Malware Analysis Report

2025-01-23 15:27

Sample ID 240417-egqytsee4w
Target http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds
Tags
collection discovery evasion antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery evasion antivm spyware stealer

Checks memory information

Changes its process name

Reads the content of photos stored on the user's device.

Checks CPU information

Reads user data of web browsers

Reads CPU attributes

Checks CPU configuration

Enumerates kernel/hardware configuration

Writes file to tmp directory

Reads runtime system information

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 03:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:57

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 64 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 2980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 1536 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 2652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 2652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 64 wrote to memory of 216 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff77dc46f8,0x7fff77dc4708,0x7fff77dc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 feedheaven.net udp
US 96.31.35.148:80 feedheaven.net tcp
US 96.31.35.148:80 feedheaven.net tcp
US 8.8.8.8:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 8.8.8.8:53 148.35.31.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net udp
US 8.8.8.8:53 178.230.64.170.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bc2edd0741d97ae237e9f00bf3244144
SHA1 7c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256 dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA512 00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

\??\pipe\LOCAL\crashpad_64_QFZJPMCIXEIBBSSH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 120a75f233314ba1fe34e9d6c09f30b9
SHA1 a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256 e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA512 3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 448d350dc7b7de9a423a75f6b69880db
SHA1 e206ba24caf8bfa45cdce53cff0302d1c06819b2
SHA256 4773b598aca84dc0c18f09c4925ebfc794fa1d483e61798cb4a3581cccf78787
SHA512 79dd68f8582dd2e78a294c1f43975ef16def8bd31a5c2856fa660c451b9cf25cbc980e334935917e094df5d336cba56b4f0af34a63c8b085ee7ac03d90f3aafc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e6aa040cdc59217eefbc577c4174e3d
SHA1 cddf4d494bb5031bf84019818ef502942b890eb2
SHA256 19e04accb9c6a69728ab47f77c2d99c5dffc4588106221ed28d70ccbe3dc908d
SHA512 bb771b8dc6e08253d80c6db29a847ef40e56ff1b004e5a8f05bd570f4ff08e8ab5c0631495dec631a5b1bddc635e74007bed7bcaeb18306d77d0afdc0ef7f1c7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78a96298ee86fc5dd1e5dbc6c127c522
SHA1 6ce528937c11658c12bb3f1e1100e81d27aa4700
SHA256 97821876b1964ac5b6adb1b810691a2ff75e1de952664cb01fa98878bc5ccafe
SHA512 2e6c54c5af72cfe3437c393cac3af8c0f82a1959d5d4d6ba0ff16a184ef5d8c7cded3fc6fb5e829bac32423283a1a39f2289c13a14de9f0342c47aa1f61b72c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 75e36ac17c2996784d9f573aaf10a22e
SHA1 2e6932e9582cdbed2e40be81edbe8dfbb62cc909
SHA256 e423ab7e345938e0d7f0ab5020d5c0998664431c10fcd794b21b1292ccc9551c
SHA512 0594cc9ff812bcc661fce3080e91e37b50115bc6246383eb928c1cf27e534d4083b360f96bf0774b4ff721ea1d31f4363ac4d16181a44d703ff9fd3cee5a463e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2fa010e2bdf6e9530c48521d75b67ba2
SHA1 803b481a09e9de93176ca868d3427fcda3560b54
SHA256 a2dfbed67841642c1138ed5e9d1e74635c89a9b4c97bcc36135f1c6643c3ad76
SHA512 f8fbfddf0e4726164c5b32967605bbb13104dc9dec68059f62af0aad91a20bcda097c280fd850ebd442c762fd82cc652fb4e8a2a8e61d0bd2c175772f51e4879

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9f3856c82dd5c9313827e40a808c58b1
SHA1 9b332b5eb3ac1494c9df46bd71790f59b0d3d644
SHA256 779c89af162bd8a3188e69e45e5f994084098fe8ebc968d8ac1397f9c2b0a290
SHA512 4efc97e921ef4a56fb729806f74234f9122d76ba85817508c1ee05c3c6fb5c35b9c85e335e4217cb5301302945f91122134179b60c1f5b66817f13351d62c12f

