Malware Analysis Report

2025-01-23 14:01

Sample ID 240824-24bhzsvcqc
Target https://voxiom.io
Tags
discovery antivm evasion
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

Threat Level: Likely benign

The file https://voxiom.io was found to be: Likely benign.

Malicious Activity Summary

discovery antivm evasion

Checks CPU configuration

Changes its process name

Reads CPU attributes

Resource Forking

Drops file in Windows directory

Writes file to tmp directory

Enumerates kernel/hardware configuration

Browser Information Discovery

Reads runtime system information

System Location Discovery: System Language Discovery

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies registry class

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks memory information

Suspicious use of WriteProcessMemory

Checks CPU information

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-24 23:07

Signatures

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

128s

Command Line

[xdg-open https://voxiom.io]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/module/apparmor/parameters/enabled /usr/bin/dbus-daemon N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1593/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/1577/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/1577/attr/apparmor/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/1572/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A

Processes

/usr/bin/xdg-open

[xdg-open https://voxiom.io]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://voxiom.io]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

/root/.dbus/session-bus/f2de92a803c744e586bd87567a26b68a-0

MD5 932e3ec73bbd53743220f67a02a1ea46
SHA1 2f16333b8f14e206d88e683a1d0a6e090d45cfa3
SHA256 2e53edd41e567b26b2fc939651a158fa1d1008936b5a28bb6c43081765226738
SHA512 0234e7d2d8909c621046dfd2262301fae35b691d1182e973ed238ff6c3405c551307eb2c01ce3d053dd1e2e7d96e697407085114cf51917da0a5f9ddd4f80d95

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

win7-20240729-en

Max time kernel

120s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://voxiom.io

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430702763" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEC35B71-626D-11EF-9E5F-7A7F57CBBBB1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f0b4947af6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000bd6a10b7698dbe1499f928a58f3e2645d9d77900427e651a254146caf926e42f000000000e8000000002000020000000d443dbc73ea142b3f51652e0161dc70d17501db0a36b485aaf5a5ce38a1c5b54900000001ca5f5acb198ade6c124291c14cbd3cd140cbbd752a6e8cbffb4d6994977df47d732f2f98128b7c866ebf095634ce7eacd846566b0bbfa708724cd7720020fd2c785da5dce7b5454c033696875bb2c9a5e48ad7e1e4e3e83966114b372441e25494bcce58cbc8b0326c0d7652d8cef40f5c0ff44ac5b4ef3c7ff355c88d4489de81895e3efe58c5191f098a1622d086c40000000c824a11e87bb8eab2c99dfe515fd99afcdfc601430cd5da2d12ff2a3e022b0c8ab29dabfa5a6551fb4e12f79b63bcba84b90d1ba6e7fd868343626f75934d7b9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000002cc19e525ccbed4a7fe0d3b891d4758031bee00891d9ebd99de438adc2a05115000000000e8000000002000020000000be8b2693bab17d15d713e96832b4cf6c08588e8a4ed76b08b483380a8f25e9ec200000002840b0d86af558d7d945c14f9d87369d303cccea49f1831a149c9181cd2997f740000000eb62f2ac214d8965ab2bd505255282d755af052e2ef4d43ef0deef7409abcd0801163028c57ca6214784d55f96fde262b5f77e5b15d3cb009e787704634fca4f C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://voxiom.io

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
FR 216.58.214.163:80 c.pki.goog tcp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 matomo.voxiom.io udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\0048a147801f815194c5[1].png

MD5 bb48b87176e04a277733372fecd69bc4
SHA1 9d65d432eb2487f76f2339fbdbe0c28f750d67ba
SHA256 aff3a66cd65c640d87b3f8f8d3587f6fa2d958b9b7c157bd1e83c14ec6d7fea5
SHA512 9720b4d2680bc31bcb18319fddf00669d6ddf7677759b6d037526c2f13f1bb09318b1527a3cc70dc29d27a62d8f6127501b8ac8c1181a56991871757d27821c4

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat

MD5 722e99900deadfc2b90e8926d6dfb598
SHA1 9eda1446104db9fb9a346b3d83237b2ecdc75759
SHA256 6ae7d88f351cb41b9dfa8d7411dae8192d55bfc574821421b005a8945b67b4aa
SHA512 5aaa57fdcb944cfd642a2c89ac1a11f496c70900f495292274eabee97fc14f16e5c3a65a4808ead1c8736c593313d54b7a9535138f84169fd5eaf2ed39979078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02638bc990825c6ec3c981320a0805d1
SHA1 18257b5b81be4e8b6d1266e6a2c617e0667239c3
SHA256 94ed4e729353ea1324ab2e0644c6a5572208192f74a43f843a8d57deb617d944
SHA512 e854695882a46411663b68e7ad2ff8f001b23b120dc4923de39eef84d63782d9daddfacdce7349234f898f82b9defc3629e8adbb7268d206b30f16e32e37c43f

C:\Users\Admin\AppData\Local\Temp\Cab6088.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar60F9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e949135ec10287404f0d4a9a3968ac6b
SHA1 d417683f59973a778f9cdec097b31a98fba02a32
SHA256 4deba26e531d475c2bf2c487ecaed7576021ddbeee63425d9732555b87058e82
SHA512 98b5b35357ff5b19022db7da569a76e4d4e4dbb0c5264de22b94d8212a3d7f513b4825a81c08904748b58cae72298234fd68d04b8427ddb77a36e5e8580cdd5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccc3b1b909cb67d4f410b9e0a648dccd
SHA1 b50dca731477cdb6104081abd24a564d27edf4a5
SHA256 6474afa67e65e1f3369ab7cf87273ffac07f607b3aa8088a194f723e278e4c3c
SHA512 53a1d3b2ce1339874cd18d1b918660ccac121e03559c0bac2e9dae8c1fdd1ef93967355d3f07ae995df99368741059dd14ec31223776261adaf54409c5699db0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94e32379394d92bcb0b5386d482ee0e3
SHA1 5b598e2eb4815215386c7235a0cdd22975c15be8
SHA256 79d28e7f4e91647d4364e42ac541c46ae68b6a9d21f28631ecd9ccb56d96370f
SHA512 935255038c6607723087bff870932ce5fb40d22257e6b2f781f1c963d2e09f69ebcf8228dfaed83fe624c1359afced3a01f55486198afa25ceae6275f2cdcece

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f261bdae887d6557c855277093e383ec
SHA1 3c7cdc4d1ead918451481d49b5399050456946a1
SHA256 51c9199a6ceae4cdb604bcf294147b02e2bb669f5e836f8d70f0359adf2b22fe
SHA512 9111398694d013746323249d5fd36cfab98189f7c71603cbca0726965976f5be3cf4ba31962420d3e9a23f8da9d19d612d7579eff9b5ffe4e6d4ca3d282f58de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4e924cfdded83800dddcd464a5affd5
SHA1 2ab5f498b5cf1f81f6b8d7de0449e6ba893fc281
SHA256 544138955e699672d3d6d5372c47ff5c54b02601ce39080a2ed6bf66ea6993b4
SHA512 e94dd6865f29e4f5132a45a37504e2dfa80b5bbc98d144f147cb81d8a41ca5e1aceb32bb6c3267b67d68c9e65c5daaa1b5280273696a9b2456cdc72751cd1c2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d617147ceb3d8ccd8d6f79ebec780e82
SHA1 ee00441261eabd52f3399c82ff53baf8909e0cc3
SHA256 09736cb0b93398e8e3af3fc429038947a0d3006f3d810aa9fe8a0aca026268e6
SHA512 937bb60b92abba931e13d9fe54e593721a91293bd9940bdc4f47217000148ac1c75695527769faf017794764cf52fd7b15d9a0b8ea81ca80890f7d5ef1643288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed3951d3916682c19e224a122da6f820
SHA1 9be377ef89a1fcf7a56c98dfed16eda369e48542
SHA256 664bc19a2dd04d94b39062de925925b36063eb7100d4dbc22bfa008fa24ba584
SHA512 85e27f4fe0c94ac4d62cc8dad7d0bd8857267ae3b982aa316cc0590af2d30de5e4ef40b61ade3a9d0e009fb1fc3f5bdf4c81ce9dde992ca474861b0a276c9504

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b53a04dea8e900bb07df95dcd7e88f7
SHA1 f88d9aca15bcae0c038a1fa8819f8c1ad93c8a1a
SHA256 782cb74aa88a382a36238fb893cd0db8adf8bdad815558cd95b01181b79e0937
SHA512 f526a2cc24233d60ed48c0e43702e212cd495a71ceb8aa63eea2f2e990c43b7e319a0575f9623806eae309347ecf8694d2aa9b4f4109c4dd70ba9a7c86253259

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 820de585a3401304ee7e2d4fc22a2b2f
SHA1 1e05a9f72b7545492b16cd9402872fe34913da36
SHA256 5434be8f610b095a43d3ef3af2daba080421dcc694e0b871bcf57cd355ee73ba
SHA512 2a285ca8bf6d8e0caec39a802983214806ddb5eadf2419c503368347acd79d3e7e73dc653acd76cf256334fa76039bf8811677adf3d3b76c3aa13ee34113bb4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3aa4ddca579b80d1c94e828ffd1b5a40
SHA1 855c7ecffde0d3074ee25c8c42b0a19d13eb7495
SHA256 69c58c509f6e7cef54c9b7a9c34039f0c9fb97b963c12a1d0b19dfc54c58d68a
SHA512 4aaeb39865b5b2c04d3b8368e08e30be148e79a2e3458cd5f5bed60a9a1a49f411bd7f02ee02f54ed1378e3b96e37567b4142d6a71673ba1aee2e8c0d1aaa86f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe6cd9b405324c32e744c307da2aaf1f
SHA1 79fce4f334461e924823cdbfee0a7b1d8b79504a
SHA256 cde903fd1c22e8c813cb3884c17a116c1597bcd24dffe25ac092b0d82476ebcb
SHA512 d17efdb67e5cbc2dd0effed58d94f4e12472560b8dc1417829ed1d435e16cdf8fa83507a9aa7ffa729616097c166399ff3b8d02aad7d4b22c18eea0c2d26eadb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67d7040404dd9824afdb351612692606
SHA1 c920725e49f9adca9a9dffeb0bec2df377bc42c1
SHA256 429477d0278e33b0924c3f4023e60d5916bfc6eca8a0a87101e7b7d58c28035d
SHA512 763b59670670da6b15d387d9f8e510cc7444d225460e3672af0402ed318ce6c854ebf1c362c176a2ff974ababb7a15191ae962b05aea6a4ac098b131328eb2ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 580a52c544b9050152cc75d6a85161d3
SHA1 a9998f10049ada877701c6461dbe49f8dbfdfb4b
SHA256 889a4cd8694a510a1873a6977f16b272c4e1195ebb3305be1a4d3ea0ef231828
SHA512 ee38aac03ce9c983e2c6d3c66bb512f4191d8f8a1b5f96b068047f23f8be252071133c97d95b006d19b193a1233bbd8ee1196732bf2f9db83beb95f60c8ef8e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c938a9bd512dd817eea883960cf4305
SHA1 348a8af7d4fe4da0941dced7e8bdce3167e3e6a0
SHA256 36042a5191124b96e19edebcc4e8183d7616d4a12eb6df147fdb162d9996c649
SHA512 4936abf7e40d321cac3757287557eb3410657bba18abdcff3830be1c38bf98380afcf05506b7d5b598f25ba26f82b079438e5493e64ae216ccc1e411e4f7211d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 033bde7f7822c2ad08dec903b6d9601c
SHA1 bb5b488f614cb0b57f3c0ce34737f97562b81585
SHA256 a9579e8db3664875d5b709db407377fe7214cb53bca27df504b6cc6b3489db12
SHA512 46bd4fc5b870e7903d7f2a6c93baa2b3fee06f734b75c8ff05c33e5d6f52baeef50ebac5ceb554b301b8e5b4f9e0ff6577b49cc4df69c42832da02cf0ef6a103

