b2543da615151e6705 |
| SHA256 | 8548814af1a0c34bf3d82ab0d99b9dd789fc4263440ae21a2e3e53a325f367ff |
| SHA512 | b86fd5e2eca7b31eadbb87de3b2db414b1d47d179a5bf619f861195a4c4d7e29de7f6c2f0d1491f8ef078940abb8efc24c698112b34d87e6d583aed9a1409b19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d6514f5c62740314e167d77732c5244e |
| SHA1 | 4b92396b1a4986c7dc7e2887866f8d0cd4d27d4d |
| SHA256 | 7cf13144f3463dc911105d0f4589ed7e8b6752784c7626f963c8af7f0a8bf230 |
| SHA512 | b77c480223f0e82958489093d2f6f402e6ee53fab892b2f86bff325bb3c324196fabce8cb7e1b47de5588c109ae21275054ed61e6505b6063b788a67e3de55ca |
Analysis: behavioral11
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:08
Platform
debian12-mipsel-20240221-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/1772/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/98 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1651/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1618/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1629/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1761/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1410/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1593/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1588/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/104 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/119 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/95 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/1572/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/124 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-daemon | N/A |
| File opened for reading | /proc/1776/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/115 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/122 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-goa-volume-monitor | N/A |
| File opened for reading | /proc/self/fd/12 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/121 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-identity-service | N/A |
| File opened for reading | /proc/1796/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/116 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/85 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/meminfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1724/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/102 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1405/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1690/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/113 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/55 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1530/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/fd/118 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/fd/81 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/105 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-afc-volume-monitor | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://voxiom.io]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://voxiom.io]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://voxiom.io]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 21691 -prefMapSize 235269 -appDir /usr/lib/firefox/browser {b4037263-c211-4392-8708-f48d3f1293cd} 1528 true socket]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20430 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {15665998-9177-417c-94d4-21c9f918ccf7} 1528 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26797 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {d545d7b6-04c7-4632-b005-095523908475} 1528 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 27256 -prefMapSize 235269 -appDir /usr/lib/firefox/browser {d161a17e-cf61-4187-ad07-601be7e33201} 1528 true utility]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | matomo.voxiom.io | udp |
| US | 1.1.1.1:53 | matomo.voxiom.io | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| US | 1.1.1.1:53 | cadmus.script.ac | udp |
| US | 1.1.1.1:53 | cadmus.script.ac | udp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 104.26.6.168:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
Analysis: behavioral12
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:08
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/task/1595/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1608/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1621/stat | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://voxiom.io]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://voxiom.io]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://voxiom.io]
/bin/grep
[grep -q %s]
/usr/bin/x-www-browser
[x-www-browser https://voxiom.io]
/usr/bin/which
[which /usr/bin/x-www-browser]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://voxiom.io]
/bin/grep
[grep -q %s]
/usr/bin/firefox
[firefox https://voxiom.io]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://voxiom.io]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral18
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
1s
Max time network
155s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | pool-spawner | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | dconf worker | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/ipc | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/query | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/rlimit | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/network | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/policy | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /usr/lib/snapd/snap-seccomp | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/ptrace | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/signal | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/caps | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/domain | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/file | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/namespaces | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/io_uring | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/mount | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/network_v8 | /snap/bin/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/2921/cgroup | /snap/bin/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/cmdline | /snap/bin/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/sys/kernel/seccomp/actions_avail | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/sys/kernel/random/uuid | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/mountinfo | /snap/bin/firefox | N/A |