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:57

Platform

android-x64-20240221-en

Max time kernel

116s

Max time network

154s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 feedheaven.net udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 96.31.35.148:80 feedheaven.net tcp
US 96.31.35.148:80 feedheaven.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.179.234:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
GB 172.217.169.74:443 tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
GB 216.58.212.202:443 tcp
GB 172.217.169.74:443 tcp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.212.195:443 update.googleapis.com tcp
US 1.1.1.1:53 dyykdef udp
US 1.1.1.1:53 kevqlcqcmuas udp
US 1.1.1.1:53 pkxzggpuotgygyb udp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.200.46:443 clients1.google.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 142.250.187.196:443 tcp
GB 142.250.187.196:443 tcp
GB 216.58.212.202:443 tcp

Files

files/dom-0.html

MD5 bd47a257bfbd0ee5ccc7a267b0646225
SHA1 d9cf7918455da351e65c7773b606ce8357b7bc56
SHA256 f4259593c661d0c3ba1dc1e2b2a05d421acfbe7861668394e7c9927e0bb1d6d1
SHA512 974dc74132aed18ec670a9c1c37a653784a4d0c940ab5252a98456b159ee3103795775fb05a33461bfc6b64efa02507c5dd81f8d483a2f0e7c2ed463dee1f29b

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:55

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:57

Platform

android-x86-arm-20240221-en

Max time kernel

116s

Max time network

139s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 feedheaven.net udp
US 96.31.35.148:80 feedheaven.net tcp
US 96.31.35.148:80 feedheaven.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.187.202:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 qwqwbveonjorx udp
US 1.1.1.1:53 lfzvbvbyzh udp
US 1.1.1.1:53 xeqpajmojdkvhst udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp

Files

files/dom-0.html

MD5 6c529a99af4dd8a81095b62a0538ca6c
SHA1 4519302428d08e7d74343310cffcb83d0dc78670
SHA256 85920dbd34d1198f46b5d472f96d4bc549e58ed247b37eed779e063d1024c3fe
SHA512 87628e667ab90ffe131598db5aec31c66146866c60911fa6f5e37301032f72a3131038f7a2990a962fb3055d3a983b1da6ca03ac4a933cfbf26887c32c8d80b3

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:57

Platform

android-x64-arm64-20240221-en

Max time kernel

138s

Max time network

145s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 feedheaven.net udp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.206.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 feedheaven.net udp
BE 64.233.167.84:443 accounts.google.com tcp
US 96.31.35.148:80 feedheaven.net tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
US 1.1.1.1:53 stjhvlj udp
US 1.1.1.1:53 yqssokiv udp
US 1.1.1.1:53 ifykvnnrnum udp
US 1.1.1.1:53 clients1.google.com udp
GB 142.250.187.206:443 clients1.google.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.187.227:443 update.googleapis.com tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp

Files

files/dom-0.html

MD5 18a41c0d6f332280bc6504e223ca57fe
SHA1 63b7e562bfb31f214a190f1331465da6d7292704
SHA256 6a8880680a6c2505980eddad4e569ef7ba61ddf66cee2182c50b8f8f894f291f
SHA512 a80f4fd1483bb05254b2841215e2659719a58823e9ff7f24f6d7d06a22c96d1b2413dcda7405293b65652b731b3581134c1d321fe9848d720055c93210b8e209

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:57

Platform

macos-20240410-en

Max time kernel

138s

Max time network

139s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
DE 20.52.64.201:443 tcp
US 8.8.8.8:53 apis.apple.map.fastly.net udp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
GB 17.250.81.67:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
DE 51.116.246.105:443 tcp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
US 184.30.157.247:443 help.apple.com tcp
US 184.30.157.247:443 help.apple.com tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:57

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

3s

Max time network

30s

Command Line

[xdg-open http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1658 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1658 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/content-prefs.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/places.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/bookmarkbackups N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/content-prefs.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/extension-settings.json N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/places.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/previous.js N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/ExperimentStoreData.json N/A N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/52hi7z74.default-release N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/1784/statm N/A N/A
File opened for reading /proc/self/fd/107 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/1756/smaps N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1701/cmdline N/A N/A
File opened for reading /proc/self/fd/96 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/1697/cmdline N/A N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/1706/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/1542/cmdline N/A N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1801/smaps N/A N/A
File opened for reading /proc/self/task/1628/stat N/A N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1677/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/self/fd/106 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1682/cmdline N/A N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1734/statm N/A N/A
File opened for reading /proc/1801/statm N/A N/A
File opened for reading /proc/1547/status N/A N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/1626/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/1734/smaps N/A N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/1563/cmdline N/A N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1756/statm N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1665/stat N/A N/A
File opened for reading /proc/1547/attr/current N/A N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1740/stat N/A N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1805/stat N/A N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1686/cmdline N/A N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/grep

