Analysis Overview
Threat Level: Shows suspicious behavior
The file http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks memory information
Changes its process name
Reads the content of photos stored on the user's device.
Checks CPU information
Reads user data of web browsers
Reads CPU attributes
Checks CPU configuration
Enumerates kernel/hardware configuration
Writes file to tmp directory
Reads runtime system information
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Analysis: static1
Detonation Overview
Reported
2024-04-17 03:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:57
Platform
win10v2004-20240412-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff77dc46f8,0x7fff77dc4708,0x7fff77dc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7546907003656233857,17725887975837380651,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feedheaven.net | udp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 8.8.8.8:53 | srvassist-ckh.dynv6.net | udp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 8.8.8.8:53 | 148.35.31.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | udp |
| US | 8.8.8.8:53 | 178.230.64.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bc2edd0741d97ae237e9f00bf3244144 |
| SHA1 | 7c1e5d324f5c7137a3c4ec85146659f026c11782 |
| SHA256 | dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041 |
| SHA512 | 00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093 |
\??\pipe\LOCAL\crashpad_64_QFZJPMCIXEIBBSSH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 120a75f233314ba1fe34e9d6c09f30b9 |
| SHA1 | a9f92f2d3f111eaadd9bcf8fceb3c9553753539c |
| SHA256 | e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0 |
| SHA512 | 3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 448d350dc7b7de9a423a75f6b69880db |
| SHA1 | e206ba24caf8bfa45cdce53cff0302d1c06819b2 |
| SHA256 | 4773b598aca84dc0c18f09c4925ebfc794fa1d483e61798cb4a3581cccf78787 |
| SHA512 | 79dd68f8582dd2e78a294c1f43975ef16def8bd31a5c2856fa660c451b9cf25cbc980e334935917e094df5d336cba56b4f0af34a63c8b085ee7ac03d90f3aafc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e6aa040cdc59217eefbc577c4174e3d |
| SHA1 | cddf4d494bb5031bf84019818ef502942b890eb2 |
| SHA256 | 19e04accb9c6a69728ab47f77c2d99c5dffc4588106221ed28d70ccbe3dc908d |
| SHA512 | bb771b8dc6e08253d80c6db29a847ef40e56ff1b004e5a8f05bd570f4ff08e8ab5c0631495dec631a5b1bddc635e74007bed7bcaeb18306d77d0afdc0ef7f1c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 78a96298ee86fc5dd1e5dbc6c127c522 |
| SHA1 | 6ce528937c11658c12bb3f1e1100e81d27aa4700 |
| SHA256 | 97821876b1964ac5b6adb1b810691a2ff75e1de952664cb01fa98878bc5ccafe |
| SHA512 | 2e6c54c5af72cfe3437c393cac3af8c0f82a1959d5d4d6ba0ff16a184ef5d8c7cded3fc6fb5e829bac32423283a1a39f2289c13a14de9f0342c47aa1f61b72c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 75e36ac17c2996784d9f573aaf10a22e |
| SHA1 | 2e6932e9582cdbed2e40be81edbe8dfbb62cc909 |
| SHA256 | e423ab7e345938e0d7f0ab5020d5c0998664431c10fcd794b21b1292ccc9551c |
| SHA512 | 0594cc9ff812bcc661fce3080e91e37b50115bc6246383eb928c1cf27e534d4083b360f96bf0774b4ff721ea1d31f4363ac4d16181a44d703ff9fd3cee5a463e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2fa010e2bdf6e9530c48521d75b67ba2 |
| SHA1 | 803b481a09e9de93176ca868d3427fcda3560b54 |
| SHA256 | a2dfbed67841642c1138ed5e9d1e74635c89a9b4c97bcc36135f1c6643c3ad76 |
| SHA512 | f8fbfddf0e4726164c5b32967605bbb13104dc9dec68059f62af0aad91a20bcda097c280fd850ebd442c762fd82cc652fb4e8a2a8e61d0bd2c175772f51e4879 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9f3856c82dd5c9313827e40a808c58b1 |
| SHA1 | 9b332b5eb3ac1494c9df46bd71790f59b0d3d644 |
| SHA256 | 779c89af162bd8a3188e69e45e5f994084098fe8ebc968d8ac1397f9c2b0a290 |