| File opened for reading | /proc/cgroups | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/mounts | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://voxiom.io]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep -l x-scheme-handler/https; /.local/share/applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/https; /usr/local/share//applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/https; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]
/usr/bin/grep
[grep -q %s]
/usr/bin/x-www-browser
[x-www-browser https://voxiom.io]
/usr/bin/xdg-settings
[xdg-settings get default-web-browser]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep -l x-scheme-handler/http; /.local/share/applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/http; /usr/local/share//applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/http; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]
/usr/bin/gsettings
[gsettings get org.gnome.shell favorite-apps]
/usr/bin/grep
[grep -q 'firefox.desktop']
/usr/bin/gsettings
[gsettings get com.canonical.Unity.Launcher favorites]
/usr/bin/grep
[grep -q 'application://firefox.desktop']
/usr/bin/gsettings
[gsettings get org.mate.panel object-id-list]
/usr/bin/which
[which qdbus]
/snap/bin/firefox
[/snap/bin/firefox https://voxiom.io]
/usr/lib/snapd/snap-seccomp
[/usr/lib/snapd/snap-seccomp version-info]
/usr/lib/snapd/snap-confine
[/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://voxiom.io]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.18.190.74:80 | r10.o.lencr.org | tcp |
| GB | 2.18.190.74:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.74:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | matomo.voxiom.io | udp |
| US | 8.8.8.8:53 | matomo.voxiom.io | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| GB | 2.18.190.74:80 | r11.o.lencr.org | tcp |
| GB | 2.18.190.68:80 | r11.o.lencr.org | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | r11.o.lencr.org | udp |
| US | 1.1.1.1:53 | r11.o.lencr.org | udp |
| GB | 92.123.143.185:80 | r11.o.lencr.org | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 104.26.3.232:443 | api.adinplay.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.cntraveller.com | udp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | www.theverge.com | udp |
| US | 8.8.8.8:53 | www.theverge.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.cntraveller.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.74:80 | r11.o.lencr.org | tcp |
| GB | 2.18.190.74:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | d1ykf07e75w7ss.cloudfront.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.globalsigncdn.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | www.vanityfair.com | udp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | www.vanityfair.com | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | hearst-hdm.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | dmv2chczz9u6u.cloudfront.net | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 8.8.8.8:53 | e11847.a.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | a1887.dscq.akamai.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| US | 1.1.1.1:53 | n.sni.global.fastly.net | udp |
| US | 1.1.1.1:53 | i.clean.gg | udp |
| US | 1.1.1.1:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 1.1.1.1:53 | i.clean.gg | udp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 1.1.1.1:53 | ad-delivery.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | ad-delivery.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 172.67.69.19:443 | ad-delivery.net | tcp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| US | 1.1.1.1:53 | pki-goog.l.google.com | udp |
| US | 1.1.1.1:53 | config.aps.amazon-adsystem.com | udp |
| US | 1.1.1.1:53 | config.aps.amazon-adsystem.com | udp |
| US | 1.1.1.1:53 | www.okayplayer.com | udp |
| US | 1.1.1.1:53 | www.okayplayer.com | udp |
| US | 1.1.1.1:53 | www.technologyreview.com | udp |
| US | 1.1.1.1:53 | n.sni.global.fastly.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.95.69.49:443 | i.clean.gg | udp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 1.1.1.1:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | www.newstatesman.com | udp |
| US | 1.1.1.1:53 | www.newstatesman.com | udp |
| US | 1.1.1.1:53 | www.nytimes.com | udp |
| US | 1.1.1.1:53 | nytimes.map.fastly.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | r10.o.lencr.org | udp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| GB | 142.250.180.1:443 | 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com | udp |
| US | 1.1.1.1:53 | www.thecut.com | udp |
| US | 1.1.1.1:53 | www.thecut.com | udp |
| US | 1.1.1.1:53 | gizmodo.com | udp |
| US | 1.1.1.1:53 | gizmodo.com | udp |
| US | 1.1.1.1:53 | vmtls-np.map.fastly.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | config.aps.amazon-adsystem.com | udp |
| GB | 108.156.39.27:443 | config.aps.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | www.technologyreview.com | udp |
| US | 8.8.8.8:53 | www.okayplayer.com | udp |
| US | 8.8.8.8:53 | n.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | www.technologyreview.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.theatlantic.com | udp |
| US | 8.8.8.8:53 | www.standard.co.uk | udp |
| US | 8.8.8.8:53 | www.standard.co.uk | udp |
| US | 8.8.8.8:53 | na-eu.atlanticmedia.map.fastly.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.3:443 | services.addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | www.technologyreview.com | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| GB | 13.224.132.52:443 | addons.mozilla.org | tcp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | www.bbc.com | udp |
| US | 1.1.1.1:53 | gtm-live.pri.bbc.co.uk | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | r10.o.lencr.org | udp |
| US | 1.1.1.1:53 | r10.o.lencr.org | udp |
| US | 1.1.1.1:53 | normandy-cdn.services.mozilla.com | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | r11.o.lencr.org | udp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | www.vox.com | udp |
| US | 1.1.1.1:53 | n.sni.global.fastly.net | udp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | www.wired.com | udp |
| US | 1.1.1.1:53 | www.theguardian.com | udp |
| US | 1.1.1.1:53 | www.wired.com | udp |
