Malware Analysis Report

2025-01-23 15:27

Sample ID 240417-ekdsnsef2t
Target https://srvassist-ckh.dynv6.net/ds
Tags
collection discovery evasion antivm spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://srvassist-ckh.dynv6.net/ds was found to be: Known bad.

Malicious Activity Summary

collection discovery evasion antivm spyware stealer

Reads user data of web browsers

Checks CPU information

Checks memory information

Changes its process name

Reads the content of photos stored on the user's device.

Checks CPU configuration

Reads CPU attributes

Resource Forking

Reads runtime system information

Writes file to tmp directory

Enumerates kernel/hardware configuration

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 03:59

Signatures

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 03:59

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 04:02

Platform

android-x64-20240221-en

Max time kernel

149s

Max time network

156s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Reads the content of photos stored on the user's device.

collection
Description Indicator Process Target
URI accessed for read content://media/external/images/media N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 accounts.google.com udp
BE 66.102.1.84:443 accounts.google.com tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.180.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.178.3:443 update.googleapis.com tcp
US 1.1.1.1:53 suafdhomtuqz udp
US 1.1.1.1:53 iixjmzhb udp
US 1.1.1.1:53 avmjsmgnug udp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 clients1.google.com udp
GB 172.217.16.238:443 clients1.google.com tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp

Files

files/dom-0.html

MD5 c44135115db756455b76708080dd1b7a
SHA1 395212c3181e06aa9b7c61e513385ae134cfe792
SHA256 e72851aed00c22312d2d849ba142dc0541623d1f7883d7d87d139e7ead71b2a0
SHA512 b528083a7303e98b9e04a68ee1cd90fba63090490b81fb5735655f895fab38a09a4d7403fb1c3394dcc19cf9d8a040dbe12e6456189a02bc03d7983828e1236b

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 04:02

Platform

android-x64-arm64-20240221-en

Max time kernel

138s

Max time network

148s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 1.1.1.1:53 accounts.google.com udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
BE 64.233.166.84:443 accounts.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
BE 74.125.206.84:443 accounts.google.com tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.213.3:443 update.googleapis.com tcp
US 1.1.1.1:53 yljtkdzt udp
US 1.1.1.1:53 eilxlle udp
US 1.1.1.1:53 rnaicmzjprom udp
US 1.1.1.1:53 clients1.google.com udp
GB 216.58.201.110:443 clients1.google.com tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.169.3:443 update.googleapis.com tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp

Files

files/dom-0.html

MD5 206ec5c4a2fea43bcf9facdb62565b8a
SHA1 d72fa8087bbc951637211c89bb9464ac297a5877
SHA256 c28c9b9018399e647de645aaf3b9b119fd37b722481259677acc776312f72d25
SHA512 56a084e8140d38ab2fe14157105489c227f23eb50fa171ef3c51682da69bd91c29bf0d3ec91c6bb2f0ce502ac4ac39389d4504234cf7db6f560c534d0bc45dc7

Analysis: behavioral7

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 03:59

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 04:02

Platform

win10v2004-20240412-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://srvassist-ckh.dynv6.net/ds

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 636 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4540 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 388 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 636 wrote to memory of 4864 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://srvassist-ckh.dynv6.net/ds

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff89b2846f8,0x7ff89b284708,0x7ff89b284718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,13255568891654786120,8541681793793489498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net udp
US 8.8.8.8:53 178.230.64.170.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 067f5c4676c6469453589f30b8c85be3
SHA1 5e9369436e58d46f01869a18a2b34d1bb791f9ba
SHA256 488cd58b13b2e77aa6d25c16b6f185e9353cfe1b18478f92e18a44c1f56ebd0b
SHA512 5d8db779278a9431d4e702497b3d9a7289b3aede2ad250fc62bd95bb8ae646f8e35cc194937efb722a62b014f4d63291576507565c152bebbab8c49b9412b769

\??\pipe\LOCAL\crashpad_636_UIPAUEUZAXNBGUBI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eae4dde991ac69be4fd35ee50afa14c2
SHA1 d75b7ba27ed3067b179ef2b06d9305a7c34b6778
SHA256 959be8b37b378ee08d88c1d48e6797f747b51ca0bb4977c7c8ca50d824cd15a7
SHA512 6bcd53ab5b123bf9fde43b47608183a5ef52b54aa47e8556969ac8a3b3fa3c88353dc1770aaee0939af83323c168698dea4597adbc9404bcf0d124d88291c6a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b318a14ba892f1a2b9daf6805e7290f2
SHA1 fdd26c1e3ab9cafcb207e82b8bcb39f8bd7104bd
SHA256 57021928503899722d511119be7d7fe4412c4564dc70bb196c5665624e9a2ee4
SHA512 ad598e1e4bd2fb498b7a8abbd9f5d9700b55b45a65fe11419d23c08f3750b4fd13f8635cad7630aa492070e1ce779c4fcdece68a3bd3e3686bcd56ded9eadc48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c219c5656f8bdb448318c795293e208f
SHA1 c8104a739d063e2f7701d464642171ce4bedeba9
SHA256 2a45559b6cebd898f47271a032a272382802ee108709cd757436f87e5661dded
SHA512 dd921b393c92229607b50292575f676ac60651c0571be02771e8799acb5e8746fd5fde4e0d4f19eadc3b42a53dd4ea6e23dcb4a088f4857bd56097c96e68e800

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3275500907f1acf59747007a69bbeee4
SHA1 59246afbb50b99245b8ef9bbf7b7e4bd1d203883
SHA256 da51de765a1562a829670543bb9e442b0267aa3a4aa03319e9cd86792d097f5f
SHA512 57354b5f29b46848efaa4a66077b7baa6398fbc630a2a13d61b5f76e9309658b54aadfd1ff317c2b1f5b9e61fd985c70d4cb0c4227686fdf319d31b49b768d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 9ca6d6594aa8077a3fec4018001a874e
SHA1 c8ed89b8d26161d8bcb054447387fdfe15aef530
SHA256 cb0db5b3080242a33b47c65ff691e3f118d453ec5bc46941c04f818709727a82
SHA512 cd217634fa3474bc2026daad251018d6c4c763277d4c886d18840b832239f3f06c81fa367566897a102b0ee9457e5c831611b4dd4cd631c1b2e5e94de4cc3719

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 932b6bd81ad989f1be90b40d94db3319
SHA1 fa20046edc5d031326d7b381c365890bd83efdac
SHA256 9a999d6eb80b5b8060fff2321a39dd5d83b6daa49dc2dc77a699525d1bc1377f
SHA512 dda4e839f06b7bdcbe273da8685c332650afe7a01415bbe7a757c82e3fe1ed75893aeba6d9ac0e8ca183756e962c72797bb083656c48afc822be6789d22cd1f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6779655c4edf1356aa6b0c5bda7ed318
SHA1 87c8595bc9ceb536b229ea55c6b66a97a142ca54
SHA256 7e1d4a0a9658312678cea900ec9da06851f135f068ff0c72857bcfd7fdf7dc34
SHA512 05776a71c9b67972af312966cb826b5ee9daa809165793022dac3373522885428679ba4b2e30056cafbfd22d92d5cae22f37ff6409e9bc010c3028f12453a50f

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 04:02

Platform

android-x86-arm-20240221-en

Max time kernel

116s

Max time network

143s

Command Line

com.android.chrome

Signatures

Checks CPU information

evasion discovery
Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

evasion discovery
Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 216.58.201.106:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 142.250.179.227:443 update.googleapis.com tcp
US 1.1.1.1:53 guqgxoucykcdzu udp
US 1.1.1.1:53 supftalzhl udp
US 1.1.1.1:53 ioqoinprn udp
GB 216.58.201.110:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 172.217.169.10:443 tcp

Files

files/dom-0.html

MD5 f8638db7b840fe4c374b473c7728968d
SHA1 5ba85a04d774ec6b9abdee6aab5df3024c2edb3b
SHA256 1bfa753b069363c13c71057270d2e11108df94063c30f53a129d7fcc57185374
SHA512 154fb155db631bfd2a45ba00e9438d02f63fa366dfef3067459f0a760dd06ebbb96779bfeb56bcaffe32b803e23f515e316e865588d5793f51a53ac840f630f5

Analysis: behavioral5

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 04:02

Platform

macos-20240410-en

Max time kernel

147s

Max time network

130s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://srvassist-ckh.dynv6.net/ds"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" N/A N/A
N/A /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://srvassist-ckh.dynv6.net/ds"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://srvassist-ckh.dynv6.net/ds"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://srvassist-ckh.dynv6.net/ds]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://srvassist-ckh.dynv6.net/ds]

/Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://srvassist-ckh.dynv6.net/ds]

/usr/libexec/xpcproxy

[xpcproxy com.apple.GameController.gamecontrollerd]

/usr/libexec/gamecontrollerd

[/usr/libexec/gamecontrollerd]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]

/usr/bin/profiles

[/usr/bin/profiles status -type enrollment]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]

/usr/bin/tar

[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=21]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=28]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=298384469 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=62]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=298429577 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=62]

/usr/libexec/xpcproxy

[xpcproxy com.apple.SafariLaunchAgent]