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe3e0bb7a5dbcff716dd8211a2c54e6b
SHA1 d71fcfc77fd9775008cf0aef047230e648108092
SHA256 096ca41ce9ba9b777d5c84331d237f668a2ea0a753eb70926db0f420d40a8f3e
SHA512 df056bb4876671d51b632d6045612b380e7e3a7b8dd220f77731f2228eec8cf4377b029f3bc17c4c2b2d6da44ecb12338672918d2467c310ab7df0bf8fcbc68c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f7abc530497a29a179eaca836de9907
SHA1 e9e9703a0e74a7c1f594b678f251bd9edfc9d3cb
SHA256 18eaa96c179f4597a1b2f74e313bf7856fcef4e06728b35c4ca203978cc5dfe4
SHA512 1e2f5443c3e74ec83f63168ca6a92349204c23767b6c84a9d809e666f656da7fbc899b24e303b7a5ad40145290b941318a19cf55ba68e380962984adee5582db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d957035724cfe32c351790db20ec4f57
SHA1 68e093ba34cb39c6ab7d377d1dc4b3d752d79a72
SHA256 a7dcb20a3dbc72baf959139ed265a7e31c55b5f474b2e9d0b785729490500701
SHA512 98b1671923109e6a8f04b48143a698965f931427fd935f3eda5d4518a4091e31c7c67f28924a85c3236ce3e6c8a23c2b4ac2e98cd5ad5f1b7f773ac276e785ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b67ba1992278f08c140deeffd9c0b92c
SHA1 6a6f8341c7a5b353f7e389798554b46ffafd4322
SHA256 a07fb30097f7444ecd618545b94271dac26216b1bee8b0a98212b7ca89c1f972
SHA512 00a8f871a9171b274af816f3110f8d9da71b4e85b0b34fcb63a54c4f9dccc690b1a58567add781b3fda97180e878e6f7ccf4d3b70175b8b8a2054355f95c76f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a41dc8faac68e3fc833db6b813bea27
SHA1 14ff030e801f234e49079c8e62843fb51e558fd5
SHA256 c6beaf324f0fbdd47828fc9f5b7f7eda7f4dc3a88e5a190bfdf3358e49abbf8e
SHA512 2ec23340443228b878a932f28283cd2fee378b6f2adce7648cb8c4e5e93f00d12a797be1fa1e1d51d5101e773724286c36743e2f126b29b7db5c34973ffbb0a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d05a0c66d2dbd140a0df70e8e0b3967
SHA1 d0aa01d7a2cd8efc62d93875822a2516a231630a
SHA256 9bdcb7a09f4ca8ba7befdb81db5ea5a1688f8cf2035875e9bc703eaaaeb41d37
SHA512 d8d4dea8217bfbe5ef9c56c8e82f26ea44598f01273a1f0bc03f4d72cc83c955f412ffcbe92f3a8f5d6ae8311d86b977fa0f461e96edc4050b3889c716b74d3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4f2d0d4de535b043b629044a415d96f
SHA1 bc7d6b6ad93339f291677e5bcb55cdc7c0f50644
SHA256 aa5d0ecb2ec36bc62604b8bc82e9a4e438abbc0f639687c6dff2c3b8f96915df
SHA512 732cbf827d6207b30de989ade15ab4ec5afc00a2644017e3cd017840ad1e87e83283befad8bd688872644036d7e477094d8adc3e2972ec28dbb4ba76c8a6cbc9

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:11

Platform

android-x64-20240624-en

Max time kernel

178s

Max time network

186s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 matomo.voxiom.io udp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 api.adinplay.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 104.26.3.232:443 api.adinplay.com tcp
US 1.1.1.1:53 cadmus.script.ac udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 country.adinplay-venatus.workers.dev udp
US 1.1.1.1:53 c.amazon-adsystem.com udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 1.1.1.1:53 imasdk.googleapis.com udp
US 1.1.1.1:53 btloader.com udp
US 172.67.173.227:443 country.adinplay-venatus.workers.dev tcp
US 1.1.1.1:53 stats.adinplay.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
US 104.22.74.216:443 btloader.com tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
US 1.1.1.1:53 c.delivery.consentmanager.net udp
US 1.1.1.1:53 cdn.consentmanager.net udp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
US 1.1.1.1:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 1.1.1.1:53 config.aps.amazon-adsystem.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 108.156.39.27:443 config.aps.amazon-adsystem.com tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 1.1.1.1:53 invstatic101.creativecdn.com udp
US 1.1.1.1:53 tags.crwdcntrl.net udp
US 1.1.1.1:53 static.criteo.net udp
US 1.1.1.1:53 oa.openxcdn.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 1.1.1.1:53 e65c4a55be9d9194882b6bfc694256c8.safeframe.googlesyndication.com udp
GB 18.245.143.118:443 tags.crwdcntrl.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
GB 216.58.213.1:443 e65c4a55be9d9194882b6bfc694256c8.safeframe.googlesyndication.com tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.200.34:443 ep1.adtrafficquality.google tcp
US 172.67.71.133:443 voxiom.io tcp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.178.1:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 script.4dex.io udp
US 172.67.75.241:443 script.4dex.io tcp
US 1.1.1.1:53 targeting.unrulymedia.com udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 elb.the-ozone-project.com udp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 1.1.1.1:53 hb.yellowblue.io udp
US 1.1.1.1:53 ib.adnxs.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
US 1.1.1.1:53 rtb.openx.net udp
US 1.1.1.1:53 server.cpmstar.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 108.138.217.61:443 hb.yellowblue.io tcp
US 1.1.1.1:53 mp.4dex.io udp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 1.1.1.1:53 htlb.casalemedia.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 131.153.151.114:443 server.cpmstar.com tcp
US 1.1.1.1:53 onetag-sys.com udp
US 172.64.153.78:443 mp.4dex.io tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 1.1.1.1:53 aax.amazon-adsystem.com udp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 172.67.75.241:443 script.4dex.io tcp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 js-sec.indexww.com udp
US 1.1.1.1:53 ads.pubmatic.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
GB 23.219.196.188:443 ads.pubmatic.com tcp
US 1.1.1.1:53 acdn.adnxs.com udp
US 1.1.1.1:53 adinplay-d.openx.net udp
US 151.101.129.108:443 acdn.adnxs.com tcp
US 1.1.1.1:53 eus.rubiconproject.com udp
US 1.1.1.1:53 eb2.3lift.com udp
US 34.98.64.218:443 adinplay-d.openx.net tcp
GB 104.115.33.62:443 eus.rubiconproject.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 api.gameanalytics.com udp
US 34.193.160.81:443 api.gameanalytics.com tcp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 1.1.1.1:53 cms.quantserve.com udp
US 1.1.1.1:53 c1.adform.net udp
US 1.1.1.1:53 aax-eu.amazon-adsystem.com udp
US 1.1.1.1:53 match.adsrvr.org udp
US 1.1.1.1:53 cm.g.doubleclick.net udp
DE 91.228.74.166:443 cms.quantserve.com tcp
DK 37.157.3.26:443 c1.adform.net tcp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
US 1.1.1.1:53 ssum-sec.casalemedia.com udp
GB 142.250.200.2:443 cm.g.doubleclick.net tcp
GB 142.250.200.2:443 cm.g.doubleclick.net tcp
US 1.1.1.1:53 image6.pubmatic.com udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 1.1.1.1:53 token.rubiconproject.com udp
US 1.1.1.1:53 us-u.openx.net udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 1.1.1.1:53 dis.criteo.com udp
IE 52.94.223.37:443 aax-eu.amazon-adsystem.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
US 1.1.1.1:53 sync.crwdcntrl.net udp
US 1.1.1.1:53 cr.frontend.weborama.fr udp
US 1.1.1.1:53 mwzeom.zeotap.com udp
US 1.1.1.1:53 um.simpli.fi udp
US 1.1.1.1:53 pr-bh.ybp.yahoo.com udp
US 1.1.1.1:53 ups.analytics.yahoo.com udp
US 1.1.1.1:53 eu-u.openx.net udp
IE 54.72.42.145:443 sync.crwdcntrl.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
NL 34.91.62.186:443 um.simpli.fi tcp
IE 52.50.71.3:443 pr-bh.ybp.yahoo.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 1.1.1.1:53 simage2.pubmatic.com udp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
US 1.1.1.1:53 image2.pubmatic.com udp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
US 1.1.1.1:53 simage4.pubmatic.com udp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
US 1.1.1.1:53 t.adx.opera.com udp
US 1.1.1.1:53 x.bidswitch.net udp
US 1.1.1.1:53 dsp-cookie.adfarm1.adition.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 1.1.1.1:53 sync.srv.stackadapt.com udp
US 1.1.1.1:53 sync-tm.everesttech.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
US 54.204.207.243:443 sync.srv.stackadapt.com tcp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
US 1.1.1.1:53 uipglob.semasio.net udp
US 1.1.1.1:53 pixel.onaudience.com udp
US 1.1.1.1:53 pixel-sync.sitescout.com udp
US 1.1.1.1:53 creativecdn.com udp
US 1.1.1.1:53 pubmatic-match.dotomi.com udp
US 1.1.1.1:53 dsp-ap.eskimi.com udp
DK 77.243.51.121:443 uipglob.semasio.net tcp
CA 148.113.153.94:443 pixel.onaudience.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
US 1.1.1.1:53 sonata-notifications.taptapnetworks.com udp
DE 54.93.104.240:443 sonata-notifications.taptapnetworks.com tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
GB 172.217.16.234:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 p.rfihub.com udp
US 1.1.1.1:53 match.prod.bidr.io udp
US 1.1.1.1:53 ad.mrtnsvr.com udp
US 1.1.1.1:53 ipac.ctnsnet.com udp
US 1.1.1.1:53 d5p.de17a.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
IE 34.252.6.15:443 match.prod.bidr.io tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 1.1.1.1:53 csync.loopme.me udp
US 1.1.1.1:53 core.iprom.net udp
US 1.1.1.1:53 cm.adgrx.com udp
SE 13.53.196.230:443 d5p.de17a.com tcp
NL 35.214.180.88:443 csync.loopme.me tcp
US 1.1.1.1:53 ad.turn.com udp
SI 195.5.165.20:443 core.iprom.net tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
US 1.1.1.1:53 match.adsby.bidtheatre.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
US 1.1.1.1:53 rtb-csync.smartadserver.com udp
NL 89.149.193.104:443 rtb-csync.smartadserver.com tcp
US 1.1.1.1:53 bh.contextweb.com udp
NL 208.93.169.131:443 bh.contextweb.com tcp
US 1.1.1.1:53 cm-supply-web.gammaplatform.com udp
US 1.1.1.1:53 green.erne.co udp
US 1.1.1.1:53 a.tribalfusion.com udp
US 1.1.1.1:53 sync.1rx.io udp
US 1.1.1.1:53 matching.truffle.bid udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 141.94.161.158:443 green.erne.co tcp
US 104.18.37.193:443 a.tribalfusion.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 1.1.1.1:53 pixel-eu.onaudience.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 54.38.113.7:443 pixel-eu.onaudience.com tcp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 1.1.1.1:53 s.tribalfusion.com udp
US 1.1.1.1:53 sync.targeting.unrulymedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 185.89.211.116:443 ib.adnxs.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 1.1.1.1:53 ib.adnxs.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 1.1.1.1:53 ib.adnxs.com udp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 targeting.unrulymedia.com udp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
US 131.153.151.114:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp

Files

files/dom-0.html

MD5 ee0dcecb8142557b3b481f0896375d8f
SHA1 76ddc8a613bb3f8a900462a121101906e7a50caf
SHA256 95d0d8ddf1c9dce17ad1da959283d32392643209fb13ec087b0214f9cd8b5f7d
SHA512 52eb38e6a18f876a4186f32470171462b123cdd85f0814cc5df92587b6e06afd478ec8b13aa5a296e054a58d5a72acab903d68433506a1f3b8fd1ee179603e5f