| SHA512 | 4efc97e921ef4a56fb729806f74234f9122d76ba85817508c1ee05c3c6fb5c35b9c85e335e4217cb5301302945f91122134179b60c1f5b66817f13351d62c12f |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:57
Platform
android-x64-20240221-en
Max time kernel
116s
Max time network
154s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | feedheaven.net | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.179.234:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | srvassist-ckh.dynv6.net | udp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| GB | 172.217.169.74:443 | tcp | |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| GB | 216.58.212.202:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| GB | 216.58.212.202:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | dyykdef | udp |
| US | 1.1.1.1:53 | kevqlcqcmuas | udp |
| US | 1.1.1.1:53 | pkxzggpuotgygyb | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.200.46:443 | clients1.google.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 216.58.212.202:443 | tcp |
Files
files/dom-0.html
| MD5 | bd47a257bfbd0ee5ccc7a267b0646225 |
| SHA1 | d9cf7918455da351e65c7773b606ce8357b7bc56 |
| SHA256 | f4259593c661d0c3ba1dc1e2b2a05d421acfbe7861668394e7c9927e0bb1d6d1 |
| SHA512 | 974dc74132aed18ec670a9c1c37a653784a4d0c940ab5252a98456b159ee3103795775fb05a33461bfc6b64efa02507c5dd81f8d483a2f0e7c2ed463dee1f29b |
Analysis: behavioral7
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:55
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:57
Platform
android-x86-arm-20240221-en
Max time kernel
116s
Max time network
139s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | feedheaven.net | udp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.187.202:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | srvassist-ckh.dynv6.net | udp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | qwqwbveonjorx | udp |
| US | 1.1.1.1:53 | lfzvbvbyzh | udp |
| US | 1.1.1.1:53 | xeqpajmojdkvhst | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.10:443 | tcp |
Files
files/dom-0.html
| MD5 | 6c529a99af4dd8a81095b62a0538ca6c |
| SHA1 | 4519302428d08e7d74343310cffcb83d0dc78670 |
| SHA256 | 85920dbd34d1198f46b5d472f96d4bc549e58ed247b37eed779e063d1024c3fe |
| SHA512 | 87628e667ab90ffe131598db5aec31c66146866c60911fa6f5e37301032f72a3131038f7a2990a962fb3055d3a983b1da6ca03ac4a933cfbf26887c32c8d80b3 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:57
Platform
android-x64-arm64-20240221-en
Max time kernel
138s
Max time network
145s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | feedheaven.net | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | feedheaven.net | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 1.1.1.1:53 | srvassist-ckh.dynv6.net | udp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | stjhvlj | udp |
| US | 1.1.1.1:53 | yqssokiv | udp |
| US | 1.1.1.1:53 | ifykvnnrnum | udp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | srvassist-ckh.dynv6.net | udp |
| US | 1.1.1.1:53 | srvassist-ckh.dynv6.net | udp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
Files
files/dom-0.html
| MD5 | 18a41c0d6f332280bc6504e223ca57fe |
| SHA1 | 63b7e562bfb31f214a190f1331465da6d7292704 |
| SHA256 | 6a8880680a6c2505980eddad4e569ef7ba61ddf66cee2182c50b8f8f894f291f |
| SHA512 | a80f4fd1483bb05254b2841215e2659719a58823e9ff7f24f6d7d06a22c96d1b2413dcda7405293b65652b731b3581134c1d321fe9848d720055c93210b8e209 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:57
Platform
macos-20240410-en
Max time kernel
138s
Max time network
139s
Command Line
Signatures
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
Network
| Country | Destination | Domain | Proto |
| DE | 20.52.64.201:443 | tcp | |