/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent

[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=302164905 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=302286593 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=72]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=302748860 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=76]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=303193888 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=76]

/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin

[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=91]

/usr/sbin/system_profiler

[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump_agent]

/usr/libexec/spindump_agent

[/usr/libexec/spindump_agent]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=100]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=105]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=111]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=315050494 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=116]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=119]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=120]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=119]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=119]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=118]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=118]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=118]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=120]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=120]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper

[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10884914254167738745,11140265252650811450,131072 --seatbelt-client=120]

Network

Country Destination Domain Proto
DE 20.52.64.201:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.4.4:443 dns.google udp
GB 216.58.212.234:443 optimizationguide-pa.googleapis.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
GB 216.58.212.234:443 optimizationguide-pa.googleapis.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net udp
GB 17.250.81.67:443 tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
US 8.8.8.8:443 dns.google udp
GB 142.250.187.195:443 update.googleapis.com tcp
US 8.8.4.4:443 dns.google udp
GB 142.250.187.196:443 www.google.com tcp

Files

/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat

MD5 c6db1caaee0095f017c09113d53ed054
SHA1 cc37e2b3948325a0eeb51080f45b17ebf52a7035
SHA256 ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476
SHA512 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85

/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb

MD5 5c4e7ade5753ab7de2c42c04111fa42e
SHA1 fb577b8c07d9617f507a3f2950df0a6dcfebe4e2
SHA256 d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82
SHA512 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b

/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb

MD5 fe382e791274914bee5950777e4f1fd3
SHA1 53b523b5fc87e66f2520a0b5f9ea080072668f4d
SHA256 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132
SHA512 a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb

MD5 38fc535a8f11d7e955ef58cc63158eff
SHA1 c45ad3ee106dbfb65dce7c09b53140f34454cd0e
SHA256 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8
SHA512 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.thxjmc

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb

MD5 17a2dc5826aeb539547f00f52eccccd5
SHA1 fd36ad6db84312792cffac0267f6329b21727d66
SHA256 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151
SHA512 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73

/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb

MD5 ea517aa120c972c602673d331dfa35bc
SHA1 7ff539eec544cf306b80137bc182fb544e58aad5
SHA256 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da
SHA512 e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirzWzlmz/CRX_INSTALL/manifest.json

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirzWzlmz/CRX_INSTALL/images/icon_128.png

MD5 30899b6c4e4a757b8ec6dd2208acdfb4
SHA1 f2c5880a724c6d75cce1b5191e0d82c3bc7de768
SHA256 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4
SHA512 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee

/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirzWzlmz/CRX_INSTALL/images/icon_16.png

MD5 344554d96e418120bd80ef5de5194697
SHA1 23e141c3a6ce368acc1c299f062ab85914bcb17e
SHA256 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378
SHA512 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e

/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js

MD5 6eebed29e6a6301e92a9b8b347807f5f
SHA1 65dfb69b650560551110b33dcba50b25e5b876de
SHA256 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697
SHA512 fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2

/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/f22f1ca8-2bb2-47be-9329-803d07960e82/model.tflite

MD5 6d7c2f9e94664539dec99b3233301b01
SHA1 85812b004742cc1c211c92911131ce270f8ba769
SHA256 a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534
SHA512 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.DC0yFo/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx

MD5 b92bbcfd3c31f799c5863d78154db555
SHA1 86b1b058e1e7d2f1f35e830db446b59e15670e5e
SHA256 6f6bc93dcd62dc251850d2ff458fda96083ceb7fbe8eeb11248b8485ef2aea23
SHA512 38be0c179619c045a321d1fa2c67dda8419a33075a87f548feed9a858f5ba19b5b980c53d4a3bb5b745c7ce566b53773785aa1f7677e37dd5793ccae76e83787

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ngnvKA/lmelglejhemejginpboagddgdfbepgmp_442_all_ZZ_acy7defk7zfhlgrh3rutnme644jq.crx3

MD5 dd130d876b6436639d5b3b9ada352555
SHA1 e451180c5b296cbeade1fcd25192ce7d8d56e42d
SHA256 0312d42f5f3877a12e6f5da85001549cd9dd435debf72aee5652d1f6a550d351
SHA512 e0ddb76f8119466e435706c5bede42d83be5797ccbadb48eba5339d2582d1e038ae36bd667df4bcd09015e7889acee2124b013d5fc954bf2b15048f7c75c19d1

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.VCw7Sw/khaoiebndkojlmppeemjhbpbandiljpe_63_mac_acj4pge7wnngtgdmbzd4p5k36luq.crx3

MD5 dd093ee4be8228581afa24a12c4ff5ae
SHA1 744b07f0920111293fd8614a8c08b91a7a9fbd51
SHA256 458d41f9ddcf8cb983af99e4765c6653d1e70a30d15491f5b1cbee0ce4b07907
SHA512 4fc4a8453804b44d9e2bc54c01fa68e7b69a21a2ff0da8bc73386bd94ac9b173fa84f26fa801e13e384ac2842e44c69ea9443e509418ebe385ebea1df3ec205d

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.HQKymu/hfnkpimlhhgieaddgfemjhofmfblmnib_8677_all_acmopi2d6abq4ejza3vqdjems2oa.crx3

MD5 4cff09474ab43c0f0db3dfdf332e9d20
SHA1 3be4621c3aaeb5d2aeeb3e8b61e3d62b3db748bb
SHA256 ce6cd856019670da6defac7bd9d8c7fd6ec87dc4f9aed85f35b4708246b7fe40
SHA512 bcaa9d80b8110a96873674bc000fda40d67e5f63e15a88e4bc572865dc84be970ffdfa131dc410c10816eb47ccc3b3cdf3a8aaf7be6528a445eac92bdc60c488

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.OKOMJ0/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx

MD5 39fbc1bf4c6c8f919181e3e72630f974
SHA1 b73f2394a2c1ac341df75ba63eef4e5e9830fade
SHA256 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96
SHA512 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.D5huoc/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3

MD5 2db7e78c310ca8e73c069a604eac4d99
SHA1 a6d1e03514f8eba03ab81f1380fc54aaded823b6
SHA256 cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85
SHA512 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules

MD5 6274a7426421914c19502cbe0fe28ca0
SHA1 e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc
SHA256 ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee
SHA512 bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5

/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data

MD5 c5e30274fe7b93847f6d7c02410d1209
SHA1 488a49f38459f29e110c706c51b61ca1ae3b0e26
SHA256 e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea
SHA512 bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.tEugod/jflookgnkcckhobaglndicnbbgbonegd_3026_all_an75hpewbujg3uqbc7zvphe73a.crx3

MD5 25d9086469baca3047d5d3aaef6c98e3
SHA1 04f34b6fa058d25dea98ba0cd1456b4681fdcf82
SHA256 0bd20c0ed22291b160114420a22e8ae9fd79a002cff2efdff99285f35a15f629
SHA512 3d3fbb7292307c9fa51c2e8ca05eaafb9e8c7eda27d714a6f509388010e0e1bf8312315cd91cc58f04f04b2b0f1fa309c92454fc4390b26959a51af5f4ba7e8c

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.WEV218/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENGB500000_j4ulfqgydb3iosc4yghs2ynkzq.crx3

MD5 b80e5ee885c9009a4e1eea8215e9e076
SHA1 ba596fb2a5b7b16ef9c6b81f1d54d77f75bfab6f
SHA256 16478366740cdb18cb756e11498cd924738ecf794cc298068d127cb49af26793
SHA512 84b84945a0b891ac4c191ec5187d9a942bfd7d51208d2564b4a8616da7e3efc16d3e82282fd8751843fb82f73de8c78ff07f8b56c70f993241067091a0675cdc

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.WEV218/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENGB500000_j4ulfqgydb3iosc4yghs2ynkzq.crx3

MD5 c1ed2a7e50090b2ef253812bf505dfe8
SHA1 6511f43b21a481899f6c9f70f0564cd072828dc0
SHA256 99112a2c0e460f8b1dc9b1d7d090f41280ffed82db9a5475f33a1896e147265a
SHA512 a5a6d7a558ddd79a2de3da0672740bd50f2451a3de208b37805539ae689fd162b14745ca2910753a4fb50f2c4327f5e937518e8504ff318610d4377a57abcc30

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.WEV218/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENGB500000_j4ulfqgydb3iosc4yghs2ynkzq.crx3

MD5 1d7030284f02148329e097a820f188ba
SHA1 f190735e20ec0b1f73056e99cf7b94395ff90227
SHA256 0b766de6fa262044bf0f7421376cbfa65d2e2c34586fdba2f0c6b3ace543aea4
SHA512 6e0ad2c796b4e0a7e6147a17c8faeaa4be39b2996e2c0f747b27a3507d2b240d83dc304f1c1c957deb2fd1ce802b0c26ee1986a8373f2360c4b062308095221f

/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Y1t3pI/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3

MD5 cb79d407a4d6d8526b42060b9210b5c2
SHA1 331e3d66e82e130042897faf86dcbd05d7b227f1
SHA256 e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165
SHA512 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9