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:11

Platform

android-x64-arm64-20240624-en

Max time kernel

176s

Max time network

184s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp
GB 216.58.204.78:443 android.apis.google.com tcp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 voxiom.io udp
BE 74.125.206.84:443 accounts.google.com tcp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 matomo.voxiom.io udp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 api.adinplay.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 172.67.71.222:443 api.adinplay.com tcp
US 1.1.1.1:53 cadmus.script.ac udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 country.adinplay-venatus.workers.dev udp
US 1.1.1.1:53 c.amazon-adsystem.com udp
US 1.1.1.1:53 securepubads.g.doubleclick.net udp
US 1.1.1.1:53 imasdk.googleapis.com udp
US 1.1.1.1:53 stats.adinplay.com udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 1.1.1.1:53 btloader.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 104.21.30.224:443 country.adinplay-venatus.workers.dev tcp
GB 142.250.180.2:443 securepubads.g.doubleclick.net tcp
GB 142.250.200.10:443 imasdk.googleapis.com tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
US 104.22.75.216:443 btloader.com tcp
US 1.1.1.1:53 c.delivery.consentmanager.net udp
US 1.1.1.1:53 cdn.consentmanager.net udp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
US 1.1.1.1:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 1.1.1.1:53 config.aps.amazon-adsystem.com udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 1.1.1.1:53 ad-delivery.net udp
GB 108.156.39.35:443 config.aps.amazon-adsystem.com tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
GB 142.250.180.2:443 securepubads.g.doubleclick.net tcp
GB 108.156.39.35:443 config.aps.amazon-adsystem.com tcp
US 1.1.1.1:53 cdn.consentmanager.net udp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
US 1.1.1.1:53 update.googleapis.com udp
US 1.1.1.1:53 script.4dex.io udp
US 1.1.1.1:53 mp.4dex.io udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 onetag-sys.com udp
US 1.1.1.1:53 targeting.unrulymedia.com udp
US 1.1.1.1:53 elb.the-ozone-project.com udp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 104.18.34.178:443 mp.4dex.io tcp
US 1.1.1.1:53 htlb.casalemedia.com udp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 1.1.1.1:53 hb.yellowblue.io udp
DE 51.38.120.206:443 onetag-sys.com tcp
US 1.1.1.1:53 server.cpmstar.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 1.1.1.1:53 rtb.openx.net udp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 1.1.1.1:53 ib.adnxs-simple.com udp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
US 198.24.161.244:443 server.cpmstar.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 37.252.171.149:443 ib.adnxs-simple.com tcp
DE 37.252.171.149:443 ib.adnxs-simple.com tcp
US 1.1.1.1:53 api.btloader.com udp
US 1.1.1.1:53 aax.amazon-adsystem.com udp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 1.1.1.1:53 invstatic101.creativecdn.com udp
US 1.1.1.1:53 tags.crwdcntrl.net udp
US 1.1.1.1:53 static.criteo.net udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 1.1.1.1:53 oa.openxcdn.net udp
US 1.1.1.1:53 b1e8d83e12d21d9d200ea7055b75793e.safeframe.googlesyndication.com udp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
GB 216.58.204.65:443 b1e8d83e12d21d9d200ea7055b75793e.safeframe.googlesyndication.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
US 1.1.1.1:53 script.4dex.io udp
US 104.26.8.169:443 script.4dex.io tcp
US 1.1.1.1:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 1.1.1.1:53 eb2.3lift.com udp
US 1.1.1.1:53 js-sec.indexww.com udp
US 1.1.1.1:53 adinplay-d.openx.net udp
US 1.1.1.1:53 eus.rubiconproject.com udp
US 1.1.1.1:53 ads.pubmatic.com udp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 35.244.159.8:443 adinplay-d.openx.net tcp
GB 104.115.33.62:443 eus.rubiconproject.com tcp
GB 104.115.32.236:443 ads.pubmatic.com tcp
US 104.26.8.169:443 script.4dex.io tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
GB 104.115.32.236:443 ads.pubmatic.com tcp
US 1.1.1.1:53 api.gameanalytics.com udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 34.198.39.43:443 api.gameanalytics.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 1.1.1.1:53 tpc.googlesyndication.com udp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
US 1.1.1.1:53 ssum-sec.casalemedia.com udp
US 1.1.1.1:53 udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 1.1.1.1:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
US 1.1.1.1:53 cm.g.doubleclick.net udp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
US 1.1.1.1:53 sync.crwdcntrl.net udp
US 1.1.1.1:53 dis.criteo.com udp
IE 54.75.251.201:443 sync.crwdcntrl.net tcp
US 1.1.1.1:53 cr.frontend.weborama.fr udp
US 1.1.1.1:53 mwzeom.zeotap.com udp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
US 1.1.1.1:53 um.simpli.fi udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 104.22.51.98:443 mwzeom.zeotap.com tcp
US 1.1.1.1:53 c1.adform.net udp
NL 34.91.62.186:443 um.simpli.fi tcp
US 1.1.1.1:53 match.adsrvr.org udp
US 1.1.1.1:53 pr-bh.ybp.yahoo.com udp
US 1.1.1.1:53 aax-eu.amazon-adsystem.com udp
US 104.26.7.168:443 matomo.voxiom.io tcp
DK 37.157.5.84:443 c1.adform.net tcp
US 1.1.1.1:53 ib.adnxs.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
IE 52.19.72.68:443 pr-bh.ybp.yahoo.com tcp
IE 52.95.115.196:443 aax-eu.amazon-adsystem.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 1.1.1.1:53 ups.analytics.yahoo.com udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
GB 142.250.179.225:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 1.1.1.1:53 simage4.pubmatic.com udp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
US 1.1.1.1:53 cms.quantserve.com udp
US 1.1.1.1:53 t.adx.opera.com udp
US 1.1.1.1:53 x.bidswitch.net udp
US 1.1.1.1:53 dsp-cookie.adfarm1.adition.com udp
DE 91.228.74.244:443 cms.quantserve.com tcp
US 1.1.1.1:53 sync.srv.stackadapt.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
US 54.197.234.7:443 sync.srv.stackadapt.com tcp
US 1.1.1.1:53 sync-tm.everesttech.net udp
US 1.1.1.1:53 dsp-ap.eskimi.com udp
US 1.1.1.1:53 uipglob.semasio.net udp
US 151.101.66.49:443 sync-tm.everesttech.net tcp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 1.1.1.1:53 pixel.onaudience.com udp
US 1.1.1.1:53 pixel-sync.sitescout.com udp
US 1.1.1.1:53 creativecdn.com udp
US 1.1.1.1:53 pubmatic-match.dotomi.com udp
FR 54.38.113.3:443 pixel.onaudience.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 64.158.223.137:443 pubmatic-match.dotomi.com tcp
US 1.1.1.1:53 image2.pubmatic.com udp
NL 198.47.127.205:443 image2.pubmatic.com tcp
NL 198.47.127.205:443 image2.pubmatic.com tcp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
US 1.1.1.1:53 simage2.pubmatic.com udp
US 1.1.1.1:53 cms.analytics.yahoo.com udp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
US 1.1.1.1:53 redirector.gvt1.com udp
GB 172.217.16.238:443 redirector.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrnse.gvt1.com udp
GB 74.125.168.200:443 r3---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r3---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.200:443 r3---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r4---sn-aigzrn7z.gvt1.com udp
GB 173.194.135.105:443 r4---sn-aigzrn7z.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnsl.gvt1.com udp
GB 74.125.168.234:443 r5---sn-aigzrnsl.gvt1.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 1.1.1.1:53 r5---sn-aigzrn7s.gvt1.com udp
GB 173.194.129.202:443 r5---sn-aigzrn7s.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrnss.gvt1.com udp
GB 74.125.175.10:443 r5---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnse.gvt1.com udp
GB 74.125.168.198:443 r1---sn-aigzrnse.gvt1.com tcp
US 1.1.1.1:53 r1---sn-aigzrnss.gvt1.com udp
GB 74.125.175.6:443 r1---sn-aigzrnss.gvt1.com tcp
US 1.1.1.1:53 r2---sn-aigzrn7d.gvt1.com udp
GB 173.194.138.199:443 r2---sn-aigzrn7d.gvt1.com tcp
US 1.1.1.1:53 r5---sn-aigzrn7e.gvt1.com udp
GB 173.194.5.42:443 r5---sn-aigzrn7e.gvt1.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
GB 142.250.200.36:443 tcp
GB 142.250.200.36:443 tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
US 1.1.1.1:53 acdn.adnxs.com udp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 1.1.1.1:53 p.rfihub.com udp
US 1.1.1.1:53 match.prod.bidr.io udp
US 1.1.1.1:53 ad.mrtnsvr.com udp
US 1.1.1.1:53 ad.turn.com udp
NL 193.0.160.130:443 p.rfihub.com tcp
US 1.1.1.1:53 ipac.ctnsnet.com udp
IE 34.250.109.179:443 match.prod.bidr.io tcp
US 1.1.1.1:53 match.adsby.bidtheatre.com udp
US 1.1.1.1:53 d5p.de17a.com udp
US 1.1.1.1:53 csync.loopme.me udp
US 1.1.1.1:53 core.iprom.net udp
NL 46.228.164.11:443 ad.turn.com tcp
US 1.1.1.1:53 cm.adgrx.com udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
SE 13.50.192.155:443 d5p.de17a.com tcp
NL 35.214.180.88:443 csync.loopme.me tcp
SI 195.5.165.20:443 core.iprom.net tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
SE 13.50.192.155:443 d5p.de17a.com tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
US 1.1.1.1:53 cm-supply-web.gammaplatform.com udp
US 1.1.1.1:53 green.erne.co udp
US 1.1.1.1:53 a.tribalfusion.com udp
US 1.1.1.1:53 sync.1rx.io udp
US 1.1.1.1:53 matching.truffle.bid udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 141.94.240.143:443 green.erne.co tcp
US 172.64.150.63:443 a.tribalfusion.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 1.1.1.1:53 pixel-eu.onaudience.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 54.38.113.5:443 pixel-eu.onaudience.com tcp
US 1.1.1.1:53 s.tribalfusion.com udp
US 1.1.1.1:53 sync.targeting.unrulymedia.com udp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.200.35:443 update.googleapis.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
US 1.1.1.1:53 targeting.unrulymedia.com udp
US 198.24.161.244:443 server.cpmstar.com tcp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
US 1.1.1.1:53 targeting.unrulymedia.com udp
US 198.24.161.244:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
US 104.26.7.168:443 matomo.voxiom.io tcp
DE 51.38.120.206:443 onetag-sys.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
US 198.24.161.244:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 1.1.1.1:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 104.26.7.168:443 matomo.voxiom.io tcp

Files

files/dom-0.html

MD5 5d6b0228a7364d2b9bcb9a04b4801460
SHA1 6a3d8c7ed0a4c4f497a5d49d47f0c3c836b6ca9d
SHA256 27e3611001a617126be6a2c0353526c6eea0928384831e8cebe56f9d30a1ec01
SHA512 1137501869500d15690e11df785b18f6a0604c0b64f83e074a12055144006fd5cea63a00bfeba8998eb1d8dc2ec8f53f7caa7fea93470d535e006d1e5a71cdc1

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:11

Platform

android-x86-arm-20240624-en

Max time kernel

166s

Max time network

186s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 matomo.voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 api.adinplay.com udp
US 104.26.2.232:443 api.adinplay.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 api.gameanalytics.com udp
US 18.233.144.99:443 api.gameanalytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 1.1.1.1:53 game-server-d3zrp.voxiom.io udp
NL 128.199.36.37:443 game-server-d3zrp.voxiom.io tcp

Files

files/dom-0.html

MD5 0ab20042e95d2f69c4fb35cf1046c8de
SHA1 77c4dc856d5cdd7e75673e5dc9be542e47b17dcc
SHA256 22af84a2fa91d9158156bb8f6143edd6e900311cf23cb483eef3af239bb4a4cb
SHA512 fc0b52cdfc0b6937cfebbd651ae527da364eef3a34a8e1cf602be544380877314190db0f39693fc11cc19e18ee58cd2fa02d5bb9f7524c37349e7f870dddc9b2

Analysis: behavioral13

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:08

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:08

Platform

debian9-mipsel-20240729-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://voxiom.io

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2136 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 4968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 1220 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 2956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2136 wrote to memory of 3700 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://voxiom.io

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd76d846f8,0x7ffd76d84708,0x7ffd76d84718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5796 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x508 0x514

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15083382869633618892,12973535898651881657,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 172.67.71.133:443 voxiom.io tcp
US 172.67.71.133:443 voxiom.io tcp
US 8.8.8.8:53 matomo.voxiom.io udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 api.adinplay.com udp
US 104.26.3.232:443 api.adinplay.com tcp
US 8.8.8.8:53 stats.adinplay.com udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 country.adinplay-venatus.workers.dev udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 btloader.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 172.67.173.227:443 country.adinplay-venatus.workers.dev tcp
US 104.22.74.216:443 btloader.com tcp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 2.18.190.80:80 apps.identrust.com tcp
US 8.8.8.8:53 c.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
US 8.8.8.8:53 ad-delivery.net udp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 232.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 145.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 97.15.119.93.in-addr.arpa udp
US 8.8.8.8:53 227.173.67.172.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 138.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 76.98.230.87.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
GB 84.17.50.9:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 166.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 9.50.17.84.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 e8abd68ff08d6fb0b22f016c10fd747f.safeframe.googlesyndication.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
FR 142.250.179.65:443 e8abd68ff08d6fb0b22f016c10fd747f.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 server.cpmstar.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 i.clean.gg udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 172.64.153.78:443 mp.4dex.io tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 172.67.75.241:443 script.4dex.io tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
GB 108.138.217.48:443 hb.yellowblue.io tcp
DE 51.89.9.254:443 onetag-sys.com tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 131.153.170.212:443 server.cpmstar.com tcp
US 131.153.170.212:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 34.95.69.49:443 i.clean.gg tcp
NL 185.89.210.20:443 ib.adnxs-simple.com tcp
NL 185.89.210.20:443 ib.adnxs-simple.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 108.156.39.15:443 config.aps.amazon-adsystem.com tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 65.179.250.142.in-addr.arpa udp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.95.69.49:443 i.clean.gg udp
US 8.8.8.8:53 api.gameanalytics.com udp
US 3.228.54.209:443 api.gameanalytics.com tcp
US 172.67.75.241:443 script.4dex.io tcp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 241.75.67.172.in-addr.arpa udp
US 8.8.8.8:53 48.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 49.69.95.34.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 254.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 15.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 212.170.153.131.in-addr.arpa udp
US 8.8.8.8:53 190.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 adinplay-d.openx.net udp
DE 51.89.9.254:443 onetag-sys.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 35.244.159.8:443 adinplay-d.openx.net tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 209.54.228.3.in-addr.arpa udp
US 8.8.8.8:53 34.189.245.18.in-addr.arpa udp
US 8.8.8.8:53 251.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 192.108.18.2.in-addr.arpa udp
US 8.8.8.8:53 token.rubiconproject.com udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 172.67.71.133:443 matomo.voxiom.io tcp
FR 172.217.20.162:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 234.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 66.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.179.250.142.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.227.252.103:443 rtb.openx.net udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.170.212:443 server.cpmstar.com tcp
US 131.153.170.212:443 server.cpmstar.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.211.84:443 ib.adnxs.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 acdn.adnxs.com udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 8.8.8.8:53 84.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 108.65.101.151.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
DE 87.230.98.76:443 c.delivery.consentmanager.net tcp
FR 216.58.215.34:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
IE 54.72.42.145:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 cdn.ampproject.org udp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.179.68:443 www.google.com udp
US 8.8.8.8:53 145.42.72.54.in-addr.arpa udp
US 8.8.8.8:53 161.214.58.216.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.170.212:443 server.cpmstar.com tcp
NL 185.89.211.84:443 ib.adnxs.com tcp
US 131.153.170.212:443 server.cpmstar.com tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 u.openx.net udp
GB 2.22.101.110:443 secure-assets.rubiconproject.com tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 52.95.115.255:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 110.101.22.2.in-addr.arpa udp
US 8.8.8.8:53 255.115.95.52.in-addr.arpa udp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 game-server-d3zrp.voxiom.io udp
US 34.149.40.38:443 u.4dex.io tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 128.199.36.37:443 game-server-d3zrp.voxiom.io tcp
DE 51.89.9.254:443 onetag-sys.com tcp
US 8.8.8.8:53 ads.stickyadstv.com udp
FR 154.54.250.80:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 37.36.199.128.in-addr.arpa udp
US 8.8.8.8:53 80.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 sync.mathtag.com udp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 spl.zeotap.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 172.67.40.173:443 spl.zeotap.com tcp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
US 52.46.151.131:443 s.amazon-adsystem.com tcp
NL 89.149.193.116:443 ssbsync-global.smartadserver.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 216.200.232.249:443 sync.mathtag.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 80.77.87.166:443 cs.admanmedia.com tcp
NL 89.149.193.116:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 63.33.11.39:443 ice.360yield.com tcp
US 8.8.8.8:53 173.40.67.172.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 131.151.46.52.in-addr.arpa udp
US 8.8.8.8:53 116.193.149.89.in-addr.arpa udp
US 8.8.8.8:53 166.87.77.80.in-addr.arpa udp
FR 142.250.75.226:443 cm.g.doubleclick.net tcp
FR 142.250.75.226:443 cm.g.doubleclick.net tcp
FR 142.250.75.226:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 39.11.33.63.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 249.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 226.75.250.142.in-addr.arpa udp
FR 142.250.75.226:443 cm.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 api.gameanalytics.com udp
US 44.219.108.192:443 api.gameanalytics.com tcp
US 44.219.108.192:443 api.gameanalytics.com tcp
US 44.219.108.192:443 api.gameanalytics.com tcp
US 44.219.108.192:443 api.gameanalytics.com tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