| US | 8.8.8.8:53 | apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| GB | 17.250.81.67:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| DE | 51.116.246.105:443 | tcp | |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| US | 184.30.157.247:443 | help.apple.com | tcp |
| US | 184.30.157.247:443 | help.apple.com | tcp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:57
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
3s
Max time network
30s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1658 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1658 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/addons.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/recovery.baklz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/search.json.mozlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/content-prefs.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/previous.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/places.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/bookmarkbackups | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/sessionstore.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/key4.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/SiteSecurityServiceState.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cert9.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cert9.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/AlternateServices.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cert9.db-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/permissions.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/content-prefs.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/key4.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/key4.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/handlers.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/extension-settings.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/sessionCheckpoints.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/shield-preference-experiments.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/ClientAuthRememberList.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/places.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/sessionstore.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/recovery.bak | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/xulstore.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/sessionstore-backups/previous.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/ExperimentStoreData.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/52hi7z74.default-release | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1784/statm | N/A | N/A |
| File opened for reading | /proc/self/fd/107 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1756/smaps | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1701/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/96 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/1697/cmdline | N/A | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/51 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/1706/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/1542/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1801/smaps | N/A | N/A |
| File opened for reading | /proc/self/task/1628/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1677/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/self/fd/106 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1682/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/6 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1734/statm | N/A | N/A |
| File opened for reading | /proc/1801/statm | N/A | N/A |