Analysis: behavioral6

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 04:02

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

22s

Max time network

52s

Command Line

[xdg-open https://srvassist-ckh.dynv6.net/ds]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1679 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1679 N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/thumbnails N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/places.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/content-prefs.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/places.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/favicons.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/bookmarkbackups N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/ExperimentStoreData.json N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/protections.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/favicons.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/places.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/favicons.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/logins-backup.json N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/favicons.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/temporary N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/default N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/places.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/extension-settings.json N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/places.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/vyyogchq.default-release/times.json N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1718/cmdline N/A N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1774/smaps N/A N/A
File opened for reading /proc/1566/status N/A N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1802/smaps N/A N/A
File opened for reading /proc/self/fd/117 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1823/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1650/cmdline N/A N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1722/cmdline N/A N/A
File opened for reading /proc/self/task/1758/stat N/A N/A
File opened for reading /proc/self/task/1781/stat N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1819/statm N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1686/stat N/A N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1561/cmdline N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1586/cmdline N/A N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd/77 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1805/stat N/A N/A
File opened for reading /proc/1703/cmdline N/A N/A
File opened for reading /proc/1727/cmdline N/A N/A
File opened for reading /proc/self/fd/93 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1802/statm N/A N/A
File opened for reading /proc/1566/attr/current N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1652/stat N/A N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/self/fd/73 /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://srvassist-ckh.dynv6.net/ds]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/grep

[grep -q ^file://]

/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/bin/sed

[sed s/:/ /g]

/bin/sed

[sed -e s|-|/|]

/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://srvassist-ckh.dynv6.net/ds]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://srvassist-ckh.dynv6.net/ds]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {17367d05-cf50-4577-b187-c9551eb29921} 1650 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21741 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {08dbc7d7-00f2-4081-9baa-845556b7c95b} 1650 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21409 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {ba30dfc1-0bc6-4fb4-851f-cb54465f091f} 1650 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {a647e1a1-6599-481b-97f9-13b9d68170e5} 1650 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {b004d0f5-e33a-4726-a877-36fba693f188} 1650 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 151.101.129.91:443 tcp
GB 89.187.167.4:443 tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.100:443 services.addons.mozilla.org tcp
GB 18.245.162.100:443 services.addons.mozilla.org tcp
GB 185.125.188.61:443 tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.25.6.244:443 location.services.mozilla.com tcp
GB 185.125.188.62:443 tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 1.1.1.1:53 srvassist-ckh.dynv6.net udp
US 170.64.230.178:443 srvassist-ckh.dynv6.net tcp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
GB 143.204.72.186:443 www.mozilla.org tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 170.64.230.178:443 srvassist-ckh.dynv6.net udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 img-getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 img-getpocket.cdn.mozilla.net udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 52.10.78.57:443 shavar.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.com udp
US 1.1.1.1:53 getpocket.com udp
US 1.1.1.1:53 www.thecut.com udp
US 1.1.1.1:53 www.thecut.com udp
US 1.1.1.1:53 www.npr.org udp
US 1.1.1.1:53 www.npr.org udp
US 1.1.1.1:53 www.menshealth.com udp
US 1.1.1.1:53 www.menshealth.com udp
US 1.1.1.1:53 n.sni.global.fastly.net udp
US 1.1.1.1:53 hearst-hdm.map.fastly.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp

Files

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 c4261195178668f51aad9f52d18b14a2
SHA1 25a962b39a3510a2ace7a64619ea39e465f03d1b
SHA256 cd6503640f059e920e680507ee9ab3ccee028660bd66f2ac0822b73bccc5dbbf
SHA512 561564f76fee6a4e6f9afecea701e4f763a83680716b05dc823d272bdb89eb468299a652c6c1806da9794622e33654002d81834bab486641699a1c09518cea3c

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 b8f581059a5497b3225c061f7842ef8e
SHA1 04ed6415628aa1447c54310e13b816704a33e196
SHA256 956624d8ee2beb6a37d7582ae4e1bcf2f317a99085ea422ceb56d0ab2d0ddf11
SHA512 153f2bc8b9e4d10e2b38cb5802551c1b8170ba8f8191684385ef082c56e01064a23bca92a4677df635af71cdb01b94440bcc1214c940f7263eb13b7226955619

/root/.mozilla/firefox/vyyogchq.default-release/times.json

MD5 414c0df3a37469d373a6406c1a4b3aee
SHA1 993d7cbe0e7e5b25f9513995f39fa3d2b107e4d9
SHA256 e78e9857adef3482e237b6700908ca4fc89130fbee3fe95ae2b1affd9ca0cb49
SHA512 c619970844ffaf78e6161ad3336508045c31b794143da6ce3fcd24f557a7920146984ee8f51ba0804be738e25d248e14b4c897dc9a8e072364b227062f0d0502

/root/.mozilla/firefox/07ctkoqb.default/times.json

MD5 bd22ca589194a67e664295b6ddb92774
SHA1 0540ae5cddd149894b75cbc94a46edff1f78cfdc
SHA256 0ab4bb4d099ed501ee5ce37a5a51d9d9e4d716eb77989453824efdc16b19baea
SHA512 e1985c237e07abcb1b0f55e8faee6367eccaa210470115faebe1b86d2aea7239342e7bf7c8f664597357836dc5747fc2f73f17dd1775545363e59c10f0100169

/root/.mozilla/firefox/installs.ini

MD5 5817cd84f399472eb3849d2f4f9eeab6
SHA1 b7b20d661c16b55d9a44683b0d559aa3c0baee8b
SHA256 6351283044cd408720d3afcb46f4a360a91cbb1e45847c722f8ebb191082250d
SHA512 eb6bc6643251e7e6cfbee9aa03f80187ab0fa69abc93185dbb0ba5d3c82b983d44f4fe2cc52f83c3ddcf5667a50a381944e9caa55f2eea945bd245a4253126de

/root/.mozilla/firefox/profiles.ini

MD5 54037d5e85e8f589ba61552069d890d3
SHA1 5b92043dcee627f0bf255479a975674a19a732af
SHA256 01d01d28580bc71f46a00925d2996d0fb0239b508def49e89be425033b1f52d2
SHA512 d1b06a4763cc064393fff4280e7f87fda863bfbf618e89604400cf9d08d0f2a7bfc8b6dd42c35750696d2bafa4c446e13c3dc6fb6c5d9ba9e769fcc7528e4629

/root/.mozilla/firefox/vyyogchq.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/vyyogchq.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/vyyogchq.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/vyyogchq.default-release/prefs.js

MD5 40d78c95ab9e77de28ad0f985dadc61a
SHA1 9611c14d5d22ff5320ef8fcf822c17abe0659103
SHA256 bfc8c4f81c583b58300a56896a8ab47d6825c1731cbb3bb9a292d51b99ef2e06
SHA512 125e93111b04f62631c4a0b10b59e2eedc8858e1805a18f1ff58fb9fcd89a78c2e70eae6caf406d4438910e96de48b3a231d79f7b05f654ef2582990ae289a32

/root/.mozilla/firefox/vyyogchq.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/vyyogchq.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 83945cdc8cd59f5ccc571a085a240ec9
SHA1 55181f78e9b60f104e87fbfa4a183a78e87263fe
SHA256 479e889266469aa88dbb5174545b0664a1286dc2d39ab71f966edc70777b69ea
SHA512 33356cf8560f4f70845084f9893bbf4bbfba0725b1eaa3c1bdedd7c9687c826b68609ffe8907297a7e9e31763611d463147aa1c92b9f6eb526f8f0c349c35bd8

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 b66818b6655e28c6a85b94ee3ca54945
SHA1 f2ff0ad0f4978437702c535c90731f35e69ad91a
SHA256 4f95c94e540973b5086f872fd9967bdad78c1bb9ae9cf78919134e677a95f4fc
SHA512 6a143c36f0fcba4c7e63526d9373861c2c247cedef2be77a6d6f5d8f2c0c619b2d26671394383ca336d25665c8d3a9bd1c0f7e4b479722c697d177e67dc8f10d

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 698dc0d7e15a5dfa312f2bd3889d1988
SHA1 cc4fe62bb505f1ec1a061cd17c2085133241710e
SHA256 9c7ea004a3a006ab737eb5ac14d3424735fdad8594cbe1e9770c91c7c9485102
SHA512 c417bc1330555f7acd5a0293fbc6a878aebfcdf598c3c17868dabee3495b9a16eceb7c2b5b43a4d6fe4896cdc501028250d8d93e5097d7a4230914abdb694204

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 3b01062a96702b27e33bfeb7fc986097
SHA1 d143e15769adf96dd123e2e181dbc146e005723a
SHA256 9a51b9d879c276d650136c00a6415eec88f90ba5112ffffe05b768a665e6b536
SHA512 4e703cb3b421d5adc977245cfe78df6976e7d50c4c9f901f9c6fb4efdb30943dee4e5ad00bc726b3dc4566acf5def0eb1344e78ae1c5df19593d92c5df2d86d4