\??\pipe\LOCAL\crashpad_2136_LCBVQNUIOLUJEJVJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4c3e3f43b1ecc9cc3e677476f94f2e4
SHA1 0b330939c7242436f168ada9117873c417362ea5
SHA256 56b6913c0e90e4bc0d6ab0e6f4afb50fa7b5eb539d0e5e13cd4060e94e778c1f
SHA512 f798db78eb701c7be60d149b8591e8482956b304f06acd4e824f28696f3a7332aa196105d1b2b7486c16876da9cbcead9116e327d87aceddc03ec6e44e3d1526

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9ed574466d5cadca2909595619f94b36
SHA1 877c0481a67e3b7ed7571f011ba182c7cc2207f1
SHA256 8caf102e1548b4a28a7e1c6c481ba06d1131d1b2cfcbf726a4fdc3a097cccf6a
SHA512 63c99aaa3bd9340a874dffe1753fcf2b9802d30c7783bddf856b516c61ba774e8f399aea0c7892d71fe8ef0fb17caac486215b8849f7988484f255e6d29d3bba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb3df61d02e4593f8a78e29d32eeef3e
SHA1 060837cb11d47ce70aa1297be4fe9d7bce089c34
SHA256 c522e7549b2226f5e58b191cf934d694eadafeacb692cc0643bda7ae7e9e7ff4
SHA512 c37ab3ab07d6032a27b5832694e25a1dbfdfe2268cb0aef9ca3804016b09228439857e4b8ed0bfbb3fdd610e1b1b1e7748d32048b4732e2e62ff34d6ba80b89f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c47da9df397caf3abda1079ab549d691
SHA1 f8c0baee7e2b158b629e2b011669a94e20dbb76c
SHA256 03593149d8d3b30e0d7fd9403298cd76e49860b3275e5a580bc8a0e07f561872
SHA512 ce0c4cc402bc45c7e1cf0d48993453ae930c5f71dbfecebf85ac42ca5b962e824bef4caa9b980c8ccb14339d2e6793a023d9b94502a0674138c9085dc579395a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582219.TMP

MD5 1db62f26a828f36001cb9ceea6afa611
SHA1 bd2965cbea403f5f0ae8557761c3286a16e45319
SHA256 1914e555f32b15bfd0547a82b1c1c33a8725b4d660d78429d0038c319e968f94
SHA512 0ab82b2d3ba1eff91177b9eb11f3b0bca78ffb0472d65dc97a549621b5b1ee64cb811d65405f533a603cd60b9708a4179a5e495dba6c8d1e2d56aa2835e03128

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e89be27731129b91e70fc0ab873bdb11
SHA1 c174c7ac7843a297fd9841e25b1ed707661a6fbc
SHA256 219d6f8f8da25d846492708476a3facac190076752e8422b1945b49560b3b49b
SHA512 8725117cd8ad94ef6b169aa628c274f05aa6e5971a198808a53a137b8b17b90954139b68ca6331af6b545c6dd98b9d61448b2de503d785765f83676dee08d8d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bd39f24cf0f751bd6fbd0f9995edbe67
SHA1 19889d609d81bae6e4292689c760911463b8dfbb
SHA256 7c7ce66594473c85e4a8eb53fc17d6e2e5adb24faa6d2adf98b891defd026a7c
SHA512 1dd7b08ea31800884af0a1ce9c9bea9fcee9e379a3c597ca2319b84a0a9ed04adf0a4ada23ce2250bffa8ade9f8bed5013e9547363dcdbeb8dce0eaad9545b55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1dc9af7d0e6f7d5655aa47fd7f65f659
SHA1 8c706ff6fb3c1ada7f7072fe62525c27c6d1642a
SHA256 e547ba96b32336af0dbbe8e3ea7ed538adf4d956fab9b16eda9ec12be8e6634c
SHA512 f4100085fed7ccda856b56b38254770d799eb9ae791d9a37fd324622fe3313dd54f29acee866d2da394356462080ebf86494e905c253c5e7ec41dd247b1df55a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3eebd7a944dc244167cf259d2c94b56b
SHA1 0c93d95cdf0d4b44b5d22ac49916717373619110
SHA256 1a2fb12c6ce19e6af5b3429110f30254878a11d76a7fb69c01137edf25c3b6c1
SHA512 f19eae61b40d0588d1fa5df096ce060409a07cdbfc531d37a392dd96b369b2e135b5e8aa98fa4611d299f1dc4831390f5e6eb1b21cf0ffb28ea62d55ae7ea84a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3c13287d5bf95f35cf04c35604a46ad0
SHA1 3dbd11f89b091912a7cab34d5fa4d066ef433fd3
SHA256 56d9edbba4ed8a52b4b187f3a525160a97e81e2d64842510277da116fc7ef852
SHA512 375d9d88475093960cda9ade9d751d9ba5b218290350499b6708bf32701e87dc4f886353fd19ca1a3b46b6a11d8efbc730d7efdc538ca99d00a3552b87870b3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b26747babcec484c07cd52a5b712f8e0
SHA1 5b089240d88326a6ced6ccd7ecb177cd44b18ff1
SHA256 cd94bf8e17e431bb6e1918d607ec1579faf08134c259d4d472c26b47485d932b
SHA512 e73ee72abce9649eb62affbff858e0e9596ead390f4cf5219cf0f7352899b9bc834b93503ed6ae98c965dc36c7649739bc11a5fff0c0f3d81c7edcee398e6612

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48a02d71f125b37467f332742904e44e
SHA1 43b74e43a72a22dd0ea2d8d900b51ac72ab18f59
SHA256 a84426b0b36308b0c45b5f9fdcb34319f57c266c011b54ba0b28daafa70b9eea
SHA512 0cdc017ee7f3d42e9da9154fbca25d28fd07ebdff9363cd34694aaeb09be622d1a0d7d3573f4093fbc5c5f2dc399d3cdb50973aee6a15cd537b0965b0dc61154

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8b0e93e694ce5f967df8487b0e118052
SHA1 a692ce06d32915159ee73db38a8847b124a925b3
SHA256 d539ff9721ae6ce1ca5531c03e8654fd6e93682d2d1e0d80ba01ed6c0837daad
SHA512 e7627d835f1afd0f0e2a308e7545e6e23f1a87e0b463e49b89054cb905e4078bc386bf4f556918065bce1288587e65e8fe703420ac02be991847525b35672c60

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

win11-20240802-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://voxiom.io

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3648 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 3908 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3648 wrote to memory of 1140 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://voxiom.io

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3ef73cb8,0x7fff3ef73cc8,0x7fff3ef73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4792 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,967531887756596422,118276160386860609,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1740 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 voxiom.io udp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 172.67.71.222:443 api.adinplay.com tcp
US 172.67.71.222:443 api.adinplay.com tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 btloader.com udp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 172.67.173.227:443 country.adinplay-venatus.workers.dev tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 104.22.74.216:443 btloader.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 104.18.22.145:443 cadmus.script.ac tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
GB 2.18.190.80:80 apps.identrust.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 34.95.69.49:443 i.clean.gg tcp
US 34.95.69.49:443 i.clean.gg udp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
FR 142.250.179.65:443 b803379ae92ad9978941f26f4f741315.safeframe.googlesyndication.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 onetag-sys.com udp
DE 3.124.64.248:443 tlx.3lift.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
US 104.18.34.178:443 mp.4dex.io tcp
GB 108.138.217.66:443 hb.yellowblue.io tcp
GB 108.138.217.66:443 hb.yellowblue.io tcp
DE 51.75.86.98:443 onetag-sys.com tcp
DE 51.75.86.98:443 onetag-sys.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 131.153.148.2:443 server.cpmstar.com tcp
US 131.153.148.2:443 server.cpmstar.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
GB 18.244.138.116:443 aax.amazon-adsystem.com tcp
GB 108.156.39.15:443 config.aps.amazon-adsystem.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 104.26.6.168:443 voxiom.io tcp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
US 34.194.76.96:443 api.gameanalytics.com tcp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
N/A 224.0.0.251:5353 udp
DE 51.75.86.98:443 onetag-sys.com udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 34.98.64.218:443 adinplay-d.openx.net tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
US 8.8.8.8:53 98.86.75.51.in-addr.arpa udp
US 8.8.8.8:53 21.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 190.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 116.138.244.18.in-addr.arpa udp
US 8.8.8.8:53 15.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 96.76.194.34.in-addr.arpa udp
US 8.8.8.8:53 2.148.153.131.in-addr.arpa udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:53 194.20.217.172.in-addr.arpa udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
NL 89.149.192.75:443 ssbsync-global.smartadserver.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 104.26.6.168:443 voxiom.io tcp
DK 37.157.2.233:443 cm.adform.net tcp
US 35.227.252.103:443 rtb.openx.net udp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 131.153.148.2:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.148.2:443 server.cpmstar.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
US 131.153.148.2:443 server.cpmstar.com tcp
DE 37.252.171.21:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.148.2:443 server.cpmstar.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
US 104.26.6.168:443 voxiom.io tcp
US 104.26.6.168:443 voxiom.io tcp
NL 128.199.36.37:443 game-server-d3zrp.voxiom.io tcp
US 216.239.32.36:443 region1.google-analytics.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 058032c530b52781582253cb245aa731
SHA1 7ca26280e1bfefe40e53e64345a0d795b5303fab
SHA256 1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e
SHA512 77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

\??\pipe\LOCAL\crashpad_3648_VAVGWWSVNWRHMYLN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8276eab0f8f0c0bb325b5b8c329f64f
SHA1 8ce681e4056936ca8ccd6f487e7cd7cccbae538b
SHA256 847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da
SHA512 42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 21df1d77140b1506680d62e2465bad9a
SHA1 fbbcf39dc63111a242f022efe2aaf67a90e6c532
SHA256 5787103dafb9d243a8bccf8f34da6887ed51b4926cb9a0dc63baf13bf95949e5
SHA512 020af893f3ef6c65471fae4e6d41be97d60c1eefc02807fd857cd8837c7949dce36a0eb94988dbead8f3a2e6a1df1a9d9909401fef39c68ee00a97d625908cb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 995ab8b5dd37ace73a6029466f271c94
SHA1 6f5d2ec5c223f419f26a43dff580473d7b076a74
SHA256 01cc026db78bc17799b7272411cb6cff7980c3ef9b397f8d2cb5733b466f3dbb
SHA512 560b9be70343b6f394b43c8d5531fb0fee3fa9cf82f0f0f3a6fc9af5ab02241cf563add12923b4d40a43bdd22db8420a82464d1023a9333b3fdcdd35ea819c5a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aae42cbd84f9e39d80c1c771d4452bf6
SHA1 9a3f23f226fb72959eba61eafeac6447b3d228cc
SHA256 d103d3ac8df918c926b148009fc9bb289370c9cd44c51d471a05334b110bd4c2
SHA512 9fc2508b2b6ea96311c2869b6d59b40a82f5c83d2da97a0b4898a33c5afe64eccfbf74ac92b47f9d564c448a963e66a43879d68bc7dae7050d26bf7c4eebdd71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c1a4bb09480d278d6aee6f585657b13f
SHA1 6a09ca88215423d056a9fff6bed4b4534e695cd3
SHA256 7090b077ca1212e273e6a7ae414a0a7f8eecc7b703db5f4dfd6d71bc58b5ec53
SHA512 2eb13d29b0df5048413dafcd885c6f98b479ecb2cc1cc6aa2d9d7b22bfd5e3bb781892cc5072eb628ac399b147b6c3b74581375ba0a19050ec01a4551914afca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d8033227629dc57b1db5172b67fddbf
SHA1 73f6796ab7fc373f97ebbbfd81a23840c0726315
SHA256 6511e2a1fa15055307b15c5f8748d89c0ffe58ceb79b58b915e1bbe5072d5be2
SHA512 9cd65bce65c8a21bd1248c2d941c5bd3dedb507ac76c13fea41e10082cf3ac653c255b9eb56bc39e763eab6c4535b2b71768e01ae91b5a5df88cb4e59b57425d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 65fa5d580272b90bc278bb41ebbea6d6
SHA1 8820c2db356d553f00c39d82c668985d0e7fa57c
SHA256 51943d1a9309cd2442588a3a1546c51e3ac7417fd8bf4c521edf4775f6ba97d7
SHA512 6ec4da7d285ba69500c8e2cad2a24570ccd8dce93d6a3288e84521ef2f2a7c4c28700f4de5d0d20a13d660efb1bc75f09fddcf588d3df236245b5123dc819a98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585242.TMP