| US | 1.1.1.1:53 | dualstack.guardian.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.technologyreview.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| FR | 172.217.20.202:443 | safebrowsing.googleapis.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | pki-goog.l.google.com | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 172.217.20.202:443 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | acdn.adnxs.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 8.8.8.8:53 | e6603.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | eu-eb2.3lift.com | udp |
| US | 8.8.8.8:53 | a1579.d.akamai.net | udp |
| US | 35.244.159.8:443 | u.openx.net | tcp |
| US | 8.8.8.8:53 | e8960.b.akamaiedge.net | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 172.64.149.180:443 | js-sec.indexww.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| GB | 92.123.142.195:443 | acdn.adnxs.com | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m02.amazontrust.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| US | 35.244.159.8:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn-content.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | udp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| FR | 142.250.201.174:443 | encrypted-tbn1.gstatic.com | tcp |
| FR | 142.250.75.238:443 | encrypted-tbn3.gstatic.com | tcp |
| FR | 216.58.214.78:443 | encrypted-tbn2.gstatic.com | tcp |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | udp |
| FR | 142.250.75.238:443 | encrypted-tbn3.gstatic.com | udp |
| FR | 216.58.214.78:443 | encrypted-tbn2.gstatic.com | udp |
| FR | 142.250.201.174:443 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ib.anycast.adnxs.com | udp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | api.gameanalytics.com | udp |
| US | 1.1.1.1:53 | cdn.indexww.com | udp |
| US | 1.1.1.1:53 | cdn.indexww.com | udp |
| US | 1.1.1.1:53 | cdn.indexww.com | udp |
| US | 104.18.38.76:443 | cdn.indexww.com | tcp |
| US | 1.1.1.1:53 | ep1.adtrafficquality.google | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | api.gameanalytics.com | udp |
| US | 8.8.8.8:53 | api.gameanalytics.com | udp |
| US | 184.73.254.76:443 | api.gameanalytics.com | tcp |
| US | 184.73.254.76:443 | api.gameanalytics.com | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| FR | 172.217.20.162:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| FR | 172.217.20.162:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| FR | 172.217.20.162:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| US | 1.1.1.1:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| US | 1.1.1.1:53 | hbopenbid.pubmatic.com | udp |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| US | 1.1.1.1:53 | server.cpmstar.com | udp |
| US | 1.1.1.1:53 | mp.4dex.io | udp |
| US | 1.1.1.1:53 | elb.the-ozone-project.com | udp |
| US | 1.1.1.1:53 | elb.the-ozone-project.com | udp |
| US | 1.1.1.1:53 | rtb.openx.net | udp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| US | 1.1.1.1:53 | hb.yellowblue.io | udp |
| US | 1.1.1.1:53 | hb.yellowblue.io | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| US | 1.1.1.1:53 | tag.1rx.io | udp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| US | 1.1.1.1:53 | eu-tlx.3lift.com | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | hbopenbid-ams.pubmnet.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | server.cpmstar.com | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | rtb.openx.net | udp |
| US | 8.8.8.8:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | targeting.unrulymedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | server.cpmstar.com | udp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | elb.the-ozone-project.com | udp |
| US | 8.8.8.8:53 | tag.1rx.io | udp |
| US | 8.8.8.8:53 | eu-tlx.3lift.com | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | tagged-by.rubiconproject.net.akadns.net | udp |
| US | 1.1.1.1:53 | rtb.openx.net | udp |
| US | 1.1.1.1:53 | targeting.unrulymedia.com | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| US | 1.1.1.1:53 | mp.4dex.io | udp |
| US | 1.1.1.1:53 | rtb.openx.net | udp |
| US | 1.1.1.1:53 | tag.1rx.io | udp |
| US | 1.1.1.1:53 | eu-tlx.3lift.com | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | mp.4dex.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | ocsp.comodoca.com.cdn.cloudflare.net | udp |
| US | 1.1.1.1:53 | tlx.3lift.com | udp |
| US | 1.1.1.1:53 | eu-tlx.3lift.com | udp |
| US | 1.1.1.1:53 | ocsp.comodoca.com.cdn.cloudflare.net | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | ocsp.comodoca.com.cdn.cloudflare.net | udp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.18.34.190:443 | elb.the-ozone-project.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 131.153.148.4:443 | server.cpmstar.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 185.89.210.122:443 | ib.adnxs.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| GB | 108.138.217.66:443 | hb.yellowblue.io | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| GB | 108.138.217.66:443 | hb.yellowblue.io | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| US | 131.153.148.4:443 | server.cpmstar.com | tcp |
| US | 131.153.148.4:443 | server.cpmstar.com | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | ocsp.godaddy.com.akadns.net | udp |
| US | 8.8.8.8:53 | ocsp.godaddy.com.akadns.net | udp |
| US | 8.8.8.8:53 | 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | pagead-googlehosted.l.google.com | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | pki-goog.l.google.com | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 142.250.201.174:443 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| FR | 142.250.75.238:443 | encrypted-tbn3.gstatic.com | udp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | tcp |
| FR | 216.58.214.174:443 | encrypted-tbn0.gstatic.com | udp |
| US | 1.1.1.1:53 | ocsp.godaddy.com.akadns.net | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 131.153.148.4:443 | server.cpmstar.com | tcp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.anycast.adnxs.com | udp |
| DE | 37.252.171.21:443 | ib.adnxs.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | aax.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | d1jvc9b8z3vcjs.cloudfront.net | udp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 8.8.8.8:53 | prod.tahoe-analytics.publishers.advertising.a2z.com | udp |
| US | 52.38.156.127:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 52.38.156.127:443 | prod.tahoe-analytics.publishers.advertising.a2z.com | tcp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