/root/.cache/dconf/user

MD5 7209a1ce16f85bd1cbd287134ff5cbb6
SHA1 9ac521e32f8e19473bc914e1af8ae423a6d8c122
SHA256 fcf0a6c700dd13e274b6fba8deea8dd9b26e4eedde3495717cac8408c9c5177f
SHA512 7bb076707b65515022c69f7d1afbeac317b3eac104a1ae8e15e923fc7380b5a63e113f743945b99c9d4e9dfb4febac7971a97e88ed3a425670060498d26c19df

/root/.mozilla/firefox/vyyogchq.default-release/permissions.sqlite

MD5 ec8aa6b65c53b4a52c1901e3e3ea39a9
SHA1 cd15ba7332ccb76a3b5d8458768cdca37c76c4e1
SHA256 f9d85005381a7d6e46c34995dae67b47fa1802725cfc2a78d7c6df27700c2762
SHA512 a7e81fa00b14a8c7411974b6fcea187321d70bfc86d50ab8cdd0f992d54738024af7bb19b95b8fce13aade9355df0cb92a8b7075b001306d6d7df6129363b85d

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 ca518fcd024c21d7d89a78038f3cb878
SHA1 28384ea4b7c62c44cd587e20a66db6c871a3add5
SHA256 e49d1fcdaca4318df0a320e5a66a508711b96121fd634ed63da1aec6a85ab85d
SHA512 be8f2c6f19dc3d571ad68bfd418aa6171c9fc88b18e0b0e622df951c4fa5e55ee73256f9638943a16ea60545f65dca6ebc9e85a4c850b6d9ee0174a290dcd8b8

/root/.mozilla/firefox/vyyogchq.default-release/times.json

MD5 99cbe38b9c03a63977592d6131185194
SHA1 513c88e5f4483f4183ea8c19e01c7520cd280b5f
SHA256 d0b59683fdd3b7ea5ae045fa31146873453b61aa572fc064918b3a8ee003ac09
SHA512 bc84b40b43951698cf64e689c3af07ff1aa45ef89d0f8a93be17d8b35e0c58b1fdffbe47b2c44b96f38fedb41b2900fbbce2070bf908653424741a3746d636f3

/root/.mozilla/firefox/vyyogchq.default-release/cert9.db

MD5 00307fa4b457436ef7c178593602efb2
SHA1 19f59bbb5808230c4f40ef85256d9ec0e3af7d59
SHA256 d2f75e309ddb1e49074a9d905f1494a7664b65f99163ec1016b5eb57cb5f64fd
SHA512 dc3e3cf6f91b46c1e6cbbb89c45586443176230df691da478140d7f334e783eb47b3ccb4aa959991dd2bbeee5e2c5fd4b3a2cee501af38b1b99ffbf7da480f48

/root/.mozilla/firefox/vyyogchq.default-release/key4.db

MD5 0d6a4c614ba6ebd0de99952ca8e70359
SHA1 e5e4407edc0e77e9e4a1bd3bd115dcce5f29d638
SHA256 53b9730da135ab129c52de37ab6722cfc86c55dcc471870c62d69515d04b6b3a
SHA512 ab8056ec95eeb6120d6a3bc31371044c77616652f95f59b9026faf9249f5e7d43b39e1d8aa073f8e859d3aa0c4bc57154baccdce279bf0d74947813849b4dcf3

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 9924105f8ee9266532dc1394db4e6f27
SHA1 fab75cba0e7d6cfdd2a76c3254603c1e4f25a8d5
SHA256 65fca841bc8f40a1f179e2291055ff6fe2c6b15493f61a6f7144ea83bc6ccbaf
SHA512 0d66bf85bbd9db6aeffb5292feb4bdb92b0567b831ee6b5d15a623e786ce9281437f4c41d9f7d0c39e79387afee824a54374413b773788ffc37909c873d29c43

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 87feb7397cafe7aed2c75549319b6f75
SHA1 e356696c9c3de888b4954914e5270833e1ed8f93
SHA256 5a01e41eac0e801a5ba31d506115d31457093771583610290637679697a1ad40
SHA512 b06f70b14366f7c1e4eb04b43d042019794ebdcda4cf75df00f48ab0e8b6cb881ecc1409eedb005e12ab7b8e6013a02e30e0a859e530994d1e8c0b47fe2f125d

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 26512e1beb029cf035ffe2d08403edba
SHA1 246daf2303af32c30923e53859a1d0855ba8380d
SHA256 5dafcf737f536ddf5c5d7be04b6fdb5ad07c181da6d206a913a5af7c79f4f511
SHA512 ed534fb59cf5e0576fd8550fc3bc122e9ec6e94c07f6046969b93ddb60925191ef7e785a4fd8da398a83ef9e2d281253edf046437c984b45250acf75b768c75e

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 8e77b6f9d2d29cd98925efb5d99d3900
SHA1 ccdf44882905126f1c9380bd6313afd44147e7f8
SHA256 21fcdc594754750a0ef04f6ff3561543a0d984253dd5d1cdcf663dca3e639a48
SHA512 135d1561b97e65c7ce9240685debe19295c433a3b6df638a5167ad178de5bce3c34bdc9923d653c81836123f010b0a30ebc3510b8f28a78f884862f49926d650

/root/.mozilla/firefox/vyyogchq.default-release/cert9.db

MD5 0513d006517ff6e114805d5066fc15ea
SHA1 d9146023629a53f927b10751ae0f4cd2e7032fc6
SHA256 03d3dc6f423bcad09a7f4728c9c6b304a5b56015270212bab6a6a8113bc8b120
SHA512 f456089d2eeca1d9d58d7294ea5a60d1f3cca50fcf0519f4318d3eeedae902a25b5b4bf137c622d2790bb386b995cbd9f44ac79b56535148b6b5caee0719c53c

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 b82c5ec18f2c1ecd86ca2dd0d32d1970
SHA1 c0b21dc9646139d19c4a6ba596efd4ed4e32b736
SHA256 d86f110c434e072cead8993cfcaceaf7402393a0dd2fa5e6fa7b78b051edf0a4
SHA512 bb3c2ae7fdb612b7a7df9b655afbfe952e9776a68ebb2c00b6a6ff6833237903cd6d80ee175da7004d8e0ef89caedf3960c077891f22fbb95ab1db393225772c

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 94dad65f948db92e43471b5c8cc6244b
SHA1 cc48abc467398ec1c29da5ccfc75276201f0caf3
SHA256 238d2758905cc15e042c48c033aec14434a3d615fcb3494b64d9b34057c00e57
SHA512 67823b4e2c000a3571c6efe3a5f5e8aaad443f92a675fa048d1942b544d445ce0518043829be483f80bae09f64fc3dabf89559c06fcdff7ff6d2ace8f8ddbb28

/root/.mozilla/firefox/vyyogchq.default-release/cert9.db

MD5 2cf45d0866bf059be831e19c6a8518f7
SHA1 96be87fe10388302f586bb5c9fe7c0a34b808bfe
SHA256 c46cb6ef18b604dfb37691bf234915bb081ca936c6d925d33db58ecfbcd52e5a
SHA512 8f3fe0c6e8e6effe6a5696679544e23da74dcdf76a1393490fcfa6a23f79056e664678025519e0ec0dc9cec5bf76309d0a30569d7749840418b54fcf00495b6b

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 2330e2937305a1b1b1ce302963b7a55c
SHA1 28fe154b8b9974d72e325af4adc4d8e9b6d97ba7
SHA256 48723be5527f424bf2eb411ea6bca1e535aa5402209b8627de9deea2a38b2e44
SHA512 b35779471e8c087313a748c4d753b08657388d5393325c3aab1d4a1a2c7d092c2a392e0b2c8ec1264125da5b403854314fdde4d1d6f780d0a509acfb560b5516

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 8ccb960ef99c615ecc30692e7d3e4309
SHA1 8d3f9c3da1762a0624068aae2cb53b7f4ab07ba0
SHA256 345070a99fbf9f97cfabb9be6ec837171d9f88878053ded2b5aa72aea79dc9d7
SHA512 7d5a0b8e434dac1ca6e8d8fe953d0f1aa7e35eaac1a0de1770b481173c5b736a2feb157c8bb8d5682ddb16bd87b5b44ae5d76d53df110769696aaa422d25fc9d

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 4c959dce377501ac37e293550d9dc21e
SHA1 2e9651c6ac47c9b844b007e6ce6562c6d671648d
SHA256 c822ca774d12d935f4e92a0023d4318a323bfc6aa34910de66a8e9e1504bfdc9
SHA512 149427c234bcf5f663f5876d64ee2ea47a77ad6259cdfe682b30475065c892aef4a18df68e149158b06b73e83287818c3c396439a6380610cffb4838687d8b8b

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 e87498f20e6ffb24c100b389c9186fd6
SHA1 919ac3ffd22845e2ed3bf53ff974ab495d0a7c73
SHA256 98fb2b81377690e84819f72cb58f02505856485830b2bb98c5f1e3b4804013d0
SHA512 706619b456d5beba0308ca27ff3e011c844aea05ad99ae3a572748c8dbb20e9992be624609ca1cb56ff82f29181c9b1e95b9ce7032601db4c24d2e13e5d454e7