MD5 48305949f63bcd1087e75a797d37e2d6
SHA1 d0af8f4269af108e7bce33cc7cc0754b7200a0af
SHA256 abc4d48116f73d95fe5e425349bc90fbdd5d443f0a1d92d9018d15499d614c20
SHA512 9d9554c103fb4dccbdba473f36d51273a6f6a76604eff2b2665802efc3315fbca13c28c5d30ad039b53889cffca2559944a8270e7d2003742cb96fa7deca6c25

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b68dcde90e650c975eefd80c31fddf1f
SHA1 7a44301516a18a96d91377524277afa8dc09d8de
SHA256 c1f21cef687d7f327ffc1f3dc13ec0a9d00a7c3ee04a8cbf401c9b656941a95a
SHA512 0b98b74d4c2d9bcba6f49806024c6b31e2219c04cc5266298d1cf2e6dc119356238b9fc2b4797a037e1b6c8d67b3c5d6f9ff171dc1ebb4b784f440cf5af6be8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f08ec39000a18e56ece74f894cf3e332
SHA1 3087b1db8c63953ec002fcfe76e8b12001e06abf
SHA256 da0f09525e15906dab79ca31725ca9e8cc245d4f5f51ba98d5a2bfce32cb41e1
SHA512 355bd9ca3e4341d78e33d8dcde93fc79dfaf97f6ddb104bc43dbe58d43711b15f357de79785d7827b76a388f243f598bf9a4411404336b0fdf231f1498befd17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a7b4a1c0a0e86ef8c4ed62019e5b3038
SHA1 8e491f2c9906395349c2e7b2543da615151e6705
SHA256 8548814af1a0c34bf3d82ab0d99b9dd789fc4263440ae21a2e3e53a325f367ff
SHA512 b86fd5e2eca7b31eadbb87de3b2db414b1d47d179a5bf619f861195a4c4d7e29de7f6c2f0d1491f8ef078940abb8efc24c698112b34d87e6d583aed9a1409b19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d6514f5c62740314e167d77732c5244e
SHA1 4b92396b1a4986c7dc7e2887866f8d0cd4d27d4d
SHA256 7cf13144f3463dc911105d0f4589ed7e8b6752784c7626f963c8af7f0a8bf230
SHA512 b77c480223f0e82958489093d2f6f402e6ee53fab892b2f86bff325bb3c324196fabce8cb7e1b47de5588c109ae21275054ed61e6505b6063b788a67e3de55ca

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:08

Platform

debian12-mipsel-20240221-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

[xdg-open https://voxiom.io]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-/usr/libex N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/lib/firefox/firefox N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/nautilus N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/usb/devices /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/class /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/glxtest N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/gnome-keyring-daemon N/A
File opened for reading /proc/1772/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/98 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1651/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1618/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/1629/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/1761/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/1410/attr/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1593/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/task/1588/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/104 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/119 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/95 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/1572/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/124 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/goa-daemon N/A
File opened for reading /proc/1776/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/115 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/122 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-goa-volume-monitor N/A
File opened for reading /proc/self/fd/12 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/121 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/filesystems /usr/libexec/goa-identity-service N/A
File opened for reading /proc/1796/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/116 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/85 /usr/lib/firefox/firefox N/A
File opened for reading /proc/meminfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1724/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/102 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1405/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/task/1690/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/113 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/55 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1530/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd /usr/libexec/gvfsd N/A
File opened for reading /proc/self/fd/118 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1/cgroup /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfsd-fuse N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/gnome-keyring-daemon N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/fd/81 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/105 /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-afc-volume-monitor N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A
File opened for modification /tmp/tmpaddon /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://voxiom.io]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://voxiom.io]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://voxiom.io]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/lib/firefox/glxtest

[/usr/lib/firefox/glxtest -f 13]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 21691 -prefMapSize 235269 -appDir /usr/lib/firefox/browser {b4037263-c211-4392-8708-f48d3f1293cd} 1528 true socket]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/libexec/gvfsd

[/usr/libexec/gvfsd]

/usr/libexec/gvfsd-fuse

[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]

/usr/libexec/dconf-service

[/usr/libexec/dconf-service]

/usr/bin/nautilus

[/usr/bin/nautilus --gapplication-service]

/usr/libexec/gvfsd-trash

[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20430 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {15665998-9177-417c-94d4-21c9f918ccf7} 1528 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26797 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {d545d7b6-04c7-4632-b005-095523908475} 1528 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 27256 -prefMapSize 235269 -appDir /usr/lib/firefox/browser {d161a17e-cf61-4187-ad07-601be7e33201} 1528 true utility]

/usr/bin/gnome-keyring-daemon

[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]

/usr/libexec/gvfs-udisks2-volume-monitor

[/usr/libexec/gvfs-udisks2-volume-monitor]

/usr/libexec/gvfs-afc-volume-monitor

[/usr/libexec/gvfs-afc-volume-monitor]

/usr/libexec/gvfs-mtp-volume-monitor

[/usr/libexec/gvfs-mtp-volume-monitor]

/usr/libexec/gvfs-gphoto2-volume-monitor

[/usr/libexec/gvfs-gphoto2-volume-monitor]

/usr/libexec/gvfs-goa-volume-monitor

[/usr/libexec/gvfs-goa-volume-monitor]

/usr/libexec/goa-daemon

[/usr/libexec/goa-daemon]

/usr/libexec/goa-identity-service

[/usr/libexec/goa-identity-service]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 matomo.voxiom.io udp
US 1.1.1.1:53 matomo.voxiom.io udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 1.1.1.1:53 api.adinplay.com udp
US 1.1.1.1:53 api.adinplay.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 172.67.71.222:443 api.adinplay.com tcp
US 172.67.71.222:443 api.adinplay.com tcp
US 1.1.1.1:53 cadmus.script.ac udp
US 1.1.1.1:53 cadmus.script.ac udp
US 104.18.22.145:443 cadmus.script.ac tcp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 104.26.6.168:443 matomo.voxiom.io tcp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 a19.dscg10.akamai.net udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp

Files

/tmp/tmpaddon

MD5 30082ae40dc48af6343db2fd22cfc645
SHA1 3eb577555ee638e8beb01173e8f29e172747a728
SHA256 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76
SHA512 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:08

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

129s

Command Line

[xdg-open https://voxiom.io]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/task/1595/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1608/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1621/stat /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://voxiom.io]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/grep

[grep -q ^file://]

/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/bin/sed

[sed s/:/ /g]

/bin/sed

[sed -e s|-|/|]

/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://voxiom.io]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://voxiom.io]

/bin/grep

[grep -q %s]

/usr/bin/x-www-browser

[x-www-browser https://voxiom.io]

/usr/bin/which

[which /usr/bin/x-www-browser]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://voxiom.io]

/bin/grep

[grep -q %s]

/usr/bin/firefox

[firefox https://voxiom.io]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://voxiom.io]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

1s

Max time network

155s

Command Line

[xdg-open https://voxiom.io]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself pool-spawner N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself dconf worker N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/security/apparmor/features/dbus /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/ipc /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/query /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/rlimit /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/network /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/policy /snap/bin/firefox N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/lib/snapd/snap-seccomp N/A
File opened for reading /sys/kernel/security/apparmor/features/ptrace /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/signal /snap/bin/firefox N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/caps /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/domain /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/file /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/namespaces /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/io_uring /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/mount /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/network_v8 /snap/bin/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/2921/cgroup /snap/bin/firefox N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/cmdline /snap/bin/firefox N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/seccomp/actions_avail /snap/bin/firefox N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/random/uuid /snap/bin/firefox N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/mountinfo /snap/bin/firefox N/A
File opened for reading /proc/cgroups /snap/bin/firefox N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/mounts /snap/bin/firefox N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A

Processes

/usr/bin/xdg-open

[xdg-open https://voxiom.io]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep -l x-scheme-handler/https; /.local/share/applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/https; /usr/local/share//applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/https; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]

/usr/bin/grep

[grep -q %s]

/usr/bin/x-www-browser

[x-www-browser https://voxiom.io]

/usr/bin/xdg-settings

[xdg-settings get default-web-browser]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep -l x-scheme-handler/http; /.local/share/applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/local/share//applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]

/usr/bin/gsettings

[gsettings get org.gnome.shell favorite-apps]

/usr/bin/grep

[grep -q 'firefox.desktop']

/usr/bin/gsettings

[gsettings get com.canonical.Unity.Launcher favorites]

/usr/bin/grep

[grep -q 'application://firefox.desktop']

/usr/bin/gsettings

[gsettings get org.mate.panel object-id-list]

/usr/bin/which

[which qdbus]

/snap/bin/firefox

[/snap/bin/firefox https://voxiom.io]

/usr/lib/snapd/snap-seccomp

[/usr/lib/snapd/snap-seccomp version-info]