win10-20240404-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\voxiom.io\ = "35" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3cc40d887af6da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\voxiom.io\Total = "35" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4536ed967af6da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0baee3967af6da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f22e2e827af6da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f1f559887af6da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\voxiom.io\Total = "22" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "431305872" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "35" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "2300" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://voxiom.io"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | 133.71.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 216.58.214.163:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | matomo.voxiom.io | udp |
| US | 104.26.6.168:443 | matomo.voxiom.io | tcp |
| US | 104.26.6.168:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.214.58.216.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 200.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.38.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| GB | 95.101.143.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.143.101.95.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
Files
memory/4692-16-0x000001EC0BE20000-0x000001EC0BE30000-memory.dmp
memory/4692-0-0x000001EC0BD20000-0x000001EC0BD30000-memory.dmp
memory/4692-35-0x000001EC0FFF0000-0x000001EC0FFF2000-memory.dmp
memory/2216-45-0x0000024254710000-0x0000024254810000-memory.dmp
memory/2268-73-0x000002702F320000-0x000002702F322000-memory.dmp
memory/2268-71-0x000002702F300000-0x000002702F302000-memory.dmp
memory/2268-69-0x000002702F140000-0x000002702F142000-memory.dmp
memory/2268-67-0x000002702F120000-0x000002702F122000-memory.dmp
memory/2268-81-0x000002702EC00000-0x000002702ED00000-memory.dmp
memory/2268-90-0x0000027030080000-0x00000270300A0000-memory.dmp
memory/2268-100-0x0000027030870000-0x0000027030890000-memory.dmp
memory/2268-101-0x0000027030950000-0x0000027030970000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\D0CGDS5X\voxiom[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
memory/2268-168-0x000002702FA60000-0x000002702FA80000-memory.dmp
memory/2268-206-0x0000027030470000-0x0000027030472000-memory.dmp
memory/2268-220-0x0000027030DF0000-0x0000027030DF2000-memory.dmp
memory/2268-218-0x0000027030DE0000-0x0000027030DE2000-memory.dmp
memory/2268-216-0x0000027030DC0000-0x0000027030DC2000-memory.dmp
memory/2268-214-0x0000027030DA0000-0x0000027030DA2000-memory.dmp
memory/2268-212-0x0000027030940000-0x0000027030942000-memory.dmp
memory/2268-210-0x0000027030920000-0x0000027030922000-memory.dmp
memory/2268-208-0x0000027030530000-0x0000027030532000-memory.dmp
memory/2268-224-0x0000027031980000-0x0000027031982000-memory.dmp
memory/2268-222-0x0000027031970000-0x0000027031972000-memory.dmp
memory/2268-250-0x0000027031BF0000-0x0000027031CF0000-memory.dmp
memory/2268-264-0x0000027031DF0000-0x0000027031DF2000-memory.dmp
memory/2268-268-0x0000027032230000-0x0000027032232000-memory.dmp
memory/2268-270-0x0000027032240000-0x0000027032242000-memory.dmp
memory/2268-266-0x0000027032220000-0x0000027032222000-memory.dmp
memory/2268-311-0x000002701E2F0000-0x000002701E300000-memory.dmp
memory/2268-316-0x000002701E2F0000-0x000002701E300000-memory.dmp
memory/2268-317-0x000002701E2F0000-0x000002701E300000-memory.dmp
memory/2268-322-0x000002701E2F0000-0x000002701E300000-memory.dmp
memory/2268-321-0x000002701E2F0000-0x000002701E300000-memory.dmp
memory/2268-320-0x000002701E2F0000-0x000002701E300000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VR9TF073\0048a147801f815194c5[1].png
| MD5 | bb48b87176e04a277733372fecd69bc4 |
| SHA1 | 9d65d432eb2487f76f2339fbdbe0c28f750d67ba |
| SHA256 | aff3a66cd65c640d87b3f8f8d3587f6fa2d958b9b7c157bd1e83c14ec6d7fea5 |
| SHA512 | 9720b4d2680bc31bcb18319fddf00669d6ddf7677759b6d037526c2f13f1bb09318b1527a3cc70dc29d27a62d8f6127501b8ac8c1181a56991871757d27821c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N6VO1GIU\socket[7].txt
| MD5 | 1679091c5a880faf6fb5e6087eb1b2dc |
| SHA1 | c1dfd96eea8cc2b62785275bca38ac261256e278 |
| SHA256 | e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683 |
| SHA512 | 3c9ad55147a7144f6067327c3b82ea70e7c5426add9ceea4d07dc2902239bf9e049b88625eb65d014a7718f79354608cab0921782c643f0208983fffa3582e40 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VE4Q3JXI\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
Analysis: behavioral7
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:11
Platform
android-33-x64-arm64-20240624-en
Max time kernel
179s
Max time network
188s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | voxiom.io | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.212.202:443 | remoteprovisioning.googleapis.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| US | 172.67.71.133:443 | voxiom.io | tcp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | matomo.voxiom.io | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 1.1.1.1:53 | api.adinplay.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 35.190.80.1:443 | udp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.16.238:443 | udp | |
| GB | 172.217.16.227:443 | update.googleapis.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.18.23.145:443 | cadmus.script.ac | tcp |
| US | 104.18.187.31:443 | cdn.jsdelivr.net | tcp |
| US | 104.21.30.224:443 | country.adinplay-venatus.workers.dev | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | tcp | |
| GB | 142.250.179.226:443 | udp | |
| GB | 13.224.223.9:443 | tcp | |
| GB | 108.156.39.35:443 | config.aps.amazon-adsystem.com | tcp |
| GB | 142.250.179.226:443 | udp | |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| GB | 142.250.179.226:443 | securepubads.g.doubleclick.net | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 130.211.23.194:443 | udp | |
| US | 34.95.69.49:443 | udp | |
| GB | 216.58.204.65:443 | 964494e372c1d5fcfec9bdfde6708975.safeframe.googlesyndication.com | tcp |
| GB | 142.250.180.2:443 | ep1.adtrafficquality.google | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| GB | 216.58.201.97:443 | tcp | |
| GB | 216.58.201.97:443 | ep2.adtrafficquality.google | tcp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| US | 35.227.252.103:443 | rtb.openx.net | tcp |
| US | 131.153.151.116:443 | server.cpmstar.com | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 172.64.153.66:443 | elb.the-ozone-project.com | tcp |