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 0cd568efcb7acdcd8843518ad6aef3da
SHA1 05f485804204053a439749fe6ff3d7a844d3b9b8
SHA256 5e700a633d734c581979316db4ddcdd9b506985dfc822cf0321124521d9525ba
SHA512 dea7b35d52643e4b5a38a631f871d5301c3d8f3474f76b24afa6598a3d46ae46579702a923990586d4443bbddd4a13338cbadf520930a66c2d9d289c2ffbb281

/root/.mozilla/firefox/vyyogchq.default-release/places.sqlite

MD5 14e54d070287f1599b6f6ccdda1f17a3
SHA1 ed50789f7ef16343b931c9e66c9caddc8513c1ab
SHA256 721877332c9fb855cb0c4f90b474d8705cf4c834f53b33ad88eb800e939f7c35
SHA512 d139f33c9d44eaa958eb18dc9122ecf1f827cc22686e279d539076659c8e8022e4397255236a3a157c014a42ab0ce0403e0d2a40c48a9b043995958c9eed2fe3

/root/.mozilla/firefox/vyyogchq.default-release/favicons.sqlite

MD5 3c0a1ec298284608bfa51081ea539be3
SHA1 e51b58f6fe89d45fd8a1d935b51da172d5f6f32e
SHA256 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2
SHA512 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 d86890acc43ef56b038972a2b1b47205
SHA1 0aa463cfad9e36e045786463962436943ce5bf7b
SHA256 88b637ee9faeaa6a7be15c5feaf9f02275c0f2f20cfd0e1941b8eaeb0dee1bf9
SHA512 e6129aa12880731a5c59085106e6b92527e59695816aebe977464e23e16a3b93ef3423869baf42932812b2e57ea15c79a14d20becffaef2d85cd98e35f82d9c7

/root/.mozilla/firefox/vyyogchq.default-release/content-prefs.sqlite

MD5 1fc2e7b7fe2c5be305dfa9a2bbb60771
SHA1 4967389dea050001cb1af3ec799edb7805c3abb8
SHA256 1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a
SHA512 fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/6D89348819C8881868053197CA0754F36784BF5F

MD5 a6b3af1a6866298c788a145ba6b57de5
SHA1 60990cabad749bb2334e8f80eb315a0db034e9bf
SHA256 c1bf64cdb29714a3110f2d0e19d54e0f1a6eb4f504923ee805a1483ba61364a6
SHA512 1cd8fafb70f390e20009adf7ae239e40ad1f5f5538351de9e9964043d26dd4553b2f9bbd4ccaee31b87d93ddb1cb484979a00f38b4910c18c35779d9e8c2e590

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/44230749A38B6989F56217B435A03E84CCADE62D

MD5 5ced4c07d273ba7f579a6555ee3c2672
SHA1 5e6e7c9b037463a77e67d66155948e21db5d8f34
SHA256 5d6bcc57135a65a52876cf91a7e69c1d1e1f19ecf72132fe4263c306f3e09b50
SHA512 e076a1611342581ac96152bd8c3eb00b927298c1f253a7055173a0cafe9164c2af77585cfabe157d78cd5724cdc043a617b56bb9ac13ec7ecb8b66b79d148de2

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/099EB2BF8827A4F91EAB3E38B14650D0205226F2

MD5 8b89ef11809c2f0919bf20af63bbcc63
SHA1 57eb018a5a5689b80c746f9e8efe27097d7b2c35
SHA256 e2f940916147f1080199e89d304c4edcd06f26f8d3cc05f9d7f8506e512e07cf
SHA512 53197fc5b65a48e2b6a050b82eb7f65cdb396089be3a3c5650e4bffaeb6b878d15d1b4ca66bcc3e49b47a268dc041f5abc86c4a6dd210d21b89cc579f6212595

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 7d6e972346405df135af58cfe6688f98
SHA1 e983bea763fad5583a1a858ac7d8ac3201572e4f
SHA256 4fee5f063139e27e6f9ce51bac494a67fe6c724d3a8b72043fc781d0c0f1aaa1
SHA512 6dd0c9ad57c70d645c5bf3120dac19be56abad588ae549c590fa2b68159d6f79870daf0078736cb0546ae4b1b6a7c258aaae2019f5122a9de87783af079f0ba7

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/105CF5859C35D0C57C30001EBA02E5CC8057DA6D

MD5 4781db88810df922a7397f0cbac8bb69
SHA1 cf2ebb2cb72a17fec72a8b535f91308295616329
SHA256 8fba8fb41dc3da00b31aa8402a735a5b938bb34f40d99280a4bc42b096ce263f
SHA512 ab4fa26a9fed4c54c3c9839a78053687921d62a1715dd60c66a4f801b16da69e9e8cb8a2db86632e13b14f0875502e66f4e86da38895c2f6125afe3d1eab2b2b

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 b304c63d28bbc625a5848601305e5787
SHA1 7ba95dcb7ce7547e1c582831127eb3a28aca4732
SHA256 e0be90bbadd2a30e05a2e6ed8afd3678d0ca25be4e60272b1dfed2fe799ab76d
SHA512 ef1b8576e4733d52d7b29bc1ba9d154702890c5cf0cb689d6fefa091536dea41eb43aec52c193d68f3033786f87a8ef2b339a45efb1e24530d7157dec9abf747

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/E88A828D0B1A3969EEDE9B4C97131F88EA0B005D

MD5 29d0e2f2182718c9be462af6f793a0eb
SHA1 c7a457cdf0d10241179a35818e97f9be7e514836
SHA256 5473df39f17c37cb0427f9da83ba503234e789e4d73cfe8b91c491167f0d90e8
SHA512 4d6112312f66060f0cb5a65751e21fc73d61a0721349b06d7ff87fd2adf91966a93218e4389c40f874d25f68307ef6822f923397eaf95268c4809eed5439b0f4

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/039090029E64BC91E87E77199A6A6BE11FC39B6F

MD5 0f55cf0a637e88e7840b54bf5480d4a8
SHA1 b97bc1aded1924d7745f922fdc80b3de0fed75c0
SHA256 d959d86c075c6680dd7feee88df44d40d36c7cc600fbe540ab3b621e4acd67ec
SHA512 005ab75a91886eeef3fc4d2ac282a8eadf8c30bb65aceef711a057f425b876e5f26bfea038447ba3a13dc0943529445b511957a4ccf322e429701109b8be38a6

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/FA1D0AEEF9B7F817AC4C650C7F20D595A531E7EE

MD5 246f02983a8550d97ea33771dad73a77
SHA1 f8eb4475b7e2813fb9c557dda43d7cf0cd95a39b
SHA256 34c64f7052bebabeaee4a24203facc6a5445bdfb461f262fd8f190f352593510
SHA512 10695f021ba9d2d56f2e042409d6b96379cce69f84dcb485f879bd8c74a038323b2e908d430bf000666f264a1360d57bde2c6be8633355099263dd5399c390c9

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/44230749A38B6989F56217B435A03E84CCADE62D

MD5 c5134592ac749b1d0d1d4b941eec03f7
SHA1 91506e0000053443040cb9c2d6ddca3d1eca7561
SHA256 26ffbe5c7dcf29495683c05cc4e167873c7926dd36047ed96bf3c15214baeefe
SHA512 4ce58998c4bbab92ecb808188baa0b16ff001ce004fbde851b988020df1a3dc03dbab5f984dc94142f20385cb2599a6506f988a619d3b554f86fefb0826f75b5

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/5BFB16A85A6415C5E282039C927A86A8290D09EC

MD5 ba4f1565020cfa7337093c400da5dfb8
SHA1 48bb8c4e1e7e86fcaab899e4d2c4bee44e200b94
SHA256 23e68a31f2c6dd200b94bb6436bda43ed3b51de5d71147c973d723eb3002c48d
SHA512 950e532559bc2d9e0b0b77b0b883e4fdf023f99a968c5c6ff90dfe409b30debc0046a92f923cb52aa2de0cd1344f928c6bb1b3edfc826dd6449c968c78c0d735

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/0EC4CDE0C33626CA7FA76264533E1686E66A2198

MD5 e75084bef2af54ada737e802cb043183
SHA1 34ae7a2513dc7fa6696d47234ea16555ba34c3f4
SHA256 9f943c0762137e7c1f5e42088165f0c3c2bc85f165eaa3160d587d96866a5cc6
SHA512 d8cd1bd999f1ada36033be5b8889cc953d82631a5e60120072c6aa2bc55ca3ac105937ac272c83bd5a86eae32afddd1fe384b89857ffc90674bbbd8c481d5a36

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/740D98CF01550607B0C0C173BEDE235CDD244769

MD5 e87d582aa8d585c47d557da03f976b46
SHA1 6016c424cac22bc95c563c3ee2cc3b9f6758e2c4
SHA256 d2cd2a9982512bad0ec4afa9329aea5c10265f051d79ed3ee27e5527fcb61f57
SHA512 efc069c2629ed239b07814b609892d7ffea1007b60be83ff3e22bb7973c698e51e94bbe47b056fa03a5d92c5c39dacc014395d3406a0174f70cb71269b0bbeef