[grep -q ^file://]

/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/bin/sed

[sed s/:/ /g]

/bin/sed

[sed -e s|-|/|]

/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {6879ef3a-1ae3-476b-9b83-b3c75c64625b} 1626 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {6f60fd9b-248e-45dd-b077-86c5a7dc19ae} 1626 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {37b0fbf8-e4e4-4fda-997d-f06e00204224} 1626 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2adf6254-881b-406a-a533-d67774099118} 1626 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2ed57470-1bdc-41b0-925c-17bcdd0373b0} 1626 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.43:443 services.addons.mozilla.org tcp
GB 18.245.162.43:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.25.6.244:443 location.services.mozilla.com tcp
US 1.1.1.1:53 feedheaven.net udp
US 1.1.1.1:53 feedheaven.net udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 151.101.194.49:443 tcp
US 96.31.35.148:80 feedheaven.net tcp
US 96.31.35.148:80 feedheaven.net tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
GB 143.204.72.186:443 www.mozilla.org tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 151.101.129.91:443 tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 34.117.188.166:443 spocs.getpocket.com tcp

Files

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 7a2ea5564b688799c032ee2cc12c5442
SHA1 9708355b04472d05800284697131cbd619d1cd86
SHA256 ad37af7e6122648f9eab38b3e321a275af834e05e9c3bef1adf9a0f55d78a33e
SHA512 39d13211b3a673d5915c84b6ff34c245d838cb5a25a404dcc94029fc8a348bfa9864502fce9643e2e3ff4d43a6f1c245925add0878a4a41e6ea1d38b75017d23

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 13f29e6ce83df20384d1541b4e5b613f
SHA1 00219ca1adc3d1d9e6f057f1eb735960448bf1af
SHA256 1ed35d8b46d9c4233c236d82604ef5754e8ada723b1082f3973afd6a360146b2
SHA512 0bd86cfa244ec25a95a1de0a9c2f5b43c2634e6716bd3cef0867f11012e8011285f0787c080626d7dcbd46b8726dcaaae0e9c2c0f70650106cf802986eaf3c9c

/root/.mozilla/firefox/52hi7z74.default-release/times.json

MD5 3bc1db7fd4908b9a92a0a1db2b938721
SHA1 0f2dedeb41e963b15890f7eff0419e2d90c0868a
SHA256 1ac0249cec48458c39d993ad029956da97fd66358cb3061f3480b14c69e31ea6
SHA512 1cf4a38a00f8d8807a3c32b715155755e7eb524a3dd790c962a3150bc4834cc543ed010cabd2c671702ed924f677604a414c113fd774952d05e11ac391d9c138

/root/.mozilla/firefox/t4n03gno.default/times.json

MD5 cc85212d05fba14aaeb66422768d4d78
SHA1 ea00f46ced61a922be87e55c7ccc5391b54b85b0
SHA256 508ee327d0a93bc300af863ab74972bdc26c73bc2ac705c60d962d1307d94b3e
SHA512 74d53e9cf5922d28af2656afb7b2d7c39a04e4817f2bdad5bb57aa105cb6e918e9b24a6356691fa6d4748e2794166045c29339e9e9ab97632d14742086e4180d

/root/.mozilla/firefox/installs.ini

MD5 46f5855a29682d800861c99c4c196b4d
SHA1 ca68d8203664eecf2720c7413a157f9a0620d5a8
SHA256 fbe316a3d9808b0a5b54cb4f29a756b3841b935d9e7269a4f219afef5e3537de
SHA512 a569a19b3382ea66f29e29f645f21556194d83de053a0b9312861e49c986b99ed797249ae33227aeaafb3ca3002994a47797cfe8b74c00e4ac4b345814256dbd