/usr/lib/snapd/snap-confine

[/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://voxiom.io]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.18.190.74:80 r10.o.lencr.org tcp
GB 2.18.190.74:80 r10.o.lencr.org tcp
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
GB 143.204.72.186:443 www.mozilla.org tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.74:80 r11.o.lencr.org tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 matomo.voxiom.io udp
US 8.8.8.8:53 matomo.voxiom.io udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
GB 2.18.190.74:80 r11.o.lencr.org tcp
GB 2.18.190.68:80 r11.o.lencr.org tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 r11.o.lencr.org udp
US 1.1.1.1:53 r11.o.lencr.org udp
GB 92.123.143.185:80 r11.o.lencr.org tcp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 api.adinplay.com udp
US 1.1.1.1:53 api.adinplay.com udp
US 104.26.3.232:443 api.adinplay.com tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 img-getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 getpocket.com udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.cntraveller.com udp
US 8.8.8.8:53 www.independent.co.uk udp
US 8.8.8.8:53 www.independent.co.uk udp
US 8.8.8.8:53 www.theverge.com udp
US 8.8.8.8:53 www.theverge.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 www.cntraveller.com udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.18.190.74:80 r11.o.lencr.org tcp
GB 2.18.190.74:80 r11.o.lencr.org tcp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 cadmus.script.ac udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 btloader.com udp
US 104.18.23.145:443 cadmus.script.ac tcp
US 8.8.8.8:53 btloader.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 d1ykf07e75w7ss.cloudfront.net udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
US 104.22.74.216:443 btloader.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.globalsigncdn.com.cdn.cloudflare.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
FR 142.250.178.138:443 imasdk.googleapis.com udp
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 www.womenshealthmag.com udp
US 8.8.8.8:53 www.vanityfair.com udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 www.vanityfair.com udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 uk.hotels.com udp
US 8.8.8.8:53 uk.hotels.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 hearst-hdm.map.fastly.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 dmv2chczz9u6u.cloudfront.net udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 bbc.map.fastly.net udp
US 8.8.8.8:53 e11847.a.akamaiedge.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 a1887.dscq.akamai.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 1.1.1.1:53 n.sni.global.fastly.net udp
US 1.1.1.1:53 i.clean.gg udp
US 1.1.1.1:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 1.1.1.1:53 i.clean.gg udp
US 34.95.69.49:443 i.clean.gg tcp
US 1.1.1.1:53 ad-delivery.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 ad-delivery.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 1.1.1.1:53 o.pki.goog udp
US 1.1.1.1:53 pki-goog.l.google.com udp
US 1.1.1.1:53 config.aps.amazon-adsystem.com udp
US 1.1.1.1:53 config.aps.amazon-adsystem.com udp
US 1.1.1.1:53 www.okayplayer.com udp
US 1.1.1.1:53 www.okayplayer.com udp
US 1.1.1.1:53 www.technologyreview.com udp
US 1.1.1.1:53 n.sni.global.fastly.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.95.69.49:443 i.clean.gg udp
US 1.1.1.1:53 api.btloader.com udp
US 1.1.1.1:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 130.211.23.194:443 api.btloader.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 www.newstatesman.com udp
US 1.1.1.1:53 www.newstatesman.com udp
US 1.1.1.1:53 www.nytimes.com udp
US 1.1.1.1:53 nytimes.map.fastly.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com udp
US 1.1.1.1:53 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
GB 142.250.180.1:443 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com udp
US 1.1.1.1:53 www.thecut.com udp
US 1.1.1.1:53 www.thecut.com udp
US 1.1.1.1:53 gizmodo.com udp
US 1.1.1.1:53 gizmodo.com udp
US 1.1.1.1:53 vmtls-np.map.fastly.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
GB 108.156.39.27:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 www.technologyreview.com udp
US 8.8.8.8:53 www.okayplayer.com udp
US 8.8.8.8:53 n.sni.global.fastly.net udp
US 8.8.8.8:53 www.technologyreview.com udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 time.com udp
US 8.8.8.8:53 time.com udp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 www.theatlantic.com udp
US 8.8.8.8:53 www.standard.co.uk udp
US 8.8.8.8:53 www.standard.co.uk udp
US 8.8.8.8:53 na-eu.atlanticmedia.map.fastly.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 services.addons.mozilla.org udp
GB 18.245.162.3:443 services.addons.mozilla.org tcp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 8.8.8.8:53 versioncheck-bg.addons.mozilla.org udp
US 1.1.1.1:53 www.technologyreview.com udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org tcp
US 1.1.1.1:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 34.160.90.233:443 versioncheck-bg.addons.mozilla.org udp
US 1.1.1.1:53 addons.mozilla.org udp
US 1.1.1.1:53 addons.mozilla.org udp
GB 13.224.132.52:443 addons.mozilla.org tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 www.bbc.com udp
US 1.1.1.1:53 gtm-live.pri.bbc.co.uk udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 normandy-cdn.services.mozilla.com udp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 1.1.1.1:53 r11.o.lencr.org udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 1.1.1.1:53 www.newyorker.com udp
US 1.1.1.1:53 www.vox.com udp
US 1.1.1.1:53 n.sni.global.fastly.net udp
US 1.1.1.1:53 www.newyorker.com udp
US 1.1.1.1:53 www.wired.com udp
US 1.1.1.1:53 www.theguardian.com udp
US 1.1.1.1:53 www.wired.com udp
US 1.1.1.1:53 dualstack.guardian.map.fastly.net udp
US 8.8.8.8:53 www.technologyreview.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
US 8.8.8.8:53 safebrowsing.googleapis.com udp
FR 172.217.20.202:443 safebrowsing.googleapis.com tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 pki-goog.l.google.com udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 172.217.20.202:443 safebrowsing.googleapis.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.26.8.169:443 script.4dex.io tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 e6603.g.akamaiedge.net udp
US 8.8.8.8:53 eu-eb2.3lift.com udp
US 8.8.8.8:53 a1579.d.akamai.net udp
US 35.244.159.8:443 u.openx.net tcp
US 8.8.8.8:53 e8960.b.akamaiedge.net udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 76.223.111.18:443 eb2.3lift.com tcp
GB 92.123.142.195:443 acdn.adnxs.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
GB 143.204.67.183:80 ocsp.r2m02.amazontrust.com tcp
DE 51.89.9.254:443 onetag-sys.com udp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 104.26.8.169:443 script.4dex.io tcp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn-content.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
FR 216.58.214.163:80 o.pki.goog tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.161:443 cdn.ampproject.org udp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
FR 142.250.201.174:443 encrypted-tbn1.gstatic.com tcp
FR 142.250.75.238:443 encrypted-tbn3.gstatic.com tcp
FR 216.58.214.78:443 encrypted-tbn2.gstatic.com tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.75.238:443 encrypted-tbn3.gstatic.com udp
FR 216.58.214.78:443 encrypted-tbn2.gstatic.com udp
FR 142.250.201.174:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 1.1.1.1:53 ib.anycast.adnxs.com udp
NL 185.89.210.122:443 ib.adnxs.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
US 1.1.1.1:53 api.gameanalytics.com udp
US 1.1.1.1:53 cdn.indexww.com udp
US 1.1.1.1:53 cdn.indexww.com udp
US 1.1.1.1:53 cdn.indexww.com udp
US 104.18.38.76:443 cdn.indexww.com tcp
US 1.1.1.1:53 ep1.adtrafficquality.google udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 api.gameanalytics.com udp
US 8.8.8.8:53 api.gameanalytics.com udp
US 184.73.254.76:443 api.gameanalytics.com tcp
US 184.73.254.76:443 api.gameanalytics.com tcp
US 8.8.8.8:53 cdn.indexww.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
FR 172.217.20.162:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
FR 172.217.20.162:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 o.pki.goog udp
US 104.26.7.168:443 voxiom.io tcp
FR 172.217.20.162:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 o.pki.goog udp
US 1.1.1.1:53 o.pki.goog udp
US 1.1.1.1:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 ep2.adtrafficquality.google udp
FR 142.250.179.97:443 ep2.adtrafficquality.google udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 1.1.1.1:53 hbopenbid.pubmatic.com udp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
US 1.1.1.1:53 server.cpmstar.com udp
US 1.1.1.1:53 mp.4dex.io udp
US 1.1.1.1:53 elb.the-ozone-project.com udp
US 1.1.1.1:53 elb.the-ozone-project.com udp
US 1.1.1.1:53 rtb.openx.net udp
US 1.1.1.1:53 targeting.unrulymedia.com udp
US 1.1.1.1:53 targeting.unrulymedia.com udp
US 1.1.1.1:53 hb.yellowblue.io udp
US 1.1.1.1:53 hb.yellowblue.io udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 tag.1rx.io udp
NL 185.89.210.122:443 ib.adnxs.com tcp
US 1.1.1.1:53 eu-tlx.3lift.com udp
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 hbopenbid-ams.pubmnet.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 server.cpmstar.com udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 tagged-by.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 targeting.unrulymedia.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 server.cpmstar.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 elb.the-ozone-project.com udp
US 8.8.8.8:53 tag.1rx.io udp
US 8.8.8.8:53 eu-tlx.3lift.com udp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 tagged-by.rubiconproject.net.akadns.net udp
US 1.1.1.1:53 rtb.openx.net udp
US 1.1.1.1:53 targeting.unrulymedia.com udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 mp.4dex.io udp
US 1.1.1.1:53 rtb.openx.net udp
US 1.1.1.1:53 tag.1rx.io udp
US 1.1.1.1:53 eu-tlx.3lift.com udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 ocsp.comodoca.com.cdn.cloudflare.net udp
US 1.1.1.1:53 tlx.3lift.com udp
US 1.1.1.1:53 eu-tlx.3lift.com udp
US 1.1.1.1:53 ocsp.comodoca.com.cdn.cloudflare.net udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 ocsp.comodoca.com.cdn.cloudflare.net udp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.34.190:443 elb.the-ozone-project.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 131.153.148.4:443 server.cpmstar.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 185.89.210.122:443 ib.adnxs.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
GB 108.138.217.66:443 hb.yellowblue.io tcp
US 8.8.8.8:53 fp2e7a.wpc.phicdn.net udp
US 104.18.34.178:443 mp.4dex.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.227.252.103:443 rtb.openx.net udp
GB 108.138.217.66:443 hb.yellowblue.io tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
US 131.153.148.4:443 server.cpmstar.com tcp
US 131.153.148.4:443 server.cpmstar.com tcp
US 104.18.36.155:443 htlb.casalemedia.com udp
US 8.8.8.8:53 ocsp.godaddy.com.akadns.net udp
US 8.8.8.8:53 ocsp.godaddy.com.akadns.net udp
US 8.8.8.8:53 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com udp
GB 142.250.180.1:443 59615fe900be68a0ee75ff06e653cd12.safeframe.googlesyndication.com udp
US 8.8.8.8:53 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 pki-goog.l.google.com udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
FR 142.250.201.174:443 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
FR 142.250.75.238:443 encrypted-tbn3.gstatic.com udp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com tcp
FR 216.58.214.174:443 encrypted-tbn0.gstatic.com udp
US 1.1.1.1:53 ocsp.godaddy.com.akadns.net udp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 104.26.7.168:443 voxiom.io tcp
US 1.1.1.1:53 voxiom.io udp
US 1.1.1.1:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 voxiom.io udp
US 8.8.8.8:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 104.26.7.168:443 voxiom.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 131.153.148.4:443 server.cpmstar.com tcp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ib.anycast.adnxs.com udp
DE 37.252.171.21:443 ib.adnxs.com tcp
US 35.227.252.103:443 rtb.openx.net udp
DE 51.89.9.254:443 onetag-sys.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 d1jvc9b8z3vcjs.cloudfront.net udp
US 35.227.252.103:443 rtb.openx.net tcp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 8.8.8.8:53 prod.tahoe-analytics.publishers.advertising.a2z.com udp
US 52.38.156.127:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 52.38.156.127:443 prod.tahoe-analytics.publishers.advertising.a2z.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

win10-20240404-en

Max time kernel

149s

Max time network

149s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://voxiom.io"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\voxiom.io\ = "35" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3cc40d887af6da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\voxiom.io\Total = "35" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4536ed967af6da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0baee3967af6da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f22e2e827af6da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f1f559887af6da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\voxiom.io\Total = "22" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "431305872" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "35" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "2300" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 204 wrote to memory of 2268 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://voxiom.io"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 172.67.71.133:443 voxiom.io tcp
US 8.8.8.8:53 133.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.163:80 c.pki.goog tcp
US 8.8.8.8:53 matomo.voxiom.io udp
US 104.26.6.168:443 matomo.voxiom.io tcp
US 104.26.6.168:443 matomo.voxiom.io tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 163.214.58.216.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.163:80 o.pki.goog tcp
FR 216.58.214.163:80 o.pki.goog tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 200.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 168.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 178.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.101.143.202:443 www.bing.com tcp
GB 95.101.143.202:443 www.bing.com tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 202.143.101.95.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp

Files

memory/4692-16-0x000001EC0BE20000-0x000001EC0BE30000-memory.dmp

memory/4692-0-0x000001EC0BD20000-0x000001EC0BD30000-memory.dmp

memory/4692-35-0x000001EC0FFF0000-0x000001EC0FFF2000-memory.dmp

memory/2216-45-0x0000024254710000-0x0000024254810000-memory.dmp

memory/2268-73-0x000002702F320000-0x000002702F322000-memory.dmp

memory/2268-71-0x000002702F300000-0x000002702F302000-memory.dmp

memory/2268-69-0x000002702F140000-0x000002702F142000-memory.dmp

memory/2268-67-0x000002702F120000-0x000002702F122000-memory.dmp

memory/2268-81-0x000002702EC00000-0x000002702ED00000-memory.dmp

memory/2268-90-0x0000027030080000-0x00000270300A0000-memory.dmp

memory/2268-100-0x0000027030870000-0x0000027030890000-memory.dmp

memory/2268-101-0x0000027030950000-0x0000027030970000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\D0CGDS5X\voxiom[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/2268-168-0x000002702FA60000-0x000002702FA80000-memory.dmp

memory/2268-206-0x0000027030470000-0x0000027030472000-memory.dmp

memory/2268-220-0x0000027030DF0000-0x0000027030DF2000-memory.dmp

memory/2268-218-0x0000027030DE0000-0x0000027030DE2000-memory.dmp

memory/2268-216-0x0000027030DC0000-0x0000027030DC2000-memory.dmp

memory/2268-214-0x0000027030DA0000-0x0000027030DA2000-memory.dmp

memory/2268-212-0x0000027030940000-0x0000027030942000-memory.dmp

memory/2268-210-0x0000027030920000-0x0000027030922000-memory.dmp

memory/2268-208-0x0000027030530000-0x0000027030532000-memory.dmp

memory/2268-224-0x0000027031980000-0x0000027031982000-memory.dmp

memory/2268-222-0x0000027031970000-0x0000027031972000-memory.dmp

memory/2268-250-0x0000027031BF0000-0x0000027031CF0000-memory.dmp

memory/2268-264-0x0000027031DF0000-0x0000027031DF2000-memory.dmp

memory/2268-268-0x0000027032230000-0x0000027032232000-memory.dmp

memory/2268-270-0x0000027032240000-0x0000027032242000-memory.dmp

memory/2268-266-0x0000027032220000-0x0000027032222000-memory.dmp

memory/2268-311-0x000002701E2F0000-0x000002701E300000-memory.dmp

memory/2268-316-0x000002701E2F0000-0x000002701E300000-memory.dmp

memory/2268-317-0x000002701E2F0000-0x000002701E300000-memory.dmp

memory/2268-322-0x000002701E2F0000-0x000002701E300000-memory.dmp

memory/2268-321-0x000002701E2F0000-0x000002701E300000-memory.dmp

memory/2268-320-0x000002701E2F0000-0x000002701E300000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VR9TF073\0048a147801f815194c5[1].png

MD5 bb48b87176e04a277733372fecd69bc4
SHA1 9d65d432eb2487f76f2339fbdbe0c28f750d67ba
SHA256 aff3a66cd65c640d87b3f8f8d3587f6fa2d958b9b7c157bd1e83c14ec6d7fea5
SHA512 9720b4d2680bc31bcb18319fddf00669d6ddf7677759b6d037526c2f13f1bb09318b1527a3cc70dc29d27a62d8f6127501b8ac8c1181a56991871757d27821c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\XCFODRP5\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\N6VO1GIU\socket[7].txt

MD5 1679091c5a880faf6fb5e6087eb1b2dc
SHA1 c1dfd96eea8cc2b62785275bca38ac261256e278
SHA256 e7f6c011776e8db7cd330b54174fd76f7d0216b612387a5ffcfb81e6f0919683
SHA512 3c9ad55147a7144f6067327c3b82ea70e7c5426add9ceea4d07dc2902239bf9e049b88625eb65d014a7718f79354608cab0921782c643f0208983fffa3582e40

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VE4Q3JXI\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:11