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 9267bb4b1f2d26481d57a72222a57475
SHA1 5882c376e94f73a42f005b32526cfc520ca15d31
SHA256 94388e4958b75cb2093277a218de07702cea71d6f3fb68409b03c6d505f3caf4
SHA512 6eeb26bb69d848027aa0be311ba0b1c841f5f88497c44551e3fd473bd2076cc1afcf2002e0bc6819dffb2c3b01fde9ecbec86e60cfd234cf6fcf9cca75696730

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/C5354F5E84EB2C8B5165E72BDFD96927FDD49E04

MD5 94f6fbffbe580a839de22e7b33b9965a
SHA1 051ed4d25a616edb8254aeca9ec4942e287f9ab3
SHA256 2f7f640a31f061fea115cf06eee11733f7cd21bea76aa72711950c55b44ee5d8
SHA512 a6aa89ee706f556de5aeb5402e11be23df12f4977ec5d9147a686dc5ead17193982b416065493c456e83a61d42a4233277950df5f3fb3f7170e93dd8dee01885

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F

MD5 dcc3eb4c3561156647e4c1190d2eee32
SHA1 f31f18dbc45c9f62f5a2ce8f4939e9e5539f404d
SHA256 dedb0115b5b518fef56e016ae963e611f99a651a1655221f5873518c1f03e95a
SHA512 39386d7f9ac06feed706e5f0413e65be81e46e9206931009596a402cf644c1ffb89d73aefe9fdba8dc8b5d388c549dbcb837d4cbfd43fac91878e8a26ef6f6f7

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/6D89348819C8881868053197CA0754F36784BF5F

MD5 d63b4520732c2e02a62357e386b98462
SHA1 5047c86cb23465a1051a44bb105161f506f55356
SHA256 2dbe84c646f0c66ef5ecde97e7818639111e171cef74bd7b6aeb048d42f0659d
SHA512 29260b7abf4053365af7879157058d863a7719a2243f5346347bfaa47204033c98f831e0303f1c13d50b26d09dadecad7a3a1e2433f9a7c39718e87f9eb93608

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/099EB2BF8827A4F91EAB3E38B14650D0205226F2

MD5 f54b394a37e5a6667296fb0a089d46b1
SHA1 3fca5caede5deb60b87247e70e2bb8eba96126c3
SHA256 f65f29d2c6bd19232dd8a1f1497886f63d579e9d7247f1b9d2c45e95d669e446
SHA512 64767bbd1afa3fe18e756dc0aa9a2708c8ab027af255211703a5145cc84fc5ca0688f81fc0c227d0798f559778c3a5e7443660d901eb2773bfac6280e0a77270

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/105CF5859C35D0C57C30001EBA02E5CC8057DA6D

MD5 5a5b5e6321c3952945255d316bd9cfd3
SHA1 7d58bfb6925adbd9fa7f14fb3fa90c24284cd4e9
SHA256 8bac8a622a18dc98cf689bd348454936a0e027b92116e2d3cd0540f399a1b173
SHA512 a02e64fd6eee2b6b65b7b25adeba7ad2d0cf2e4c6979dd498725b55c0dbee7274a497cc7fe7ba7235416774711840c7d1c2a97a5d03c02fb6d3fce62b3a872e1

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/D23F7952044A1A6016B80DED46FC563716A295DF

MD5 fffddb85ddd74b8f918077cefcbc5875
SHA1 5181abe65c990d5fd16bf33cff39206d93aa8bff
SHA256 bac103c61b7bba6db2b04bcf5f189f96234db2b6ae4d82725a2e80ca3aef335b
SHA512 fae34519c0ea4b45049b468714908ab926005ef3bd20fbac4b9f33ab6c5934e8c81b8a60cd3a741cc1c9ac971f8609a9b63d709cf749eec3e429417a25ed8ddc

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/EA1E3132006CB34CB9058E6891C35B731B9C4D9B

MD5 8bedc1c178f8e0ec7a1dc92c977c8e4f
SHA1 34f2f405b9a91ca9b90aa9899c15c3730cd25cee
SHA256 73cbea0ab3d9a12154cfbffa389cc9c3a85168da18de2651d86429562f6f6ee3
SHA512 171e9821cab4f3d320cf8249bc050bbba4a24d8563bb99e77fe9ab5725bb70c8275783a0c8939d68c0e17ab5cc95536ae3574991f1f8ebc4980ff935e8ea8d29

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/DF0CDE23AA0F44779E78EFEDFBAED16DB1B4DF40

MD5 037c7aabbc5f8eae2bb3e3d51290b94d
SHA1 341ffd9e866898e711229f09f6a1819a34b49971
SHA256 5f65f33e102db919e44975aefa1505c2992dcf1a1b40303eac136ddaec8bbca1
SHA512 af693b1754915c62317281648de64714aea767a4998324fa2daaa6a9c7ad46d394bf585f1c804986a33af33fdea41e11b3790f55c171f10aa999b5d3770c7aaf

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/AEA4652B2EE4F73C050AF03B16A1F4233A21190A

MD5 7cf8fea0654c7a3f57ffe7092b73deca
SHA1 62fc3ab70a449cb86321435008ae4e4f21814c95
SHA256 ee973ea2144bf5b1906b596b0214d69a5916327461af1b493b6c9d40c702864d
SHA512 96eb8ad51ec6fa138f4fd17c152aae447dc1ca82179a6b4409c20a4f000b2250c7e4c060efb0d1c29300a4c12e352e30803e17f3325c61b9a2f09d90329c94f8

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/AEA4652B2EE4F73C050AF03B16A1F4233A21190A

MD5 fc7e6d19970af8f567a67c5d21b3d3e3
SHA1 6fc6d207aaa15c6f7d5f1ec02ca0d0a327c1274f
SHA256 c496c7a03046e1e3bd636381c784debfd6ddb7a11cc96f05fe90e1d1d5280379
SHA512 fce179226c6870477bc3c231ad60b9c11225c0bd78313d0e1bd18ea78f0c6e6dbcd0e3cc7ab9a124084f46460d152d9dc3a5031309fd808f52f483c3445fcff8

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/5BFB16A85A6415C5E282039C927A86A8290D09EC

MD5 630c3b43089d4fdf2f8805b616c423b5
SHA1 561dc248f8d67ba257371955731dffdcdf8fcdb6
SHA256 52eee59107b97cfe3d94e83bb3840148c5fd90401c44f2dbc7078870d8ed0676
SHA512 c62e61ca96416d537ef8a5d5d96f6f5a7b836f1f0f1f3c52f90bff07e9fda951d4cc6f1a52d4bbe9fa969b8841cc1279fe6753a49d55b43e278a801219b59b9e

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/0EC4CDE0C33626CA7FA76264533E1686E66A2198

MD5 cba677dd14447c2a769167496b705fe9
SHA1 0cdf2266f32c63e1eca2f390e1ad185e5f635fb0
SHA256 686f3c8610ec826882220044fe8ec6f8910b719cfd3c031c63c8df2306480465
SHA512 88d567eb39e1b588504d78f5a2ee13e13061f2cc3a312d8dd4b084982f94563f1d7e151e4672d4e7550afddaeb9af6f96402ee3e94a200d0137b204775fae3e2

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/740D98CF01550607B0C0C173BEDE235CDD244769

MD5 58e6cef516aa35aa1dfe256065c33800
SHA1 56b96baa4f1c5ec1f90b9a3af8c659394a4686a8
SHA256 0aa1fa24a27e64c9b929481c61eb1c257a9c60a1ccc4923b9e9cdc7ded3df46e
SHA512 efcf8614cc9dc4614b4d8e4854d97e3b90f7db1a4bac3d65dd61fbc24c9668b96513dbc45e977ccbd0db22f3014acad950f80085d8d403ac491fb33c895a4991

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/EA1E3132006CB34CB9058E6891C35B731B9C4D9B

MD5 1b28411d3c1160f416aaba927b9fafe9
SHA1 08e0f3345b02686475a79a19c18563a1c6012328
SHA256 7bf5c942de02dced34d1f3531d35dc8430c894f1207b64408d9d71cbc916b702
SHA512 a23e3d37c59a6a1fc2934e7e6be81070fa91b2b114af6cdc256b0f2add2a6c8f40fca6d843c05a4fa5e6c9c143c96bea421493e6a1f374aa099f8268a86f183b

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/DF0CDE23AA0F44779E78EFEDFBAED16DB1B4DF40

MD5 410ed881d7cf03775bdf2501e080c08f
SHA1 70e60239fd408ce6e350cba79013f3f86ed5a310
SHA256 447905e59f4ad3f06f92a2959e81a41bf94b41d8c312d79a6ed3e4ce33255230
SHA512 ccc9f8f8b930a8210ca64b0fb5a5527d094ef0f993deafaeb54723c620aaaa64b2f124169a9f1645f54795d4dbd6b1c3d64f339b73ada2ebf3bdac1297489dd4

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/AEA4652B2EE4F73C050AF03B16A1F4233A21190A