/root/.mozilla/firefox/profiles.ini

MD5 54b05fd8500f24e8d41fba6ef16dc36f
SHA1 014b13f974164117dee2cd76d34796c55be810d8
SHA256 01208935228c4a7f1a870fa5c6f0e9f60d3a5d55caa21d2e5c6621f46c1f1b2a
SHA512 62bcef4b73aeceee8b1e277c187c36243ca64a730c7df2560f35616db0474cd86ac324e32ac9732c3f69e52884042ed562bcba93cbf34f3a6a8a9929acc7d029

/root/.mozilla/firefox/52hi7z74.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 cab23eed8a5368e94cf4747ec92992fc
SHA1 4fab483af0362064109457957e59b24afa8221e6
SHA256 aefe738ca87567214c42d5f6c74f0e51abd6fd3f304bc5275fc061dc51184a5f
SHA512 1009fc60f363469334e79bf73fb25b72d10307df129e6cdb7e53503b634d8a22ec93e251a24d1c3d7369fb40f1c681ab86baaeb4fedab25153b7e77438879631

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 c94f02aac3f09b99ddef433397b0ba2f
SHA1 8a3ef90a83dd22d1f69668287112ca667e8b48b3
SHA256 ffef986de4e3d32146155d2efa4990315b93bf4ada66cceb3196681c41a04f5d
SHA512 1d4ffe187ef9ee96b2e601882bcdd92fc54440b86ca11736d2a5daa747e1598b2cfc59c027896f91394221511507065c7ce6df93bb5dcf8b8b9cfc8c2f5e51d6

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 75f4576ceafca9608f64a0ccee4cfe31
SHA1 57603718115191b9126e1dc055c67f63700d5d1f
SHA256 1a69061e884de59c885591bc80955855be208cadaa9ce5d0de6398ef3ff20522
SHA512 072c687114e90e4201d529ab3a10cfa623d67053a9ec4257e724381fa07deafa09f6f66b67fbce40d0ce064e246ccc4261b93b5a6e18f572026ec36608a5d20d

/root/.mozilla/firefox/52hi7z74.default-release/prefs.js

MD5 16ec713fad497f52e164a616fff9c74c
SHA1 5df7f9eb3136a2b558e788ff6c88af4bc45a05d1
SHA256 3f1d0df9a4d961776718d696bedd7a6b613f009ffa3a0b433c3109cb51de4365
SHA512 deda218b9ed31fb3f3805c6295e0095ae44ad0c135ce4295e5a73239ec6a1709a9ea4c0a25b81b700cb6765146fcbc9086626ed51ddae48f76d2c8c8195bc5c0

/root/.cache/dconf/user

MD5 441077cc9e57554dd476bdfb8b8b8102
SHA1 3f29546453678b855931c174a97d6c0894b8f546
SHA256 b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2
SHA512 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8

/root/.mozilla/firefox/52hi7z74.default-release/permissions.sqlite

MD5 17723bd918f777aeef1d670c6660a7c8
SHA1 75304482bc44d7e12c3cdef40eb895dbb77fce39
SHA256 043e4aa110c33e3fca5c61354ddf193a8ef2472b6d0fb2e284cdd1d3e7f114bc
SHA512 68a145c3f2ce5eb9c50a9f2232d043ea889a7b69016c9d916ec5f74014e34d14cbd9fca38de9e2e7ad1e402154f4e6a9301214bdda3e1abd7bb2840915478282

/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js

MD5 840d13db9835b949f509ea038278bc22
SHA1 cc3e4fb512370103cbfec4db66d597ebab7b4393
SHA256 aa58337096883dede7b5ccfc3d63085bbcbf1971fea7efd42ec731b0b696d57a
SHA512 c6287fadfada8042933ca2cd8d2f4ec65a133293f8780b93797feeb9a8859ca3f381fbff629743f429250874162a3118e118285efe0ecf2c1c3d5cc47817a5ac

/root/.mozilla/firefox/52hi7z74.default-release/times.json

MD5 c5fb2e6f1a0a5699f12bf344b75c4d53
SHA1 e62d65981ee9935e0c113c6b94fe42612f90c283
SHA256 7af440208cbb2ac77df52ddfb6a8e4046ec0e2db91f531482201eff1565f50e8
SHA512 6f50744a6c46efa3bb5c72a09d363d5c3cf736dbcb0fed1394610952c80bc0458ad661a2ad1ab78fd82eb28cf95b67fdcd183c40936d1db3bd69049b994783cd