Platform

android-33-x64-arm64-20240624-en

Max time kernel

179s

Max time network

188s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
GB 142.250.187.228:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.187.228:443 tcp
N/A 224.0.0.251:5353 udp
US 162.159.61.3:443 tcp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 voxiom.io udp
US 172.67.71.133:443 voxiom.io tcp
US 1.1.1.1:53 remoteprovisioning.googleapis.com udp
GB 216.58.212.202:443 remoteprovisioning.googleapis.com tcp
US 1.1.1.1:53 gmscompliance-pa.googleapis.com udp
US 172.67.71.133:443 voxiom.io tcp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 matomo.voxiom.io udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.133.84:443 accounts.google.com tcp
US 1.1.1.1:53 www.google.com udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 1.1.1.1:53 api.adinplay.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 1.1.1.1:53 chrome.cloudflare-dns.com udp
US 172.67.71.222:443 api.adinplay.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com tcp
GB 216.58.212.228:443 www.google.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 35.190.80.1:443 udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.238:443 udp
GB 172.217.16.227:443 update.googleapis.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
US 104.18.187.31:443 cdn.jsdelivr.net tcp
US 104.21.30.224:443 country.adinplay-venatus.workers.dev tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
US 104.22.74.216:443 btloader.com tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 tcp
GB 142.250.179.226:443 udp
GB 13.224.223.9:443 tcp
GB 108.156.39.35:443 config.aps.amazon-adsystem.com tcp
GB 142.250.179.226:443 udp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
US 130.211.23.194:443 api.btloader.com tcp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
US 34.95.69.49:443 i.clean.gg tcp
US 130.211.23.194:443 udp
US 34.95.69.49:443 udp
GB 216.58.204.65:443 964494e372c1d5fcfec9bdfde6708975.safeframe.googlesyndication.com tcp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
GB 216.58.201.97:443 tcp
GB 216.58.201.97:443 ep2.adtrafficquality.google tcp
US 1.1.1.1:53 rcs-acs-tmo-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmo-us.jibe.google.com tcp
US 104.26.9.169:443 script.4dex.io tcp
DE 51.89.9.252:443 onetag-sys.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 131.153.151.116:443 server.cpmstar.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
GB 108.138.217.110:443 hb.yellowblue.io tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
DE 51.89.9.252:443 tcp
US 172.64.153.78:443 tcp
US 35.227.252.103:443 tcp
DE 3.124.64.248:443 tcp
GB 185.64.190.77:443 tcp
DE 37.252.173.215:443 tcp
US 172.64.151.101:443 tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 172.64.153.66:443 tcp
GB 108.138.217.110:443 tcp
US 131.153.151.116:443 server.cpmstar.com tcp
NL 46.228.174.115:443 tcp
NL 46.228.174.115:443 tcp
NL 69.173.156.139:443 tcp
GB 18.172.154.232:443 tcp
US 104.26.9.169:443 script.4dex.io tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
DE 51.89.9.252:443 udp
GB 104.115.32.236:443 ads.pubmatic.com tcp
US 151.101.65.108:443 acdn.adnxs.com tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
GB 104.115.33.62:443 eus.rubiconproject.com tcp
US 35.244.159.8:443 adinplay-d.openx.net tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
DK 37.157.2.230:443 cm.adform.net tcp
US 13.107.246.64:443 adsdk.microsoft.com tcp
US 151.101.1.108:443 cdn.adnxs.com tcp
US 151.101.1.108:443 acdn.adnxs-simple.com tcp
US 44.214.3.107:443 api.gameanalytics.com tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 172.64.151.101:443 udp
US 151.101.129.108:443 cdn.adnxs-simple.com tcp
GB 104.86.110.91:443 www.bing.com tcp
GB 104.86.110.91:443 tcp
GB 104.86.110.91:443 tcp
GB 104.86.110.91:443 tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.34:443 tcp
GB 142.250.200.34:443 tcp
IE 54.75.251.201:443 sync.crwdcntrl.net tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 52.223.40.198:443 tcp
IE 52.50.71.3:443 pr-bh.ybp.yahoo.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 104.22.50.98:443 mwzeom.zeotap.com tcp
IE 52.94.222.140:443 aax-eu.amazon-adsystem.com tcp
GB 104.86.110.91:443 udp
US 104.17.73.14:443 ajax.cloudflare.com tcp
US 52.46.130.91:443 s.amazon-adsystem.com tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 54.81.63.23:443 i.liadm.com tcp
US 35.186.193.173:443 cm.ctnsnet.com tcp
IE 52.19.197.135:443 d.adroll.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
GB 142.250.200.34:443 udp
US 34.111.129.221:443 udp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
GB 185.64.191.210:443 tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 216.58.212.225:443 udp
GB 142.250.187.228:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
FR 54.38.113.4:443 tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 91.228.74.244:443 cms.quantserve.com tcp
NL 64.158.223.137:443 pubmatic-match.dotomi.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
US 54.197.234.7:443 sync.srv.stackadapt.com tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
FR 54.38.113.4:443 pixel.onaudience.com tcp
US 34.36.216.150:443 udp
DE 54.93.104.240:443 sonata-notifications.taptapnetworks.com tcp
FR 178.32.197.53:443 ssbsync-global.smartadserver.com tcp
NL 35.214.149.91:443 tcp
US 35.227.252.103:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
NL 193.0.160.131:443 p.rfihub.com tcp
IE 52.30.143.126:443 match.prod.bidr.io tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 188.166.17.21:443 match.adsby.bidtheatre.com tcp
US 34.102.163.6:443 tcp
US 34.1.230.181:443 csync.loopme.me tcp
SE 13.50.192.155:443 d5p.de17a.com tcp
US 34.102.163.6:443 tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 34.102.163.6:443 tcp
US 34.102.163.6:443 tcp
NL 89.149.192.200:443 rtb-csync.smartadserver.com tcp
NL 89.149.192.200:443 tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
SG 35.186.154.107:443 tcp
FR 141.95.171.139:443 green.erne.co tcp
US 104.18.37.193:443 a.tribalfusion.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
DE 23.88.86.2:443 tcp
SG 35.186.154.107:443 tcp
DE 23.88.86.2:443 tcp
FR 54.38.113.4:443 pixel-eu.onaudience.com tcp
NL 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
GB 142.250.187.228:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 131.153.151.116:443 server.cpmstar.com tcp
US 131.153.151.116:443 server.cpmstar.com tcp
GB 216.58.204.67:443 tcp
GB 216.58.204.65:443 udp
GB 142.250.200.14:443 mts0.google.com tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.64.41.3:443 chrome.cloudflare-dns.com udp
US 172.67.71.133:443 matomo.voxiom.io tcp
GB 216.58.204.68:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
DE 37.252.173.215:443 fra1-ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.46:443 ib.adnxs.com tcp
US 131.153.151.116:443 tcp
NL 185.89.210.46:443 tcp
GB 216.58.212.225:443 udp
GB 142.250.180.1:443 tcp
GB 142.250.180.1:443 cdn.ampproject.org tcp
GB 142.250.180.1:443 tcp
GB 142.250.180.1:443 tcp
GB 142.250.180.1:443 tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 35.190.80.1:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.64.151.101:443 udp
US 131.153.151.116:443 tcp
US 35.227.252.103:443 udp
US 1.1.1.1:53 fastlane.rubiconproject.com udp
NL 185.89.210.46:443 tcp
NL 46.228.174.115:443 tcp
DE 51.89.9.252:443 tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 131.153.151.116:443 tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
NL 46.228.174.115:443 tcp
DE 51.89.9.252:443 onetag-sys.com tcp
NL 185.89.210.46:443 tcp
NL 46.228.174.115:443 tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.153:443 ams3-ib.adnxs.com tcp
GB 216.58.204.65:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
GB 216.58.204.68:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 46.228.174.115:443 tcp
US 131.153.151.116:443 tcp
NL 185.89.210.46:443 tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 131.153.151.116:443 tcp
NL 46.228.174.115:443 tcp
NL 185.89.210.46:443 tcp
NL 185.89.210.46:443 tcp
NL 46.228.174.115:443 tcp
GB 216.58.204.65:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 35.190.80.1:443 udp
US 172.67.71.133:443 matomo.voxiom.io tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.227.252.103:443 udp
NL 185.89.210.46:443 tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 162.159.61.3:443 chrome.cloudflare-dns.com udp
NL 46.228.174.115:443 tcp
US 131.153.151.116:443 tcp
US 172.64.151.101:443 udp
NL 46.228.174.115:443 tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 131.153.151.116:443 tcp
NL 185.89.210.46:443 tcp
DE 51.89.9.252:443 tcp
US 131.153.151.116:443 tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.46:443 tcp
DE 51.89.9.252:443 tcp
GB 142.250.178.2:443 udp
DE 37.252.171.53:443 tcp
GB 2.18.66.48:443 udp
DE 37.252.171.53:443 tcp
GB 2.18.66.48:443 tcp
DE 37.252.171.53:443 tcp
GB 216.58.204.65:443 udp
NL 185.89.210.46:443 tcp
DE 37.252.171.53:443 tcp
US 172.67.71.133:443 matomo.voxiom.io tcp
DE 37.252.171.53:443 tcp
NL 185.89.210.46:443 tcp

Files

files/dom-0.html

MD5 6727426beb4718b2306c7a68aeb315cf
SHA1 fe8473191b5ab38bdab83eb4ccc15e4c7f7b1a06
SHA256 dff1120b48e6c4644fd2d4a18928d73bc152507a91c58282b92fda15fd41a584
SHA512 d9f4a654e435b1bed7389717f602697165c15c922f5e8fdfb4592ebe192135a8c93d8ccdfea46876685154fbca918cdb81a46b7619ced784ee18483fd00f4c03

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:10

Platform

macos-20240711.1-en

Max time kernel

148s

Max time network

152s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A
N/A /System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://voxiom.io]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://voxiom.io]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=20]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=292043949 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=62]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=292083916 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=62]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher

[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=295961120 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=296327615 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=75]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=296944583 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=78]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=297133570 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=78]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=92]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=76]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=105]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=109]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[GoogleUpdater --server --service=update --system]

/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater

[/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/128.0.6537.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6537.0 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=110]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=312592076 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=323431947 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=123]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ReportMemoryException]

/usr/libexec/ReportMemoryException

[/usr/libexec/ReportMemoryException]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=23 --launch-time-ticks=351987703 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=24 --launch-time-ticks=352329461 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=25 --launch-time-ticks=352649980 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=26 --launch-time-ticks=353054187 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=27 --launch-time-ticks=353580028 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=28 --launch-time-ticks=353628505 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=29 --launch-time-ticks=354104326 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=30 --launch-time-ticks=355763843 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=32 --launch-time-ticks=357135191 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=33 --launch-time-ticks=357511147 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=34 --launch-time-ticks=359863717 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=35 --launch-time-ticks=360437276 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=36 --launch-time-ticks=360766921 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=37 --launch-time-ticks=361206471 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=38 --launch-time-ticks=362018295 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=39 --launch-time-ticks=362913731 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=40 --launch-time-ticks=363783623 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=41 --launch-time-ticks=366005650 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/usr/libexec/xpcproxy

[xpcproxy com.apple.speech.speechsynthesisd]

/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd

[/System/Library/Frameworks/ApplicationServices.framework/Frameworks/SpeechSynthesis.framework/Resources/com.apple.speech.speechsynthesisd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=117]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=46 --launch-time-ticks=388198370 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=47 --launch-time-ticks=388537743 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=48 --launch-time-ticks=388619851 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=49 --launch-time-ticks=388767179 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=50 --launch-time-ticks=389312297 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=51 --launch-time-ticks=389356992 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=52 --launch-time-ticks=389377016 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=53 --launch-time-ticks=390229814 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=54 --launch-time-ticks=393080685 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=55 --launch-time-ticks=393505950 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=56 --launch-time-ticks=393987384 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=57 --launch-time-ticks=394519866 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=58 --launch-time-ticks=395102445 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mobile.keybagd]

/usr/libexec/keybagd

[/usr/libexec/keybagd -t 15]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=59 --launch-time-ticks=395768069 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=118]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=115]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ViewBridgeAuxiliary]

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary

[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,3848927539757666844,2011787464672497665,131072 --seatbelt-client=120]

/usr/libexec/xpcproxy

[xpcproxy com.apple.ViewBridgeAuxiliary]

/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary

[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.mobileassetd]

/usr/libexec/mobileassetd

[/usr/libexec/mobileassetd]