MD5 0a7232b87f6551807c25a171fe309dc4
SHA1 95f7b2dca19cbcaab6ba81812b771426f56befb6
SHA256 18b49490488fda955d7923706e99419cf1ef4453d0c23b6cfc14fa0a893482af
SHA512 5c4a701030e122ed5613acf2017e3c4bf25e74d77a7e1d8c5da37e0d53d47bd22f7b0f9f7cfcf52487a0d8b14c023520152c2d374354302c56d441d2526f1233

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/37199C7D5F6F6AD9F1070AEDA92F5BC12CA1697A

MD5 bf834208641f249c0bb71ac64f612d95
SHA1 324a32d521b93298a7f0ca8d5c742ee22e20bd92
SHA256 9a2824c3d6e6468206b1df8c80bc1da00c1689df5fd71805c3d2cf7cb0cfb386
SHA512 0bbaa1a96ba11f4541c42fef0871107d2ae4e50fb98c70b2e3d8b81d20799ea795f873cb9d3939d5687f5a6a4535586ab7ec1ab9b152517f471f9c5c4751e445

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/8A9FFE40E2B059B59F3D4F607769C77976074DEB

MD5 a05a7776078addfdb5a0779210635d46
SHA1 88d86cb3703e542618f31642ce9e3a9ddb8ded8d
SHA256 e3a679bda3f09454cdc3838df26d0dc0f6d27a6d785228dccbc86cec70563fea
SHA512 6e75a458c8e70cb8cdd1fd89c4d7cc0078eda8246fea6ebf9e130d7cf45bb1bbb474e92785afb1e80609d172a4718ff3218f3b543f38de05b55b762f9735d16d

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/3C3F70E4DC3E28A1214E285C6A7CF5A45FF65071

MD5 b25bc139ee0af3ef5436b45e429420bf
SHA1 0864667954e24a1868b0cb72c4efd87cf3d2fef5
SHA256 1155cce3696cb69e163ac6f22e6fda08c58ededfd9bab66b010d0d6f43a4434c
SHA512 1d4b3cc56ec45d2123be9bcef324dc532fb6c51c26526f7c35cc7fe9d2c3479a04379561229c9b46b153b5246196106d354056ebe9de29be6f35245516c6902c

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/482CC65825F28DCB92D0DC46CE356A5D06DB0ABF

MD5 4085352ddf162dc5b87f54997ec659aa
SHA1 98714402afb88d70f6a676c550a6d9d446c97acd
SHA256 e846fe8f43bdb7f04d13c776cc61c36ade69b7bbf3f17f3fe86a694f1100cdcb
SHA512 9613a6decfb1e8b6b517634386d9d563f75e85de52e85cbfb94a64b1ecdaad64ac25e5846ff49943a45cd0780a5bfd227871f846380237b33dded763d30e08df

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/6F1DCBB59367EDB26B52C078DFB5C5C6E2015812

MD5 d2ec3b7a72c023f960883c4d7173d67c
SHA1 358ef0d3d08543ceb7ff2477d50414d5083c64f1
SHA256 7db1053b431f64ed749b6aad59f65fee09e0db441bafdf64f0a21587e27c94ac
SHA512 5cdb198a9b5838f4612c088a2ea6eaf27dc06e6496bec4cb4d0323187f2b613dbce2fe988050c1ce7cf27a2c9b2fcbdbf77e4a3a12f933866099869367b880df

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/EDE675BC5BD66B9EEBD8A46A4C06CC47C388FD92

MD5 d9fbf5efdb0748da012ed2bbf27484eb
SHA1 617ad930c32d11947e596a6c11df29e472a417f3
SHA256 aa2bb438bf71c897d0917c384dae93032c905a56661e32877499ece607539129
SHA512 0b2eeee0c66e0b2b1b546526454b3be81409fd8f86de2dca5199b8b70d99a0130c0115523e7caf8a5ae940c126ce3080eb00c3b5d7703cda69d7726a22f4a834

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/D23F7952044A1A6016B80DED46FC563716A295DF

MD5 9b48c41ba21ebf29653dc8623bfa58a7
SHA1 52c4fe9b59d6605d68980dc05d90a119d2ff0710
SHA256 a04b0b665e290af59728934633ea0308de6ff14bb459bd6093c0a08850aacaf7
SHA512 5c1c64a58fc9a6d3ea30d834ec7dc423b9618524c55096fb468aff9da6d1f95463f1171112a8f6e1281063e425d24b5be5e23d8cb08cfd3d451f1a11609c61df

/root/.mozilla/firefox/vyyogchq.default-release/protections.sqlite

MD5 c7cc11494c34e02565df83d17beb33b3
SHA1 f379ad7c0fa73476d3828d8a89ef843046332c12
SHA256 7ca17bb171e22b4ec498c1d20587b30d62d773b114d0e66bb00ec874506eb85f
SHA512 0cfcb15a985a35e917c9652721b516e2d1c358c6db3dca4452e866d250b6269c4cc69773277f5ddd5a0c5a338f95d9f6134224f0097df194985161cd3d47cfd6

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 ef9541870f9b6d8b15a5a221c5af1ff2
SHA1 709e0f973eb6ff475ce447d23a0c0520c5c318f7
SHA256 9193dfe15bca001d83e144b7d6babfe3ef7d25ac246bfe5b98b3c92e2fcbbc5d
SHA512 4d0020eb53ad4d1bb3c0bd597384dc628acb6d8c2c32afa0c878df06e58a94c0cad5c115857aa37afd4e2e362e82b4fab4710a2afb0064688ea8091483b2dc45

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 7261d38b93ee58fe019c1c201c4b53ca
SHA1 66b2e900e61178a24628dc3562c2aa2e819588bf
SHA256 60d2b7a495d8313cd3a0399fd836357e18fb1081ea45c224b02df880b0b04692
SHA512 7af19e067d5edd9b2ee3792a681180b2a01f391ada8e0ec02524205cba9a0e637c91e6b66e563dd91d0cd49fa24c2fd2e98364df8a1a09506521ff503d512987

/root/.mozilla/firefox/vyyogchq.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 e5f49eb8b010bfca870ed47476b2ec0f
SHA1 061a5a930fba2b4cf96cbd1e0eeb4ed2407d8a1e
SHA256 169dd733f4b5ba08beaad4a3411998aa9c0df43f1300f58d6977db7403f9d911
SHA512 b2d398023b0ed58685da89e4ffd85756143b5f9ca0b20344197a936a85b423a72e4f4cc665c52ed38461ed806bd81203c912c9b81a7c8da435f4d5936c5efd88

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/3C9B2D192D535C347CDA9FB12BFC88FD40CF0382

MD5 e7912488d52e4558341bd0c90e942e29
SHA1 df539bcb833a88bc1261a3b777cd6ff6b7f72601
SHA256 af028013f5117a73f3d707057ccb2683e81f5617db00710e365ab9acf0130b59
SHA512 4877fbf37643b1a6789885d0f52a37e1a946e2d2d020ecb0c43063e949ee603ad21aa5803fa92588632c60818731973e37d08adbfaac659e93186490b36b05ad

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/22F59957B7E08CD6CCFED6AF2A1DF26FE157DF40

MD5 3c3198ebe66798a6e22322059ec7deb8
SHA1 badd6ad828857bda30d86b80bfa198ed0df873fa
SHA256 b4d2721609586638948a9c58a170745bdc523db0d21515cf4e1dc6bd2eb53761
SHA512 b749ccdf1186c2bdac24186924f6879795f8bd3d6cc5adae63d0f107925b7c0aa672c74720db8fcb491f08fae6380bc68c0ba7daa639e5bb5d983d6e80f04285

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/252CE8AC445A184A1F4A1C6C6D4ADB8AE41B7776

MD5 90c22d861ecc16ac8b83e6dd033d7f46
SHA1 6dabfa53fb1c182725fa966105fd958627a3ed06
SHA256 bf0abc803e0ff5f984e8c87bda224d13bc7d66c32dc8966c10efdcb31ee816dc
SHA512 64a3489d01b106c4c56dbe7d1cf129b49e7d20d2a86ec86f9992e528887dd6c4ccc099cb444dc6616a233fb793e96543adb53703f1b5c615649554067c0431f0

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 90ba33e1a02f9a4bb03c5d8370eccde7
SHA1 2f772d5ae7c68427ca6b66c5a92103c70ec4b20c
SHA256 8d0bf718d8d83595c3fe25de96e804034c6e0324ae256f6a87461ebdf004f1bb
SHA512 cb91bcb4c3cb515df34ef7cd829c6fd33f513fbd99735b4b59fcd4ccce0b6d80a463830f80090d047187aca4415709feb6be16ed9cfbb4f52ffd47f24de926c5

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/A8743ACDA513FF27A72604EA39BAAE662138F0B9

MD5 14e638cc7916a89a7c0c8086bb860b8a
SHA1 f6581dd16e85f3ac4ae92c96a008a6ad7d3f8788
SHA256 9973517246c36817f93f775a11e49731eaa3684682752f6d5016337aba89e444
SHA512 f8a242a33c7540b031d2a6cb5ee13911d65bbd1b564ac0f529046a5bf29b2511ba5a1f283978a556f44313349c432037de9eaac0da0544f081da495f71e259ab

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/D154E1CD66DAEBBC055D1D367858E65F2CC266C5