/root/.mozilla/firefox/52hi7z74.default-release/cert9.db

MD5 d159ff29d21813dd284478501759b279
SHA1 89c5e316295e3c2785e4d39da4ed916fa9174888
SHA256 c08873a8c496d68a703c339b9f8429ddf05da18897edbe94d3e88fbb6ae9b904
SHA512 a12ae8ef540d8dc482eb7352034d1cf80e1b679bd89ee63e1df1a0c4f8d43630c35ffc111c0962bea7a3c9629f5b47b9c73e9fc75b8aaed7d5a269380813a7bc

/root/.mozilla/firefox/52hi7z74.default-release/key4.db

MD5 af4efe6243b923bc61c56a955b9ce1c1
SHA1 dc4598ed68bc05dedb78a1a114b8aa01fef49579
SHA256 8b2c200e2cc49f683d1d0056c938aa4fc7af4909f20fe404c2a4a9be3e3d45b4
SHA512 046ae99b2c37575c3f4da28bd4d73ef3ec5d2e93f5b87998bc8895c728b973e59b333db081577e523af2d5fe8add42a89d3deb552b98aced53b8eccef4592d02

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 efab56193893adbd776c1fe123211cd7
SHA1 cd704fe5bd22ed29f7b797147599cb5606d589dd
SHA256 cddf787e983d01ca8cc43bf8eaf4a879ecaab68001c5dad6ad550bffb9fcc612
SHA512 ae466d6d30e640aff6556159e433ef3fb358b7d6a0fbbb936107059920eba2a8493b036948230b5468be8618433f7c272a41cd8d2167df2a0f2b19a964a7e74c

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js

MD5 e23b95f2f1633ae1b273d59ee202f7ed
SHA1 3fc9257310e38003a11aa260880b3dc66126884f
SHA256 d1e3d80e892e75d6e497d83ee61300c70d2f2a3f35811137ca36b78d880954ac
SHA512 1cb1db2ab1363f13a182230e650a939a300d4f8083ee899c2f6d6813f36102bd70f0562b22370689a7b515f9065205e29eb000e9ea797351852d4c0b93be756e

/root/.cache/mozilla/firefox/52hi7z74.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 3b7fff645624cd707f228eca8f7c98d2
SHA1 eb67e55b4a640693e2ebe088945fba0b9883bcd3
SHA256 b0aa097ee5686998e6baa17d2e17b373fe70c6e40ab6913499184ddff4656cdb
SHA512 bae756013c5004a5e39a330d2d8c13e41ea0050117afb7411ea040c3fd085b5f5b157e2db2d2a55e8c5633efbf34854937f923cceb9803ce5bd9094fb1cbee98

/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js

MD5 86df7aa6548bb80f3244bb7bd5e776a3
SHA1 9acb5ec19946aef72567a56afff79712e59af911
SHA256 97aacc4ae53b32f407f5fcdd4d4738de18d5d4bb09f767f9b6f87fcc36744f15
SHA512 9ce144fbaecd9ed836cc98848d6cbe89c853bc369e47c5c5823d6110580ffea8d3cc46128cec931845fb3a29f0d2533244ae1ff563ff452fe5fcfb86bff42b7e

/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js

MD5 25fe3d88f89b14bfc6870b22a4d44d04
SHA1 a18602926f03dde42c802cd33c62f4cbcd94e747
SHA256 e62fa7d5e604c85c6e16765849ad48454da0cf93acca85b082521961519349f6
SHA512 1cdcb253afc7460438623cfa700d8686629e19df242eec250aef39f1866933e9b488a27c7b46d3c89afd50f71742fb305f0751815666156b803895826be8746d

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 1adfaf8832fc80f241032494d9badbc6
SHA1 844d78e345d4989dae4a6f2d94594a0b3fb0586f
SHA256 f813294d2478dc884bf090c8dce9d770e828f857df1cbd00bfda542ff9c803e5
SHA512 623f6dd532be1afb4e258fa8731a0e224d6fe52b68b5e4640df12538f62090e09a84dd40b5e8e6eac6e4036716686b4b889264193e4d8b377bbc3b86635f431c

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/52hi7z74.default-release/cert9.db