| File opened for reading | /proc/1547/status | N/A | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/37 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/1626/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd | N/A |
| File opened for reading | /proc/1734/smaps | N/A | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/1563/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/76 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1756/statm | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1665/stat | N/A | N/A |
| File opened for reading | /proc/1547/attr/current | N/A | N/A |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/75 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1740/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1805/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1686/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://feedheaven.net/ViewSwitcher/SwitchView?mobile=False&returnUrl=https://srvassist-ckh.dynv6.net/ds]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {6879ef3a-1ae3-476b-9b83-b3c75c64625b} 1626 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {6f60fd9b-248e-45dd-b077-86c5a7dc19ae} 1626 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {37b0fbf8-e4e4-4fda-997d-f06e00204224} 1626 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2adf6254-881b-406a-a533-d67774099118} 1626 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2ed57470-1bdc-41b0-925c-17bcdd0373b0} 1626 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.43:443 | services.addons.mozilla.org | tcp |
| GB | 18.245.162.43:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.25.6.244:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | feedheaven.net | udp |
| US | 1.1.1.1:53 | feedheaven.net | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 151.101.194.49:443 | tcp | |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 96.31.35.148:80 | feedheaven.net | tcp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | srvassist-ckh.dynv6.net | udp |
| US | 1.1.1.1:53 | srvassist-ckh.dynv6.net | udp |
| US | 151.101.129.91:443 | tcp | |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 170.64.230.178:443 | srvassist-ckh.dynv6.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
Files
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | 7a2ea5564b688799c032ee2cc12c5442 |
| SHA1 | 9708355b04472d05800284697131cbd619d1cd86 |
| SHA256 | ad37af7e6122648f9eab38b3e321a275af834e05e9c3bef1adf9a0f55d78a33e |
| SHA512 | 39d13211b3a673d5915c84b6ff34c245d838cb5a25a404dcc94029fc8a348bfa9864502fce9643e2e3ff4d43a6f1c245925add0878a4a41e6ea1d38b75017d23 |
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | 13f29e6ce83df20384d1541b4e5b613f |
| SHA1 | 00219ca1adc3d1d9e6f057f1eb735960448bf1af |
| SHA256 | 1ed35d8b46d9c4233c236d82604ef5754e8ada723b1082f3973afd6a360146b2 |
| SHA512 | 0bd86cfa244ec25a95a1de0a9c2f5b43c2634e6716bd3cef0867f11012e8011285f0787c080626d7dcbd46b8726dcaaae0e9c2c0f70650106cf802986eaf3c9c |
/root/.mozilla/firefox/52hi7z74.default-release/times.json
| MD5 | 3bc1db7fd4908b9a92a0a1db2b938721 |
| SHA1 | 0f2dedeb41e963b15890f7eff0419e2d90c0868a |
| SHA256 | 1ac0249cec48458c39d993ad029956da97fd66358cb3061f3480b14c69e31ea6 |
| SHA512 | 1cf4a38a00f8d8807a3c32b715155755e7eb524a3dd790c962a3150bc4834cc543ed010cabd2c671702ed924f677604a414c113fd774952d05e11ac391d9c138 |
/root/.mozilla/firefox/t4n03gno.default/times.json
| MD5 | cc85212d05fba14aaeb66422768d4d78 |
| SHA1 | ea00f46ced61a922be87e55c7ccc5391b54b85b0 |
| SHA256 | 508ee327d0a93bc300af863ab74972bdc26c73bc2ac705c60d962d1307d94b3e |
| SHA512 | 74d53e9cf5922d28af2656afb7b2d7c39a04e4817f2bdad5bb57aa105cb6e918e9b24a6356691fa6d4748e2794166045c29339e9e9ab97632d14742086e4180d |