MD5 7cff8e0d54b636354a41e0b990255c54
SHA1 58f1bdfddbd61d4f421a7bc6daec4d99dd1589c4
SHA256 ef305c9045446818d1bd59d4c64fbf6a901ef134204fa3c7d019add1a53abddf
SHA512 e8cc5d51d400f16876212dc0ca2a0f0378e51325957bf056c4c96f3dc1df89a691aa65db19bbbcb6075db73d84110d3aaab618c8e342fe77aa0d544cdcfe2080

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/3F5BD2A3838305545BAF11838A20DDE8D3F6CABE

MD5 6bdfeeeed8f33fef026c72c469d5c707
SHA1 ebb87babcfecad6c61de1c0b538080ab702f88be
SHA256 8ab532a37a232fea7754147731698cc87c4af782e07685bfba3a413e070a1e8d
SHA512 461eb87391d75787b489ed9325e0fc5a64a0bd511c9b5b4aa2b6f960d9a127148706bbd7a05ae775a659abcdda83d456255b32120643d366380f1290275038ae

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/6762E24BB9F66A6430B9C774503510453B4EBA21

MD5 739e936e97001b073ff6c9c3f1680dda
SHA1 84fc9a4077e0299daefc87a36cf8b2fc65fade86
SHA256 7ad29fe4a5c8ecb697405ae07269d1bb61883fb07e5f8ae190c2d05311ce5b40
SHA512 7beb0ab0c02a25e80a324f43b3cff0ec6d3f0a869ba7d49d9e23135cba603c9f91b9ac70c7b571e09a4d2ddc7cd16de9ef8ac7c5b87c26064026584aa17a437d

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/7DB3359FF1AE28D679D8DE03A74F2C06BC18D50B

MD5 356ceb76b008bc74a4a4ce6f3af52103
SHA1 89d81bcb1e5c4b0851cdac67ceea1479b87f81ae
SHA256 5796a3026f86b9bc64de68ace611191f793e3f0a348b09744e45210a3260c811
SHA512 0c2098a4d5cb1c705e2fe280236c080bcfcc029d9ef1c37bb155ead0e83b3aa633d6f6cb472545a2974473701c894cc1cdca19b2c8898735e920c09f18caf688

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/58FA4C93D2C2293EB9F0554BA83740A06674316F

MD5 26965ebfb4af80778ce96f725ea322d7
SHA1 67100221291616be47e056613114237ea63268c8
SHA256 0e5debb5489b95b7fc4c033b461d91801d382c2bc2265c4c87424de1c8711aeb
SHA512 591c73cb786f6a576897bb4b617bea5ff43bcca4a929a9a2acc0304cefdc95a3c2f851232bc639c69674b197691fb811702c16d6018ba8865abc2b6f56a111b6

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/D8EF12DD3F5A0B350AEDF5A0EBB7935D12C12CE3

MD5 b46bd36c6edba60be40a6817d93cc00d
SHA1 78b4732766d4fa2c4af9e99ac5eaee43936372ee
SHA256 2e7522f1786f80ad6116a780533124efdf49174ae7277cb0e44c477f5b690b28
SHA512 7f4a7438b9984a22d0702b73745c4ed64adea3afb6f4c20ed476fd4840183bea421313b2c248d8d60dd71955fc7ea501a547a2a5946694d15e859d11ea0bfad8

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/109D080055C1548CE320A422FD98DA1D5E1A5BC8

MD5 7e8af48272f7e4e5f9eabb7eb59817cd
SHA1 ab9a92ffab8b8a72d8e993ffd6ace06fc949c8c5
SHA256 3d159962e02f0b5de8bfec60e5680dff362c7ee9f9e5d49003167b355e02ab4f
SHA512 83bc33305aa67fced28e61c6f38a5450fab6cc3379e155a41699748fefab39c73f042ea5e175e8f68a91a14d58b26c49c8ee757c6daeffefab3b4d5570eb1009

/root/.mozilla/firefox/vyyogchq.default-release/places.sqlite

MD5 9142a65769ede40c87df6820b82e8287
SHA1 5335af73ab91ee10ce0ae458a5da68656f3233a7
SHA256 e1657e1bb1a77f7779e7642165608776236dbd296301be58fc9000deef794023
SHA512 d75e05aab2c693464ed29910427e4f4559a50a056dfece65f5f11cf9682c97f0b884e69501426775c4e04d2fd15c4d268dfec0c456eccb904ba5abadd5a7d43d

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/9EB475FADAF94B8CFD40B24F23A0C30CC121923D

MD5 dd2ae760ebeeb4d8317c161ad67ede19
SHA1 1ff110146f854c5d50f7b70aee37b326ae83bc1e
SHA256 f05b42fe1612f1c10c7df2c1d33a9680e864319b3dec06e3463eccd708a63433
SHA512 f5cc828a36e8de94aa2d040069ce93d7c1f90743323203a912924f10170b7799582e7da6d9575795df1971da51a89e750f9ff4257e1794384255412c1f118221

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/FA130686BAFEC00046060BF27168AFF8F39FBD34

MD5 3830afd0100dc2f996f255416fda4ce0
SHA1 cbf69a3ed51e190eaa89b0847e09f9890e857a2c
SHA256 3ee5102f2c0b1a1a29a221c5adf9b23597911f781d81fc39c5ff038aeef24670
SHA512 cfd589582405e9236560ce9bd7dc17cfcfe5bd1fcad571c703ad219195148b8ee99d2606c7e7ed6702a35638f2311095ce501425ddd70e2ebd6e92f99bba145d

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/D4D5474ABB880A0B596BE439D8A5CAE0409C4546

MD5 ea465345318c130f3b825faff6b9011a
SHA1 a1fa47cdfe6a73bd4f1a86bc5d5c2835b8d6827a
SHA256 e39a87e8b43f60150dd42b4a62a5f2c0badf439998a5cce9b1336a51e90bcd29
SHA512 45b8a22ed0066d3006f46d504170b0957736d0bcb262a7afd45734a9490b7cfb7d240092fcf9bbfb704d981622d3f08d8ec4c3410c73b64311aad3e644d7d542

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/280A544A1AE0B4F9FDB3E38658BFFBFF5BE2902D

MD5 17b94654a54db181e2c7a80a996c521d
SHA1 0c176b2a289d20f9a5e3573d780b44a93b8f08b2
SHA256 d9627a772cae77df536d2d07e8fc977fea8d21f79d7558cba56f57aecd32b90e
SHA512 9b95b135395259aa720bdd254e50263f1e84aa104ee972b1d8cb5a92f853f5b4838a571fc3720b088f21469699b89b3299bd3bac08cace2d9c6c006e23421efa

/root/.mozilla/firefox/vyyogchq.default-release/prefs-1.js

MD5 4e610efcac4b996a4f2a3d938135e6b7
SHA1 93ffd986e95a9ec07fedf5a707ee6dc18bb073c8
SHA256 ab41e988fa9c8ee199d9fe9bc1a7b7ab3ae0af52f90215d67c894b90d07066fa
SHA512 8e15cb3662268854983ab93fdf4bdb57a7ec90a138f5dd47e3d16f6040fc22497f2a49c355fa353ccfa1eb83e19799b0458c3451491c67d12d8642d4864b9b2d

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/99D01D160AC7ADE6301F3559541FEF1A6F6155F0

MD5 a33c763cbd4250260874e686514005ec
SHA1 e8398e285e46b51ede4babc324a95430924e598b
SHA256 66853203241eac615ad05e8a8f88d09ede335411063979d3c07dd3882ebe62ca
SHA512 81c49af45e88b2b454101446614ff213eca86bc85eea6b9a4a03d02899dc0eaa9811de59d5451d8003b1884b5793321cd1e6c410d0d62392e4c03346e4bfc677

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/AA70DA0EA77AF599D16F76E79A98272BA138060D

MD5 8335fb952d5c6626bb1fc9a99d4f5312
SHA1 40835d0162594b2cd3753a2b2dc9b25997db6576
SHA256 5f8b0644e4d102ddd680eb73106c92ce19e2729509e4e85076b9a8fe7a6f3e5f
SHA512 463562917d1f032bbcc0b27b3826021ce9218d594ece4091e82cad97c53be0e48a5bd4ea89f608aa8740e20b7b79d2c6f4b376551fb93e8a27e15a0a88b994b4

/root/.cache/mozilla/firefox/vyyogchq.default-release/cache2/entries/44230749A38B6989F56217B435A03E84CCADE62D

MD5 4254ed8316a3423ae0114fa1125bb55f
SHA1 636d643afb333a973f898c7dc0325539a7d49ba9
SHA256 d3fd7dedf6d5b601dc38b0cf8fdbb826daeae6c0dc47ba15edbd10acb8dd70e5
SHA512 8b6fee54701b864f8f6230fb6b263adaa76c8e67481e36935c0e680f84b8d4a52a9c09a174ea7bf81227cc13a7808da8c0301c86bc88e142771af3625417b635

Analysis: behavioral8

Detonation Overview

Submitted

2024-04-17 03:59

Reported

2024-04-17 03:59

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A