MD5 e6bcc7def313f27067359757decea103
SHA1 e0ea249e4c0686e9d1569f90873b8efa0761bcad
SHA256 acc24cd5311a0c218e35a73faef2224058925a634d0b625a2f685e0f123da884
SHA512 03ac3ef63fbdd888567430a8177398918951de54d3b853b0024f3391fc1b3b5875adccc78f4a58c08d098bec6a7e3f2d3a57009c256f704870b78cf2de62d43c

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 a129e3d9d5dad10819ad342859660e61
SHA1 2edb5bde43d7e06ab614f59b1542bd4d775d0b6e
SHA256 340f7b0b1e43e48bf1bf88d50092388142841db69b68d8babf21c815e51881ab
SHA512 ee6290df28c1025e1c82ec4a5320e11fb32a0b7d1ccee46695c4c5cc1dce55188cdb88092a23f1128b6795a3ce536c29a8e05cf5d0631112b843918a6c5c4852

/root/.mozilla/firefox/52hi7z74.default-release/cert9.db

MD5 1c0e9f597ab8ced71ad4fc6faf2bc966
SHA1 7a8c842ca381f8feb76f22facf4b108d38c2f864
SHA256 e0751fae22c5014936ed8e7d121cfb67ff458321ae1788a2ab66461608a5e111
SHA512 fed2c3fa4b7344f5e09b31498c8519532cb9e4d60fd0e83af98701a7a6d08c77e534ef5ae7ab98606727fe111a68b42a87b0b843a28d8bf47fa7052f1877e9d5

/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js

MD5 9ac3f63e1a8dd7b3ac70763832795b04
SHA1 ce448f217718356433b524594324e6fbe8efc20e
SHA256 d930947b2c0db16f508f579e6ffad843b8ce34c0ea44806c496d89dfe6545139
SHA512 4191e8d694139663e11a02d6d405a3e4b251cd7fd91f0c3489050b8ff27ab146aefd0575bb866a77b4f73b1f4ed5d6863a8e0ac0baf93a4478bfadf88ba9c3c6

/root/.mozilla/firefox/52hi7z74.default-release/places.sqlite

MD5 98ec8144f9274acde1b188ae2356a57f
SHA1 a7d5df8f74ee37bc87458d2c1368971042a41ecb
SHA256 28a50e0cd7941d7448c8ba2a965cac3df2f002529a472e4a456e4255fa6a1668
SHA512 c67821e5be49000b61a3a68d3c503c7bc233acfce8c774d4b94d539e372ff9e7074f9eca240007138140a148c54eb8b43aac745ea1c8adb056dde1a0ca185a69

/root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite

MD5 3c0a1ec298284608bfa51081ea539be3
SHA1 e51b58f6fe89d45fd8a1d935b51da172d5f6f32e
SHA256 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2
SHA512 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 e87498f20e6ffb24c100b389c9186fd6
SHA1 919ac3ffd22845e2ed3bf53ff974ab495d0a7c73
SHA256 98fb2b81377690e84819f72cb58f02505856485830b2bb98c5f1e3b4804013d0
SHA512 706619b456d5beba0308ca27ff3e011c844aea05ad99ae3a572748c8dbb20e9992be624609ca1cb56ff82f29181c9b1e95b9ce7032601db4c24d2e13e5d454e7

/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 acf01119af3ee0d161b6e1049e26f195
SHA1 8bc33819ec10dae13e2ff134ad511eab20b6c1cd
SHA256 e1998c974705b8d904597e177b52c35f5d66b635fe71441941000bc7cfc675f2
SHA512 cb015e43fb40912970f77491b51c56099fb889e4eea4920e758081e207589a13c7c65ef556735ad7ca5fd90fef9ed3e86907f7f12570d07f8fc83f313fbef2dc

/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js

MD5 1d29e2bae8beb2e109fa77da1da77d14
SHA1 93653479bfe8cd70bb8b2e6a2ad0e7e857f7977a
SHA256 6716cf2586d284cbc22c0afe0749ff19d6a6f671f269c07944cbc94bd574dfbc
SHA512 df1889825b397ca1677985c6895a3c7ea90d9a83a07db3776bb63dec91bba06eb3aebcafa583d5f1554b87d31f810d720e5e849ff5be8f6d3b60a6dea3fe503b

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:55

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-17 03:54

Reported

2024-04-17 03:55

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A