/root/.mozilla/firefox/installs.ini
| MD5 | 46f5855a29682d800861c99c4c196b4d |
| SHA1 | ca68d8203664eecf2720c7413a157f9a0620d5a8 |
| SHA256 | fbe316a3d9808b0a5b54cb4f29a756b3841b935d9e7269a4f219afef5e3537de |
| SHA512 | a569a19b3382ea66f29e29f645f21556194d83de053a0b9312861e49c986b99ed797249ae33227aeaafb3ca3002994a47797cfe8b74c00e4ac4b345814256dbd |
/root/.mozilla/firefox/profiles.ini
| MD5 | 54b05fd8500f24e8d41fba6ef16dc36f |
| SHA1 | 014b13f974164117dee2cd76d34796c55be810d8 |
| SHA256 | 01208935228c4a7f1a870fa5c6f0e9f60d3a5d55caa21d2e5c6621f46c1f1b2a |
| SHA512 | 62bcef4b73aeceee8b1e277c187c36243ca64a730c7df2560f35616db0474cd86ac324e32ac9732c3f69e52884042ed562bcba93cbf34f3a6a8a9929acc7d029 |
/root/.mozilla/firefox/52hi7z74.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/52hi7z74.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/52hi7z74.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | cab23eed8a5368e94cf4747ec92992fc |
| SHA1 | 4fab483af0362064109457957e59b24afa8221e6 |
| SHA256 | aefe738ca87567214c42d5f6c74f0e51abd6fd3f304bc5275fc061dc51184a5f |
| SHA512 | 1009fc60f363469334e79bf73fb25b72d10307df129e6cdb7e53503b634d8a22ec93e251a24d1c3d7369fb40f1c681ab86baaeb4fedab25153b7e77438879631 |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | c94f02aac3f09b99ddef433397b0ba2f |
| SHA1 | 8a3ef90a83dd22d1f69668287112ca667e8b48b3 |
| SHA256 | ffef986de4e3d32146155d2efa4990315b93bf4ada66cceb3196681c41a04f5d |
| SHA512 | 1d4ffe187ef9ee96b2e601882bcdd92fc54440b86ca11736d2a5daa747e1598b2cfc59c027896f91394221511507065c7ce6df93bb5dcf8b8b9cfc8c2f5e51d6 |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 75f4576ceafca9608f64a0ccee4cfe31 |
| SHA1 | 57603718115191b9126e1dc055c67f63700d5d1f |
| SHA256 | 1a69061e884de59c885591bc80955855be208cadaa9ce5d0de6398ef3ff20522 |
| SHA512 | 072c687114e90e4201d529ab3a10cfa623d67053a9ec4257e724381fa07deafa09f6f66b67fbce40d0ce064e246ccc4261b93b5a6e18f572026ec36608a5d20d |
/root/.mozilla/firefox/52hi7z74.default-release/prefs.js
| MD5 | 16ec713fad497f52e164a616fff9c74c |
| SHA1 | 5df7f9eb3136a2b558e788ff6c88af4bc45a05d1 |
| SHA256 | 3f1d0df9a4d961776718d696bedd7a6b613f009ffa3a0b433c3109cb51de4365 |
| SHA512 | deda218b9ed31fb3f3805c6295e0095ae44ad0c135ce4295e5a73239ec6a1709a9ea4c0a25b81b700cb6765146fcbc9086626ed51ddae48f76d2c8c8195bc5c0 |
/root/.cache/dconf/user
| MD5 | 441077cc9e57554dd476bdfb8b8b8102 |
| SHA1 | 3f29546453678b855931c174a97d6c0894b8f546 |
| SHA256 | b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2 |
| SHA512 | 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8 |
/root/.mozilla/firefox/52hi7z74.default-release/permissions.sqlite
| MD5 | 17723bd918f777aeef1d670c6660a7c8 |
| SHA1 | 75304482bc44d7e12c3cdef40eb895dbb77fce39 |
| SHA256 | 043e4aa110c33e3fca5c61354ddf193a8ef2472b6d0fb2e284cdd1d3e7f114bc |
| SHA512 | 68a145c3f2ce5eb9c50a9f2232d043ea889a7b69016c9d916ec5f74014e34d14cbd9fca38de9e2e7ad1e402154f4e6a9301214bdda3e1abd7bb2840915478282 |
/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js
| MD5 | 840d13db9835b949f509ea038278bc22 |
| SHA1 | cc3e4fb512370103cbfec4db66d597ebab7b4393 |
| SHA256 | aa58337096883dede7b5ccfc3d63085bbcbf1971fea7efd42ec731b0b696d57a |
| SHA512 | c6287fadfada8042933ca2cd8d2f4ec65a133293f8780b93797feeb9a8859ca3f381fbff629743f429250874162a3118e118285efe0ecf2c1c3d5cc47817a5ac |
/root/.mozilla/firefox/52hi7z74.default-release/times.json
| MD5 | c5fb2e6f1a0a5699f12bf344b75c4d53 |
| SHA1 | e62d65981ee9935e0c113c6b94fe42612f90c283 |
| SHA256 | 7af440208cbb2ac77df52ddfb6a8e4046ec0e2db91f531482201eff1565f50e8 |
| SHA512 | 6f50744a6c46efa3bb5c72a09d363d5c3cf736dbcb0fed1394610952c80bc0458ad661a2ad1ab78fd82eb28cf95b67fdcd183c40936d1db3bd69049b994783cd |