| US | 172.64.153.78:443 | mp.4dex.io | tcp |
| GB | 108.138.217.110:443 | hb.yellowblue.io | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| DE | 51.89.9.252:443 | tcp | |
| US | 172.64.153.78:443 | tcp | |
| US | 35.227.252.103:443 | tcp | |
| DE | 3.124.64.248:443 | tcp | |
| GB | 185.64.190.77:443 | tcp | |
| DE | 37.252.173.215:443 | tcp | |
| US | 172.64.151.101:443 | tcp | |
| GB | 18.172.154.232:443 | aax.amazon-adsystem.com | tcp |
| US | 172.64.153.66:443 | tcp | |
| GB | 108.138.217.110:443 | tcp | |
| US | 131.153.151.116:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | tcp | |
| NL | 46.228.174.115:443 | tcp | |
| NL | 69.173.156.139:443 | tcp | |
| GB | 18.172.154.232:443 | tcp | |
| US | 104.26.9.169:443 | script.4dex.io | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| GB | 216.58.212.225:443 | tpc.googlesyndication.com | tcp |
| DE | 51.89.9.252:443 | udp | |
| GB | 104.115.32.236:443 | ads.pubmatic.com | tcp |
| US | 151.101.65.108:443 | acdn.adnxs.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 104.115.33.62:443 | eus.rubiconproject.com | tcp |
| US | 35.244.159.8:443 | adinplay-d.openx.net | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| DK | 37.157.2.230:443 | cm.adform.net | tcp |
| US | 13.107.246.64:443 | adsdk.microsoft.com | tcp |
| US | 151.101.1.108:443 | cdn.adnxs.com | tcp |
| US | 151.101.1.108:443 | acdn.adnxs-simple.com | tcp |
| US | 44.214.3.107:443 | api.gameanalytics.com | tcp |
| GB | 185.64.190.78:443 | image6.pubmatic.com | tcp |
| NL | 69.173.156.148:443 | token.rubiconproject.com | tcp |
| US | 172.64.151.101:443 | udp | |
| US | 151.101.129.108:443 | cdn.adnxs-simple.com | tcp |
| GB | 104.86.110.91:443 | www.bing.com | tcp |
| GB | 104.86.110.91:443 | tcp | |
| GB | 104.86.110.91:443 | tcp | |
| GB | 104.86.110.91:443 | tcp | |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | tcp | |
| GB | 142.250.200.34:443 | tcp | |
| IE | 54.75.251.201:443 | sync.crwdcntrl.net | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 35.204.158.49:443 | um.simpli.fi | tcp |
| US | 52.223.40.198:443 | match.adsrvr.org | tcp |
| US | 52.223.40.198:443 | tcp | |
| IE | 52.50.71.3:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| US | 104.22.50.98:443 | mwzeom.zeotap.com | tcp |
| IE | 52.94.222.140:443 | aax-eu.amazon-adsystem.com | tcp |
| GB | 104.86.110.91:443 | udp | |
| US | 104.17.73.14:443 | ajax.cloudflare.com | tcp |
| US | 52.46.130.91:443 | s.amazon-adsystem.com | tcp |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| FR | 45.137.176.88:443 | sync.adotmob.com | tcp |
| US | 54.81.63.23:443 | i.liadm.com | tcp |
| US | 35.186.193.173:443 | cm.ctnsnet.com | tcp |
| IE | 52.19.197.135:443 | d.adroll.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| GB | 142.250.200.34:443 | udp | |
| US | 34.111.129.221:443 | udp | |
| NL | 69.173.156.148:443 | pixel.rubiconproject.com | tcp |
| GB | 185.64.191.210:443 | tcp | |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| GB | 216.58.212.225:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 185.64.190.81:443 | simage4.pubmatic.com | tcp |
| DK | 77.243.51.121:443 | uipglob.semasio.net | tcp |
| FR | 54.38.113.4:443 | tcp | |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| DE | 91.228.74.244:443 | cms.quantserve.com | tcp |
| NL | 64.158.223.137:443 | pubmatic-match.dotomi.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| US | 54.197.234.7:443 | sync.srv.stackadapt.com | tcp |
| US | 151.101.2.49:443 | sync-tm.everesttech.net | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| FR | 54.38.113.4:443 | pixel.onaudience.com | tcp |
| US | 34.36.216.150:443 | udp | |
| DE | 54.93.104.240:443 | sonata-notifications.taptapnetworks.com | tcp |
| FR | 178.32.197.53:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 35.214.149.91:443 | tcp | |
| US | 35.227.252.103:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| NL | 193.0.160.131:443 | p.rfihub.com | tcp |
| IE | 52.30.143.126:443 | match.prod.bidr.io | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 188.166.17.21:443 | match.adsby.bidtheatre.com | tcp |
| US | 34.102.163.6:443 | tcp | |
| US | 34.1.230.181:443 | csync.loopme.me | tcp |
| SE | 13.50.192.155:443 | d5p.de17a.com | tcp |
| US | 34.102.163.6:443 | tcp | |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 34.102.163.6:443 | tcp | |
| US | 34.102.163.6:443 | tcp | |
| NL | 89.149.192.200:443 | rtb-csync.smartadserver.com | tcp |
| NL | 89.149.192.200:443 | tcp | |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| SG | 35.186.154.107:443 | tcp | |
| FR | 141.95.171.139:443 | green.erne.co | tcp |
| US | 104.18.37.193:443 | a.tribalfusion.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| DE | 23.88.86.2:443 | tcp | |
| SG | 35.186.154.107:443 | tcp | |
| DE | 23.88.86.2:443 | tcp | |
| FR | 54.38.113.4:443 | pixel-eu.onaudience.com | tcp |
| NL | 46.228.174.117:443 | sync.targeting.unrulymedia.com | tcp |
| GB | 142.250.187.228:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| DE | 37.252.173.215:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 131.153.151.116:443 | server.cpmstar.com | tcp |
| US | 131.153.151.116:443 | server.cpmstar.com | tcp |
| GB | 216.58.204.67:443 | tcp | |
| GB | 216.58.204.65:443 | udp | |
| GB | 142.250.200.14:443 | mts0.google.com | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| GB | 216.58.204.68:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| DE | 37.252.173.215:443 | fra1-ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| US | 131.153.151.116:443 | tcp | |
| NL | 185.89.210.46:443 | tcp | |
| GB | 216.58.212.225:443 | udp | |
| GB | 142.250.180.1:443 | tcp | |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | tcp | |
| GB | 142.250.180.1:443 | tcp | |
| GB | 142.250.180.1:443 | tcp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 35.190.80.1:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.64.151.101:443 | udp | |
| US | 131.153.151.116:443 | tcp | |
| US | 35.227.252.103:443 | udp | |
| US | 1.1.1.1:53 | fastlane.rubiconproject.com | udp |
| NL | 185.89.210.46:443 | tcp | |
| NL | 46.228.174.115:443 | tcp | |
| DE | 51.89.9.252:443 | tcp | |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 131.153.151.116:443 | tcp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| NL | 46.228.174.115:443 | tcp | |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| NL | 185.89.210.46:443 | tcp | |
| NL | 46.228.174.115:443 | tcp | |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.153:443 | ams3-ib.adnxs.com | tcp |