Network

Country Destination Domain Proto
GB 17.250.81.69:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 voxiom.io udp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 clients2.google.com udp
FR 172.217.18.206:443 clients2.google.com tcp
FR 172.217.18.206:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
FR 172.217.20.170:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
FR 172.217.20.170:443 optimizationguide-pa.googleapis.com tcp
IE 74.125.193.84:443 accounts.google.com tcp
US 104.26.7.168:443 voxiom.io tcp
US 172.67.71.222:443 tcp
US 172.67.71.222:443 api.adinplay.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.18.22.145:443 cadmus.script.ac tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
NL 93.119.15.97:443 stats.adinplay.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 172.67.41.60:443 btloader.com tcp
US 172.67.173.227:443 country.adinplay-venatus.workers.dev tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
FR 142.250.178.138:443 imasdk.googleapis.com tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 108.156.39.15:443 config.aps.amazon-adsystem.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
US 34.95.69.49:443 i.clean.gg tcp
US 130.211.23.194:443 api.btloader.com tcp
FR 142.250.179.65:443 26dff730c6806cfce92f4749ae316cd4.safeframe.googlesyndication.com tcp
FR 172.217.20.162:443 ep1.adtrafficquality.google tcp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 cds.apple.com udp
GB 2.22.128.162:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 95.100.245.89:443 help.apple.com tcp
US 172.67.75.241:443 script.4dex.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 172.64.151.101:443 htlb.casalemedia.com tcp
US 104.18.34.178:443 mp.4dex.io tcp
GB 108.138.217.61:443 hb.yellowblue.io tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
US 35.186.253.211:443 rtb.openx.net tcp
DE 51.89.9.253:443 onetag-sys.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.64.153.66:443 elb.the-ozone-project.com tcp
US 131.153.148.26:443 server.cpmstar.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 tcp
GB 18.245.189.34:443 aax.amazon-adsystem.com tcp
NL 185.89.210.153:443 tcp
US 131.153.148.26:443 tcp
US 172.64.153.66:443 tcp
DE 3.124.64.248:443 tcp
DE 51.89.9.253:443 tcp
NL 185.64.189.112:443 tcp
GB 18.245.189.34:443 tcp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
US 172.67.75.241:443 script.4dex.io tcp
NL 46.228.174.115:443 tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 46.228.174.115:443 tcp
DE 51.89.9.253:443 udp
US 104.18.38.76:443 js-sec.indexww.com tcp
US 13.248.245.213:443 eb2.3lift.com tcp
US 13.248.245.213:443 tcp
US 151.101.193.108:443 acdn.adnxs.com tcp
US 35.244.159.8:443 adinplay-d.openx.net tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
US 8.8.8.8:443 dns.google udp
FR 142.250.179.68:443 www.google.com tcp
US 104.18.36.155:443 udp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 209.54.182.161:443 s.amazon-adsystem.com tcp
US 54.81.63.23:443 i.liadm.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DK 37.157.6.231:443 c1.adform.net tcp
FR 142.250.178.130:443 cm.g.doubleclick.net tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
IE 67.220.226.234:443 tcp
FR 142.250.178.130:443 tcp
FR 142.250.178.130:443 tcp
FR 142.250.178.130:443 tcp
DK 37.157.6.231:443 tcp
NL 178.250.1.9:443 tcp
IE 67.220.226.234:443 aax-eu.amazon-adsystem.com tcp
US 3.33.220.150:443 match.adsrvr.org tcp
IE 63.34.52.172:443 pr-bh.ybp.yahoo.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
NL 35.204.74.118:443 um.simpli.fi tcp
IE 52.51.104.112:443 sync.crwdcntrl.net tcp
US 172.67.40.173:443 mwzeom.zeotap.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
FR 142.250.178.130:443 tcp
GB 185.64.191.210:443 image2.pubmatic.com tcp
GB 185.64.191.210:443 tcp
FR 142.250.179.67:443 tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
FR 142.250.179.67:443 update.googleapis.com tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
NL 82.145.213.8:443 t.adx.opera.com tcp
NL 82.145.213.8:443 tcp
DE 80.82.210.217:443 dsp-cookie.adfarm1.adition.com tcp
FR 51.255.68.171:443 dsp.nrich.ai tcp
US 52.6.202.249:443 tcp
US 52.6.202.249:443 sync.srv.stackadapt.com tcp
DK 77.243.51.122:443 tcp
CA 148.113.153.94:443 pixel.onaudience.com tcp
DK 77.243.51.122:443 uipglob.semasio.net tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 63.215.202.172:443 pubmatic-match.dotomi.com tcp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 tcp
FR 216.58.214.161:443 tcp
FR 216.58.214.161:443 tcp
FR 216.58.214.161:443 tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
NL 188.42.63.48:443 dsp-ap.eskimi.com tcp
US 34.193.160.81:443 api.gameanalytics.com tcp
US 104.26.7.168:443 voxiom.io tcp
US 104.26.7.168:443 voxiom.io tcp
US 8.8.8.8:53 e11408.d.akamaiedge.net udp
GB 95.100.245.89:443 e11408.d.akamaiedge.net tcp
GB 95.100.245.89:443 e11408.d.akamaiedge.net tcp
NL 185.89.210.153:443 tcp
US 131.153.148.26:443 server.cpmstar.com tcp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.153:443 ib.adnxs.com tcp
US 131.153.148.26:443 server.cpmstar.com tcp
US 104.26.7.168:443 voxiom.io tcp
FR 216.58.215.35:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 game-server-d3zrp.voxiom.io udp
NL 46.228.174.115:443 targeting.unrulymedia.com tcp
US 8.8.8.8:53 game-server-d3zrp.voxiom.io udp
NL 128.199.36.37:443 game-server-d3zrp.voxiom.io tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
IE 52.208.228.214:443 match.prod.bidr.io tcp
US 34.102.163.6:443 tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
NL 193.0.160.130:443 tcp
US 34.102.163.6:443 tcp
NL 46.228.164.11:443 ad.turn.com tcp
NL 134.122.57.34:443 match.adsby.bidtheatre.com tcp
SE 13.50.192.155:443 d5p.de17a.com tcp
US 34.1.230.181:443 tcp
SI 195.5.165.20:443 tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
SG 35.186.154.107:443 tcp
SG 35.186.154.107:443 tcp
FR 141.94.161.158:443 tcp
FR 141.94.161.158:443 green.erne.co tcp
US 104.18.37.193:443 a.tribalfusion.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 46.228.174.117:443 tcp
NL 81.17.55.117:443 rtb-csync.smartadserver.com tcp
NL 81.17.55.117:443 tcp
DE 162.55.120.196:443 matching.truffle.bid tcp
DE 162.55.120.196:443 tcp
FR 142.250.179.68:443 www.google.com tcp

Files

/tmp/com.google.Keystone/.keystone_system_install_lock

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/Users/run/Library/Keychains/login.keychain-db

MD5 5db8c33da44fbfea36aa50d598dd72d1
SHA1 aa32ebb8aa0789bdeae8ee9894ba6af1c6bb1235
SHA256 f43c1b52a2591f095d780e41e2589482856b62a372e766e03745a0c533998580
SHA512 8a315f211f9fc5707d57c1d8ec2aec11df2239d5b6a209f1df26abf58e9708d000942aaf540610fa37803b392db678a57e7a5b44351f0371d9b93eff9b50f5ea

/Users/run/Library/Keychains/login.keychain-db

MD5 02d81932348fe5e78a113afbd4ab4cb3
SHA1 85706d2aa6d18105f7ffa3fa7bccd7b374eb6df5
SHA256 001692f83f7445f93d7d449171b9808249b782dab662c2fdbaada7a921980894
SHA512 6769a4f9e9cf15a3719fa415866d54dbd015a5a55a81f7c281e92400525735fee04610379ab294cf20ea6e6096f7c3b899642fd7cee81943d10be4e0146f3c23

/Users/run/Library/Keychains/login.keychain-db

MD5 a414e14d4e50642d8a340eeed632303a
SHA1 4608cacec8f27f9062cbad6bf277ae16d8fb4d5a
SHA256 b162bbd2837eb4cf271389ad40541cde3f21f758fe64dea8012e301770e0f076
SHA512 3245ae2c62a73607250c567fc5e7c6bbbf5d8c43e3936aadb7db6c6fc3f71d49b95befa8cdfc3482e661ac832c668219018e1db822dc9394c64eed1fda4c74ea

/Users/run/Library/Keychains/login.keychain-db

MD5 ed6d35b78fdacbd9bbdd795a918c8de5
SHA1 9a65e69497ab8c27505f462aabd3cd188028fe67
SHA256 a12b04520539922d7f85b446722ef20280bce08683e8f96c5f1ac9ce4b868792
SHA512 add92f86a7e64b9d00d07dcfd4cb0d622ce1a916be8448d7863f57e319973ed90ac7948cb4c7abfc5172a0110b23a706c9cee73653b6cdf9a690f6202cf7ca71

/Users/run/Library/Keychains/login.keychain-db

MD5 68549a63b3716436d18d7e8160598abf
SHA1 587773ffffe8d56beb3456d49e128a764fd7bced
SHA256 d33cd53d493f72afdd891b11940e3bcc79559ded105c22d2b29c1541d55983cf
SHA512 4c7501f32667c7aef9aeee27e92a2965d599e66049eafde2254846b60ae147259a00d039a4f815ff39220a9f0b35bc138c32a4bbdc2ea48513fe08973f9ff621

/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 c6db1caaee0095f017c09113d53ed054
SHA1 cc37e2b3948325a0eeb51080f45b17ebf52a7035
SHA256 ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476
SHA512 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

/Users/run/Library/Keychains/login.keychain-db

MD5 7ce5060b67e4d7c0cce146cf00dc69d9
SHA1 9514469453b53da452ba98ba51af03ba855eb3ea
SHA256 aca908baf846cba3388409e04f891b850bfdd08fc37f6e13592a7bb5d66654f2
SHA512 4e8165d0986b914e2091d63b9c01e67e7c5f4e945199ee12145e8cd5fe2330f4e8ead093bb75ae616fdfdbe8354f7fedbf46b323f3cda25715c0a6485f60dc37

/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 5c4e7ade5753ab7de2c42c04111fa42e
SHA1 fb577b8c07d9617f507a3f2950df0a6dcfebe4e2
SHA256 d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82
SHA512 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 38fc535a8f11d7e955ef58cc63158eff
SHA1 c45ad3ee106dbfb65dce7c09b53140f34454cd0e
SHA256 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8
SHA512 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.RT9G4K

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

MD5 17a2dc5826aeb539547f00f52eccccd5
SHA1 fd36ad6db84312792cffac0267f6329b21727d66
SHA256 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151
SHA512 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

MD5 ea517aa120c972c602673d331dfa35bc
SHA1 7ff539eec544cf306b80137bc182fb544e58aad5
SHA256 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da
SHA512 e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirqrfIPl/CRX_INSTALL/images/icon_128.png

MD5 30899b6c4e4a757b8ec6dd2208acdfb4
SHA1 f2c5880a724c6d75cce1b5191e0d82c3bc7de768
SHA256 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4
SHA512 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirqrfIPl/CRX_INSTALL/images/icon_16.png

MD5 344554d96e418120bd80ef5de5194697
SHA1 23e141c3a6ce368acc1c299f062ab85914bcb17e
SHA256 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378
SHA512 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js

MD5 6eebed29e6a6301e92a9b8b347807f5f
SHA1 65dfb69b650560551110b33dcba50b25e5b876de
SHA256 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697
SHA512 fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/caafe25e-2595-4b41-b829-36b78051fcbf

MD5 5adf364735dcbe6bf26ebe3f705c9dbc
SHA1 a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46
SHA256 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340
SHA512 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0

/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/ef173a61-af1f-4d9b-a908-c9d6dcf903a6/model.tflite

MD5 6d7c2f9e94664539dec99b3233301b01
SHA1 85812b004742cc1c211c92911131ce270f8ba769
SHA256 a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534
SHA512 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.g98LuL/efniojlnjndmcbiieegkicadnoecjjef_1054_all_acwv5cki5hrz6m7phk5bmunngctq.crx3

MD5 3724d2580d4ee48db4ca27b009734565
SHA1 3b7109787fd6172808046beb3321e47d91f97dae
SHA256 79d15e0ead1afd0d88fa0740ab00ec9fb0fb97e119833c093a2161ea175b5693
SHA512 e1e4c2f15b001f6b0e454e63d34340b05bb52e0e02c18ed6ed7548c729f5e75a2dc472610542a8cd2e221dcf98d7a536bd374fb10170f846340c7ba1ef2164d6

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.St0JJs/hfnkpimlhhgieaddgfemjhofmfblmnib_9062_all_acyptczzyy2iikvwd7emewbcnh7a.crx3

MD5 6b50bb186cf609747f5f29e7435d33c6
SHA1 7e4d0ec201f360cb817a96277776e49c20ed85b2
SHA256 c872cea0b2210c02b52b9c7c5449fca8a97d9a83583a927a0bfe9b0af97c7a12
SHA512 d7a600edde5588ac13ac563e67a983ebaff85af1639c4fe2bf5d633d01aa932b30a36b90e7601111d58aee3065667c1bcda5a6bb0a3943a6b62bf5423527889d

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.brOKum/jflookgnkcckhobaglndicnbbgbonegd_3039_all_ac724q5mrfm4b4bxvgsppwnsjyra.crx3

MD5 60326e6c90cadc4c38cf7ad54a7d5d15
SHA1 b9a9ed4b79099524317bcdb01338740280e539dd
SHA256 1994e34393325afdff0c90ac370065028be66ba9f7c8991b0cf425a0ae494611
SHA512 41742a6bbff35f6eadc314a6c3069824a1e8b4363fbba30bf0af03c28914ea47a0e5f890e213a797aea4a0646bab7cd2fc601deecdda4b2c684793c05f818fa7

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.rpRd7q/obedbbhbpmojnkanicioggnmelmoomoc_20240814.664576894.14_all_ENGB500000_dmooonqr2jop4qv2rv3xny52tq.crx3

MD5 d7a9e32e4fa55f69bb96f247b8711a80
SHA1 53b9fb2dc0126905ede3984208f3c2b845f86127
SHA256 6757d59d60acf729c9ce32b7461a001a5ad4ca3bebe1cb87719e66143a7c7452
SHA512 c0ee6addbf00bcb084d6e3c41d983143a1baf1bfef9cafbafdadf47a820a24a6b82bc40c253436c024b7993d29e50c60ba2b4e5ee53b627c6c327da69e288af2

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.sR4u2g/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3

MD5 2db7e78c310ca8e73c069a604eac4d99
SHA1 a6d1e03514f8eba03ab81f1380fc54aaded823b6
SHA256 cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85
SHA512 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data

MD5 c5e30274fe7b93847f6d7c02410d1209
SHA1 488a49f38459f29e110c706c51b61ca1ae3b0e26
SHA256 e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea
SHA512 bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.6g1JcK/lmelglejhemejginpboagddgdfbepgmp_462_all_ZZ_acfx7tbdpy6stedolnte7pym6kvq.crx3

MD5 6902764fae563c7f6a4fd13c3426661c
SHA1 38c97660cc8f1bb5cd154b605a0bb00d4bc79b08
SHA256 dba4485f76e69664eafa9355ab6811de76901e847536cb8981a81bb7b8eda8c5
SHA512 0f2df086de0537db50e58dac2a3f621dd22512bddf9ad3ab1d8309d865959ebbf6d04e941d37557eb358a2034a0ff1f7d825f8ce5ce298fcaeba880cd28f6bee

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-24 23:07

Reported

2024-08-24 23:08

Platform

debian12-armhf-20240729-en

Max time network

1s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Files

N/A