/root/.mozilla/firefox/52hi7z74.default-release/cert9.db
| MD5 | d159ff29d21813dd284478501759b279 |
| SHA1 | 89c5e316295e3c2785e4d39da4ed916fa9174888 |
| SHA256 | c08873a8c496d68a703c339b9f8429ddf05da18897edbe94d3e88fbb6ae9b904 |
| SHA512 | a12ae8ef540d8dc482eb7352034d1cf80e1b679bd89ee63e1df1a0c4f8d43630c35ffc111c0962bea7a3c9629f5b47b9c73e9fc75b8aaed7d5a269380813a7bc |
/root/.mozilla/firefox/52hi7z74.default-release/key4.db
| MD5 | af4efe6243b923bc61c56a955b9ce1c1 |
| SHA1 | dc4598ed68bc05dedb78a1a114b8aa01fef49579 |
| SHA256 | 8b2c200e2cc49f683d1d0056c938aa4fc7af4909f20fe404c2a4a9be3e3d45b4 |
| SHA512 | 046ae99b2c37575c3f4da28bd4d73ef3ec5d2e93f5b87998bc8895c728b973e59b333db081577e523af2d5fe8add42a89d3deb552b98aced53b8eccef4592d02 |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 759544297aaa61f5fef8ee42d0ae4393 |
| SHA1 | fc2d66f6e60409e3e8d38623ce5f817fc7f571e0 |
| SHA256 | 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5 |
| SHA512 | 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | efab56193893adbd776c1fe123211cd7 |
| SHA1 | cd704fe5bd22ed29f7b797147599cb5606d589dd |
| SHA256 | cddf787e983d01ca8cc43bf8eaf4a879ecaab68001c5dad6ad550bffb9fcc612 |
| SHA512 | ae466d6d30e640aff6556159e433ef3fb358b7d6a0fbbb936107059920eba2a8493b036948230b5468be8618433f7c272a41cd8d2167df2a0f2b19a964a7e74c |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | dd3f6ba37c670af5953593535e435d04 |
| SHA1 | ecfe4e650a050bce77e8ff7468de04c1b8acc9a4 |
| SHA256 | 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561 |
| SHA512 | 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3 |
/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js
| MD5 | e23b95f2f1633ae1b273d59ee202f7ed |
| SHA1 | 3fc9257310e38003a11aa260880b3dc66126884f |
| SHA256 | d1e3d80e892e75d6e497d83ee61300c70d2f2a3f35811137ca36b78d880954ac |
| SHA512 | 1cb1db2ab1363f13a182230e650a939a300d4f8083ee899c2f6d6813f36102bd70f0562b22370689a7b515f9065205e29eb000e9ea797351852d4c0b93be756e |
/root/.cache/mozilla/firefox/52hi7z74.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | 3b7fff645624cd707f228eca8f7c98d2 |
| SHA1 | eb67e55b4a640693e2ebe088945fba0b9883bcd3 |
| SHA256 | b0aa097ee5686998e6baa17d2e17b373fe70c6e40ab6913499184ddff4656cdb |
| SHA512 | bae756013c5004a5e39a330d2d8c13e41ea0050117afb7411ea040c3fd085b5f5b157e2db2d2a55e8c5633efbf34854937f923cceb9803ce5bd9094fb1cbee98 |
/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js
| MD5 | 86df7aa6548bb80f3244bb7bd5e776a3 |
| SHA1 | 9acb5ec19946aef72567a56afff79712e59af911 |
| SHA256 | 97aacc4ae53b32f407f5fcdd4d4738de18d5d4bb09f767f9b6f87fcc36744f15 |
| SHA512 | 9ce144fbaecd9ed836cc98848d6cbe89c853bc369e47c5c5823d6110580ffea8d3cc46128cec931845fb3a29f0d2533244ae1ff563ff452fe5fcfb86bff42b7e |
/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js
| MD5 | 25fe3d88f89b14bfc6870b22a4d44d04 |
| SHA1 | a18602926f03dde42c802cd33c62f4cbcd94e747 |
| SHA256 | e62fa7d5e604c85c6e16765849ad48454da0cf93acca85b082521961519349f6 |
| SHA512 | 1cdcb253afc7460438623cfa700d8686629e19df242eec250aef39f1866933e9b488a27c7b46d3c89afd50f71742fb305f0751815666156b803895826be8746d |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | a8dd7ebaad5528b23f82ccb1534cea18 |
| SHA1 | 600daceacfb5cf9df0b66ba7dce4516b2ac4df70 |
| SHA256 | e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec |
| SHA512 | 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | 1adfaf8832fc80f241032494d9badbc6 |
| SHA1 | 844d78e345d4989dae4a6f2d94594a0b3fb0586f |
| SHA256 | f813294d2478dc884bf090c8dce9d770e828f857df1cbd00bfda542ff9c803e5 |
| SHA512 | 623f6dd532be1afb4e258fa8731a0e224d6fe52b68b5e4640df12538f62090e09a84dd40b5e8e6eac6e4036716686b4b889264193e4d8b377bbc3b86635f431c |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | 7352c8848e88edc39b7fb5e663888187 |