| GB | 216.58.204.65:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| GB | 216.58.204.68:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 46.228.174.115:443 | tcp | |
| US | 131.153.151.116:443 | tcp | |
| NL | 185.89.210.46:443 | tcp | |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 131.153.151.116:443 | tcp | |
| NL | 46.228.174.115:443 | tcp | |
| NL | 185.89.210.46:443 | tcp | |
| NL | 185.89.210.46:443 | tcp | |
| NL | 46.228.174.115:443 | tcp | |
| GB | 216.58.204.65:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 35.190.80.1:443 | udp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | tcp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 35.227.252.103:443 | udp | |
| NL | 185.89.210.46:443 | tcp | |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| NL | 46.228.174.115:443 | tcp | |
| US | 131.153.151.116:443 | tcp | |
| US | 172.64.151.101:443 | udp | |
| NL | 46.228.174.115:443 | tcp | |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 131.153.151.116:443 | tcp | |
| NL | 185.89.210.46:443 | tcp | |
| DE | 51.89.9.252:443 | tcp | |
| US | 131.153.151.116:443 | tcp | |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.46:443 | tcp | |
| DE | 51.89.9.252:443 | tcp | |
| GB | 142.250.178.2:443 | udp | |
| DE | 37.252.171.53:443 | tcp | |
| GB | 2.18.66.48:443 | udp | |
| DE | 37.252.171.53:443 | tcp | |
| GB | 2.18.66.48:443 | tcp | |
| DE | 37.252.171.53:443 | tcp | |
| GB | 216.58.204.65:443 | udp | |
| NL | 185.89.210.46:443 | tcp | |
| DE | 37.252.171.53:443 | tcp | |
| US | 172.67.71.133:443 | matomo.voxiom.io | tcp |
| DE | 37.252.171.53:443 | tcp | |
| NL | 185.89.210.46:443 | tcp |
Files
files/dom-0.html
| MD5 | 6727426beb4718b2306c7a68aeb315cf |
| SHA1 | fe8473191b5ab38bdab83eb4ccc15e4c7f7b1a06 |
| SHA256 | dff1120b48e6c4644fd2d4a18928d73bc152507a91c58282b92fda15fd41a584 |
| SHA512 | d9f4a654e435b1bed7389717f602697165c15c922f5e8fdfb4592ebe192135a8c93d8ccdfea46876685154fbca918cdb81a46b7619ced784ee18483fd00f4c03 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:10
Platform
macos-20240711.1-en
Max time kernel
148s
Max time network
152s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://voxiom.io]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=20]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=292043949 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=62]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=292083916 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=62]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=295961120 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=296327615 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=75]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=296944583 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=78]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=297133570 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=78]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=92]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=76]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=105]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=109]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --system]
/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=110]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=312592076 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=323431947 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=123]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ReportMemoryException]
/usr/libexec/ReportMemoryException
[/usr/libexec/ReportMemoryException]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=23 --launch-time-ticks=351987703 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=24 --launch-time-ticks=352329461 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=25 --launch-time-ticks=352649980 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=26 --launch-time-ticks=353054187 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=27 --launch-time-ticks=353580028 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=28 --launch-time-ticks=353628505 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=29 --launch-time-ticks=354104326 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=30 --launch-time-ticks=355763843 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=32 --launch-time-ticks=357135191 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=33 --launch-time-ticks=357511147 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=34 --launch-time-ticks=359863717 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=35 --launch-time-ticks=360437276 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=36 --launch-time-ticks=360766921 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=37 --launch-time-ticks=361206471 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=38 --launch-time-ticks=362018295 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=39 --launch-time-ticks=362913731 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=40 --launch-time-ticks=363783623 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=41 --launch-time-ticks=366005650 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/usr/libexec/xpcproxy
[xpcproxy com.apple.speech.speechsynthesisd]
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd
[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=46 --launch-time-ticks=388198370 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=47 --launch-time-ticks=388537743 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=48 --launch-time-ticks=388619851 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=49 --launch-time-ticks=388767179 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=50 --launch-time-ticks=389312297 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=51 --launch-time-ticks=389356992 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=52 --launch-time-ticks=389377016 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=53 --launch-time-ticks=390229814 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=54 --launch-time-ticks=393080685 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=55 --launch-time-ticks=393505950 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=56 --launch-time-ticks=393987384 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=57 --launch-time-ticks=394519866 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=58 --launch-time-ticks=395102445 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mobile.keybagd]