| SHA1 | 8c3dffe25cc56c7aec1b782292d6fceed81e6304 |
| SHA256 | 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a |
| SHA512 | f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280 |
/root/.mozilla/firefox/52hi7z74.default-release/cert9.db
| MD5 | e6bcc7def313f27067359757decea103 |
| SHA1 | e0ea249e4c0686e9d1569f90873b8efa0761bcad |
| SHA256 | acc24cd5311a0c218e35a73faef2224058925a634d0b625a2f685e0f123da884 |
| SHA512 | 03ac3ef63fbdd888567430a8177398918951de54d3b853b0024f3391fc1b3b5875adccc78f4a58c08d098bec6a7e3f2d3a57009c256f704870b78cf2de62d43c |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | a129e3d9d5dad10819ad342859660e61 |
| SHA1 | 2edb5bde43d7e06ab614f59b1542bd4d775d0b6e |
| SHA256 | 340f7b0b1e43e48bf1bf88d50092388142841db69b68d8babf21c815e51881ab |
| SHA512 | ee6290df28c1025e1c82ec4a5320e11fb32a0b7d1ccee46695c4c5cc1dce55188cdb88092a23f1128b6795a3ce536c29a8e05cf5d0631112b843918a6c5c4852 |
/root/.mozilla/firefox/52hi7z74.default-release/cert9.db
| MD5 | 1c0e9f597ab8ced71ad4fc6faf2bc966 |
| SHA1 | 7a8c842ca381f8feb76f22facf4b108d38c2f864 |
| SHA256 | e0751fae22c5014936ed8e7d121cfb67ff458321ae1788a2ab66461608a5e111 |
| SHA512 | fed2c3fa4b7344f5e09b31498c8519532cb9e4d60fd0e83af98701a7a6d08c77e534ef5ae7ab98606727fe111a68b42a87b0b843a28d8bf47fa7052f1877e9d5 |
/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js
| MD5 | 9ac3f63e1a8dd7b3ac70763832795b04 |
| SHA1 | ce448f217718356433b524594324e6fbe8efc20e |
| SHA256 | d930947b2c0db16f508f579e6ffad843b8ce34c0ea44806c496d89dfe6545139 |
| SHA512 | 4191e8d694139663e11a02d6d405a3e4b251cd7fd91f0c3489050b8ff27ab146aefd0575bb866a77b4f73b1f4ed5d6863a8e0ac0baf93a4478bfadf88ba9c3c6 |
/root/.mozilla/firefox/52hi7z74.default-release/places.sqlite
| MD5 | 98ec8144f9274acde1b188ae2356a57f |
| SHA1 | a7d5df8f74ee37bc87458d2c1368971042a41ecb |
| SHA256 | 28a50e0cd7941d7448c8ba2a965cac3df2f002529a472e4a456e4255fa6a1668 |
| SHA512 | c67821e5be49000b61a3a68d3c503c7bc233acfce8c774d4b94d539e372ff9e7074f9eca240007138140a148c54eb8b43aac745ea1c8adb056dde1a0ca185a69 |
/root/.mozilla/firefox/52hi7z74.default-release/favicons.sqlite
| MD5 | 3c0a1ec298284608bfa51081ea539be3 |
| SHA1 | e51b58f6fe89d45fd8a1d935b51da172d5f6f32e |
| SHA256 | 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2 |
| SHA512 | 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | e87498f20e6ffb24c100b389c9186fd6 |
| SHA1 | 919ac3ffd22845e2ed3bf53ff974ab495d0a7c73 |
| SHA256 | 98fb2b81377690e84819f72cb58f02505856485830b2bb98c5f1e3b4804013d0 |
| SHA512 | 706619b456d5beba0308ca27ff3e011c844aea05ad99ae3a572748c8dbb20e9992be624609ca1cb56ff82f29181c9b1e95b9ce7032601db4c24d2e13e5d454e7 |
/root/.mozilla/firefox/52hi7z74.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | acf01119af3ee0d161b6e1049e26f195 |
| SHA1 | 8bc33819ec10dae13e2ff134ad511eab20b6c1cd |
| SHA256 | e1998c974705b8d904597e177b52c35f5d66b635fe71441941000bc7cfc675f2 |
| SHA512 | cb015e43fb40912970f77491b51c56099fb889e4eea4920e758081e207589a13c7c65ef556735ad7ca5fd90fef9ed3e86907f7f12570d07f8fc83f313fbef2dc |
/root/.mozilla/firefox/52hi7z74.default-release/prefs-1.js
| MD5 | 1d29e2bae8beb2e109fa77da1da77d14 |
| SHA1 | 93653479bfe8cd70bb8b2e6a2ad0e7e857f7977a |
| SHA256 | 6716cf2586d284cbc22c0afe0749ff19d6a6f671f269c07944cbc94bd574dfbc |
| SHA512 | df1889825b397ca1677985c6895a3c7ea90d9a83a07db3776bb63dec91bba06eb3aebcafa583d5f1554b87d31f810d720e5e849ff5be8f6d3b60a6dea3fe503b |
Analysis: behavioral8
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:55
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-04-17 03:54
Reported
2024-04-17 03:55
Platform
debian9-mipsel-20240226-en