/usr/libexec/keybagd
[/usr/libexec/keybagd -t 15]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=59 --launch-time-ticks=395768069 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ViewBridgeAuxiliary]
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=120]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ViewBridgeAuxiliary]
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.mobileassetd]
/usr/libexec/mobileassetd
[/usr/libexec/mobileassetd]
Network
| Country | Destination | Domain | Proto |
| GB | 17.250.81.69:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | voxiom.io | udp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 172.217.18.206:443 | clients2.google.com | tcp |
| FR | 172.217.18.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 172.217.20.170:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| FR | 172.217.20.170:443 | optimizationguide-pa.googleapis.com | tcp |
| IE | 74.125.193.84:443 | accounts.google.com | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 172.67.71.222:443 | tcp | |
| US | 172.67.71.222:443 | api.adinplay.com | tcp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| NL | 93.119.15.97:443 | stats.adinplay.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.67.173.227:443 | country.adinplay-venatus.workers.dev | tcp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| FR | 142.250.178.138:443 | imasdk.googleapis.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | tcp | |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| GB | 108.156.39.15:443 | config.aps.amazon-adsystem.com | tcp |
| FR | 216.58.215.34:443 | securepubads.g.doubleclick.net | tcp |
| US | 34.95.69.49:443 | i.clean.gg | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| FR | 142.250.179.65:443 | 26dff730c6806cfce92f4749ae316cd4.safeframe.googlesyndication.com | tcp |
| FR | 172.217.20.162:443 | ep1.adtrafficquality.google | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| GB | 2.22.128.162:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 95.100.245.89:443 | help.apple.com | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| US | 172.64.151.101:443 | htlb.casalemedia.com | tcp |
| US | 104.18.34.178:443 | mp.4dex.io | tcp |
| GB | 108.138.217.61:443 | hb.yellowblue.io | tcp |
| DE | 3.124.64.248:443 | tlx.3lift.com | tcp |
| US | 35.186.253.211:443 | rtb.openx.net | tcp |
| DE | 51.89.9.253:443 | onetag-sys.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 172.64.153.66:443 | elb.the-ozone-project.com | tcp |
| US | 131.153.148.26:443 | server.cpmstar.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | tcp | |
| GB | 18.245.189.34:443 | aax.amazon-adsystem.com | tcp |
| NL | 185.89.210.153:443 | tcp | |
| US | 131.153.148.26:443 | tcp | |
| US | 172.64.153.66:443 | tcp | |
| DE | 3.124.64.248:443 | tcp | |
| DE | 51.89.9.253:443 | tcp | |
| NL | 185.64.189.112:443 | tcp | |
| GB | 18.245.189.34:443 | tcp | |
| FR | 142.250.179.97:443 | ep2.adtrafficquality.google | tcp |
| US | 172.67.75.241:443 | script.4dex.io | tcp |
| NL | 46.228.174.115:443 | tcp | |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 46.228.174.115:443 | tcp | |
| DE | 51.89.9.253:443 | udp | |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| US | 13.248.245.213:443 | tcp | |
| US | 151.101.193.108:443 | acdn.adnxs.com | tcp |
| US | 35.244.159.8:443 | adinplay-d.openx.net | tcp |
| GB | 95.100.245.251:443 | eus.rubiconproject.com | tcp |
| GB | 2.18.108.192:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 142.250.179.68:443 | www.google.com | tcp |
| US | 104.18.36.155:443 | udp | |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| NL | 198.47.127.19:443 | image6.pubmatic.com | tcp |
| US | 209.54.182.161:443 | s.amazon-adsystem.com | tcp |
| US | 54.81.63.23:443 | i.liadm.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| DK | 37.157.6.231:443 | c1.adform.net | tcp |
| FR | 142.250.178.130:443 | cm.g.doubleclick.net | tcp |
| FR | 154.54.250.81:443 | tcp | |
| FR | 154.54.250.81:443 | ads.stickyadstv.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| IE | 67.220.226.234:443 | tcp | |
| FR | 142.250.178.130:443 | tcp | |
| FR | 142.250.178.130:443 | tcp | |
| FR | 142.250.178.130:443 | tcp | |
| DK | 37.157.6.231:443 | tcp | |
| NL | 178.250.1.9:443 | tcp | |
| IE | 67.220.226.234:443 | aax-eu.amazon-adsystem.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| IE | 63.34.52.172:443 | pr-bh.ybp.yahoo.com | tcp |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| NL | 35.204.74.118:443 | um.simpli.fi | tcp |
| IE | 52.51.104.112:443 | sync.crwdcntrl.net | tcp |
| US | 172.67.40.173:443 | mwzeom.zeotap.com | tcp |
| NL | 198.47.127.205:443 | simage2.pubmatic.com | tcp |
| FR | 142.250.178.130:443 | tcp | |
| GB | 185.64.191.210:443 | image2.pubmatic.com | tcp |
| GB | 185.64.191.210:443 | tcp | |
| FR | 142.250.179.67:443 | tcp | |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| FR | 142.250.179.67:443 | update.googleapis.com | tcp |
| DE | 91.228.74.200:443 | cms.quantserve.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| NL | 82.145.213.8:443 | tcp | |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| FR | 51.255.68.171:443 | dsp.nrich.ai | tcp |
| US | 52.6.202.249:443 | tcp | |
| US | 52.6.202.249:443 | sync.srv.stackadapt.com | tcp |
| DK | 77.243.51.122:443 | tcp | |
| CA | 148.113.153.94:443 | pixel.onaudience.com | tcp |
| DK | 77.243.51.122:443 | uipglob.semasio.net | tcp |
| US | 151.101.130.49:443 | sync-tm.everesttech.net | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| NL | 63.215.202.172:443 | pubmatic-match.dotomi.com | tcp |
| NL | 198.47.127.20:443 | simage4.pubmatic.com | tcp |
| FR | 216.58.214.161:443 | cdn.ampproject.org | tcp |
| FR | 216.58.214.161:443 | tcp | |
| FR | 216.58.214.161:443 | tcp | |
| FR | 216.58.214.161:443 | tcp | |
| FR | 216.58.214.161:443 | tcp | |
| FR | 142.250.178.129:443 | tpc.googlesyndication.com | tcp |
| NL | 188.42.63.48:443 | dsp-ap.eskimi.com | tcp |
| US | 34.193.160.81:443 | api.gameanalytics.com | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| US | 8.8.8.8:53 | e11408.d.akamaiedge.net | udp |
| GB | 95.100.245.89:443 | e11408.d.akamaiedge.net | tcp |
| GB | 95.100.245.89:443 | e11408.d.akamaiedge.net | tcp |
| NL | 185.89.210.153:443 | tcp | |
| US | 131.153.148.26:443 | server.cpmstar.com | tcp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 185.89.210.153:443 | ib.adnxs.com | tcp |
| US | 131.153.148.26:443 | server.cpmstar.com | tcp |
| US | 104.26.7.168:443 | voxiom.io | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | game-server-d3zrp.voxiom.io | udp |
| NL | 46.228.174.115:443 | targeting.unrulymedia.com | tcp |
| US | 8.8.8.8:53 | game-server-d3zrp.voxiom.io | udp |
| NL | 128.199.36.37:443 | game-server-d3zrp.voxiom.io | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| NL | 193.0.160.130:443 | p.rfihub.com | tcp |
| IE | 52.208.228.214:443 | match.prod.bidr.io | tcp |
| US | 34.102.163.6:443 | tcp | |
| US | 35.186.193.173:443 | ipac.ctnsnet.com | tcp |
| NL | 193.0.160.130:443 | tcp | |
| US | 34.102.163.6:443 | tcp | |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 134.122.57.34:443 | match.adsby.bidtheatre.com | tcp |
| SE | 13.50.192.155:443 | d5p.de17a.com | tcp |
| US | 34.1.230.181:443 | tcp | |
| SI | 195.5.165.20:443 | tcp | |
| IE | 52.215.155.11:443 | cm.adgrx.com | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| SG | 35.186.154.107:443 | tcp | |
| SG | 35.186.154.107:443 | tcp | |
| FR | 141.94.161.158:443 | tcp | |
| FR | 141.94.161.158:443 | green.erne.co | tcp |
| US | 104.18.37.193:443 | a.tribalfusion.com | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| NL | 46.228.174.117:443 | tcp | |
| NL | 81.17.55.117:443 | rtb-csync.smartadserver.com | tcp |
| NL | 81.17.55.117:443 | tcp | |
| DE | 162.55.120.196:443 | matching.truffle.bid | tcp |
| DE | 162.55.120.196:443 | tcp | |
| FR | 142.250.179.68:443 | www.google.com | tcp |
Files
/tmp/com.google.Keystone/.keystone_system_install_lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 5db8c33da44fbfea36aa50d598dd72d1 |
| SHA1 | aa32ebb8aa0789bdeae8ee9894ba6af1c6bb1235 |
| SHA256 | f43c1b52a2591f095d780e41e2589482856b62a372e766e03745a0c533998580 |
| SHA512 | 8a315f211f9fc5707d57c1d8ec2aec11df2239d5b6a209f1df26abf58e9708d000942aaf540610fa37803b392db678a57e7a5b44351f0371d9b93eff9b50f5ea |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 02d81932348fe5e78a113afbd4ab4cb3 |
| SHA1 | 85706d2aa6d18105f7ffa3fa7bccd7b374eb6df5 |
| SHA256 | 001692f83f7445f93d7d449171b9808249b782dab662c2fdbaada7a921980894 |
| SHA512 | 6769a4f9e9cf15a3719fa415866d54dbd015a5a55a81f7c281e92400525735fee04610379ab294cf20ea6e6096f7c3b899642fd7cee81943d10be4e0146f3c23 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | a414e14d4e50642d8a340eeed632303a |
| SHA1 | 4608cacec8f27f9062cbad6bf277ae16d8fb4d5a |
| SHA256 | b162bbd2837eb4cf271389ad40541cde3f21f758fe64dea8012e301770e0f076 |
| SHA512 | 3245ae2c62a73607250c567fc5e7c6bbbf5d8c43e3936aadb7db6c6fc3f71d49b95befa8cdfc3482e661ac832c668219018e1db822dc9394c64eed1fda4c74ea |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | ed6d35b78fdacbd9bbdd795a918c8de5 |
| SHA1 | 9a65e69497ab8c27505f462aabd3cd188028fe67 |
| SHA256 | a12b04520539922d7f85b446722ef20280bce08683e8f96c5f1ac9ce4b868792 |
| SHA512 | add92f86a7e64b9d00d07dcfd4cb0d622ce1a916be8448d7863f57e319973ed90ac7948cb4c7abfc5172a0110b23a706c9cee73653b6cdf9a690f6202cf7ca71 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 68549a63b3716436d18d7e8160598abf |
| SHA1 | 587773ffffe8d56beb3456d49e128a764fd7bced |
| SHA256 | d33cd53d493f72afdd891b11940e3bcc79559ded105c22d2b29c1541d55983cf |
| SHA512 | 4c7501f32667c7aef9aeee27e92a2965d599e66049eafde2254846b60ae147259a00d039a4f815ff39220a9f0b35bc138c32a4bbdc2ea48513fe08973f9ff621 |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 7ce5060b67e4d7c0cce146cf00dc69d9 |
| SHA1 | 9514469453b53da452ba98ba51af03ba855eb3ea |
| SHA256 | aca908baf846cba3388409e04f891b850bfdd08fc37f6e13592a7bb5d66654f2 |
| SHA512 | 4e8165d0986b914e2091d63b9c01e67e7c5f4e945199ee12145e8cd5fe2330f4e8ead093bb75ae616fdfdbe8354f7fedbf46b323f3cda25715c0a6485f60dc37 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.RT9G4K
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirqrfIPl/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirqrfIPl/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/caafe25e-2595-4b41-b829-36b78051fcbf
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/ef173a61-af1f-4d9b-a908-c9d6dcf903a6/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.g98LuL/efniojlnjndmcbiieegkicadnoecjjef_1054_all_acwv5cki5hrz6m7phk5bmunngctq.crx3
| MD5 | 3724d2580d4ee48db4ca27b009734565 |
| SHA1 | 3b7109787fd6172808046beb3321e47d91f97dae |
| SHA256 | 79d15e0ead1afd0d88fa0740ab00ec9fb0fb97e119833c093a2161ea175b5693 |
| SHA512 | e1e4c2f15b001f6b0e454e63d34340b05bb52e0e02c18ed6ed7548c729f5e75a2dc472610542a8cd2e221dcf98d7a536bd374fb10170f846340c7ba1ef2164d6 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.St0JJs/hfnkpimlhhgieaddgfemjhofmfblmnib_9062_all_acyptczzyy2iikvwd7emewbcnh7a.crx3
| MD5 | 6b50bb186cf609747f5f29e7435d33c6 |
| SHA1 | 7e4d0ec201f360cb817a96277776e49c20ed85b2 |
| SHA256 | c872cea0b2210c02b52b9c7c5449fca8a97d9a83583a927a0bfe9b0af97c7a12 |
| SHA512 | d7a600edde5588ac13ac563e67a983ebaff85af1639c4fe2bf5d633d01aa932b30a36b90e7601111d58aee3065667c1bcda5a6bb0a3943a6b62bf5423527889d |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.brOKum/jflookgnkcckhobaglndicnbbgbonegd_3039_all_ac724q5mrfm4b4bxvgsppwnsjyra.crx3
| MD5 | 60326e6c90cadc4c38cf7ad54a7d5d15 |
| SHA1 | b9a9ed4b79099524317bcdb01338740280e539dd |
| SHA256 | 1994e34393325afdff0c90ac370065028be66ba9f7c8991b0cf425a0ae494611 |
| SHA512 | 41742a6bbff35f6eadc314a6c3069824a1e8b4363fbba30bf0af03c28914ea47a0e5f890e213a797aea4a0646bab7cd2fc601deecdda4b2c684793c05f818fa7 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.rpRd7q/obedbbhbpmojnkanicioggnmelmoomoc_20240814.664576894.14_all_ENGB500000_dmooonqr2jop4qv2rv3xny52tq.crx3
| MD5 | d7a9e32e4fa55f69bb96f247b8711a80 |
| SHA1 | 53b9fb2dc0126905ede3984208f3c2b845f86127 |
| SHA256 | 6757d59d60acf729c9ce32b7461a001a5ad4ca3bebe1cb87719e66143a7c7452 |
| SHA512 | c0ee6addbf00bcb084d6e3c41d983143a1baf1bfef9cafbafdadf47a820a24a6b82bc40c253436c024b7993d29e50c60ba2b4e5ee53b627c6c327da69e288af2 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.sR4u2g/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.6g1JcK/lmelglejhemejginpboagddgdfbepgmp_462_all_ZZ_acfx7tbdpy6stedolnte7pym6kvq.crx3
| MD5 | 6902764fae563c7f6a4fd13c3426661c |
| SHA1 | 38c97660cc8f1bb5cd154b605a0bb00d4bc79b08 |
| SHA256 | dba4485f76e69664eafa9355ab6811de76901e847536cb8981a81bb7b8eda8c5 |
| SHA512 | 0f2df086de0537db50e58dac2a3f621dd22512bddf9ad3ab1d8309d865959ebbf6d04e941d37557eb358a2034a0ff1f7d825f8ce5ce298fcaeba880cd28f6bee |
Analysis: behavioral10
Detonation Overview
Submitted
2024-08-24 23:07
Reported
2024-08-24 23:08
Platform
debian12-armhf-20240729-en
Max time network
1s