Analysis Overview
Threat Level: Shows suspicious behavior
The file https://tororo.formstack.com/forms/to was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads the content of photos stored on the user's device.
Reads user data of web browsers
Checks memory information
Checks CPU information
Changes its process name
Checks CPU configuration
Reads CPU attributes
Resource Forking
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Analysis: static1
Detonation Overview
Reported
2024-04-17 04:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:06
Platform
win10v2004-20240412-en
Max time kernel
310s
Max time network
325s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tororo.formstack.com/forms/to
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6ba346f8,0x7ffc6ba34708,0x7ffc6ba34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10345378546275181083,795305484714658349,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tororo.formstack.com | udp |
| GB | 3.162.20.116:443 | tororo.formstack.com | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.formstack.com | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | i.mtr.cool | udp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| IE | 108.128.156.189:443 | i.mtr.cool | tcp |
| IE | 108.128.156.189:443 | i.mtr.cool | tcp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fjl.cna.mybluehost.me | udp |
| US | 162.241.30.119:443 | fjl.cna.mybluehost.me | tcp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 8.8.8.8:53 | 176.0.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.156.128.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.30.241.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.143.109.104.in-addr.arpa | udp |
| US | 23.53.113.159:80 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 104aab1e178489256a1425b28119ec93 |
| SHA1 | 0bcf8ad28df672c618cb832ba8de8f85bd858a6c |
| SHA256 | b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01 |
| SHA512 | b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf |
\??\pipe\LOCAL\crashpad_5112_MHDYVNTUHFLOTKES
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 846ce533b9e20979bf1857f1afb61925 |
| SHA1 | 4c6726618d10805940dba5e6cf849448b552bf68 |
| SHA256 | b81574d678f49d36d874dc062a1291092ab94164b92f7e30d42d9c61cc0e77c3 |
| SHA512 | 8fb228fae89f063159dabc93871db205d836bdb4ec8f54a2f642bd0b1ac531eea0c21234a8ca75a0ae9a008d2399a9bf20a481f5d6a6eab53a533cd03aeaaa2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea75bb9c8ca7ad5e0918fdfa9f45dd13 |
| SHA1 | 1e691061f2116681173333327673fae7411656f5 |
| SHA256 | cc04175aa87eede127e29e7945d3a51d1a071574756567233b4984cf9d5ceec2 |
| SHA512 | 5923ffaf9ec38ef710a4888baa064b3c40b480108e094787a38873a592dfc925f48409626d6a50f6b55cc8731f4bb8a17b8f8d0f860c42025ff60164b222c9a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fcc5dedc264c1fc3d2d272ae2caac03b |
| SHA1 | 5d3e6b0df535450a3b5cecfdd459ec9a1affd5d8 |
| SHA256 | ca62621c811b92a79fd1ce241431e0da8a418c8bfd3c9235308bd23c588521c3 |
| SHA512 | 036851d805e9f21314536461eb8d89940b64f45cfa1076d2d1c924a1f397b2b03443f5362dcf024b5c5ef44adb95dc7880fe1720c145d7b4dcf8ff07fe720b7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ac038ab91ee509d01569345aadec8859 |
| SHA1 | 8f4c0349998bc03efaa3708d3fa328e9ed86f0c0 |
| SHA256 | e4a8c7f3f67298109cce6bee8ea393324642b812492fa1f61beae81b4812f760 |
| SHA512 | 4a4b1bbc0c8e44e7e1c2213fe5ba0c3652507a4740be9cdd34acc2dab0a8c1f24c4942d71d6600dabe42ba54a4e2101053fda47094fe2df76d0d88caa715ffdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6b82eeaa591d39dc61599cbeb87a59a9 |
| SHA1 | 582e69f2e998e7f6dc8880f3237d1c3a887ec045 |
| SHA256 | 6142571d1756c40712a6182f468fd7d08e26ee1fb2f16878717011f0fc9fc433 |
| SHA512 | 4db9d45e24878cc92165c248416f739c7691d864b57092d39be511163903a4e0810f8f869fc7241a8a4b055a5da6fc2146120c39c28d85c35d1309adb8223fa8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 68b4ef830336577f898e86821d3d7621 |
| SHA1 | d058699ae2df0185e282a032855cba2fe3baa99f |
| SHA256 | f3af17f3eea4909dd264ba5698e776e28fae6e73a923320f3c13e54f55e9054c |
| SHA512 | 4cec11218eb60a6ef17cf68aefff939c5f529ecfad87e743c1ee91c269f1f3dcece5b75a6f495fbe8aad111e51b472f6f17c2436af1b9ad644d68a2057714d1b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:03
Platform
android-x86-arm-20240221-en
Max time kernel
115s
Max time network
131s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | tororo.formstack.com | udp |
| GB | 108.138.217.129:443 | tororo.formstack.com | tcp |
| GB | 108.138.217.129:443 | tororo.formstack.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.178.10:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | static.formstack.com | udp |
| US | 1.1.1.1:53 | static.formstack.com | udp |
| US | 1.1.1.1:53 | www.formstack.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | ughdbliytvtmkk | udp |
| US | 1.1.1.1:53 | hjleews | udp |
| US | 1.1.1.1:53 | rqglwuikmqgfkx | udp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
Files
files/dom-0.html
| MD5 | c570c138061d216d679ab0bf8ab3b5f7 |
| SHA1 | 353b251300b5956213efb728f340f37dd4356c0c |
| SHA256 | 5d4f474aea3bc914f9040ce642b782c47b64a7069925975e564a8ce6f4de8339 |
| SHA512 | 3b5d276436d056d902443b03ea609adb8322e646e45fd8c69691f279ce9a8ab49819720c1a979b5f0841976c396b89e4ec333d74795f85316eec44bc9466f23d |
Analysis: behavioral7
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:01
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:01
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:04
Platform
android-x64-20240221-en
Max time kernel
116s
Max time network
154s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | tororo.formstack.com | udp |
| GB | 108.138.217.25:443 | tororo.formstack.com | tcp |
| GB | 108.138.217.25:443 | tororo.formstack.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | static.formstack.com | udp |
| US | 1.1.1.1:53 | www.formstack.com | udp |
| GB | 142.250.180.10:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | elztgutorcs | udp |
| US | 1.1.1.1:53 | pyukkflv | udp |
| US | 1.1.1.1:53 | jaqqmybcceivlu | udp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 216.58.204.68:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.213.4:443 | www.google.com | tcp |
Files
files/dom-0.html
| MD5 | c570c138061d216d679ab0bf8ab3b5f7 |
| SHA1 | 353b251300b5956213efb728f340f37dd4356c0c |
| SHA256 | 5d4f474aea3bc914f9040ce642b782c47b64a7069925975e564a8ce6f4de8339 |
| SHA512 | 3b5d276436d056d902443b03ea609adb8322e646e45fd8c69691f279ce9a8ab49819720c1a979b5f0841976c396b89e4ec333d74795f85316eec44bc9466f23d |
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:04
Platform
android-x64-arm64-20240221-en
Max time kernel
124s
Max time network
132s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.180.10:443 | udp | |
| GB | 216.58.213.14:443 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | tororo.formstack.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| GB | 108.138.217.25:443 | tororo.formstack.com | tcp |
| GB | 108.138.217.25:443 | tororo.formstack.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | tororo.formstack.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| GB | 108.138.217.129:443 | tororo.formstack.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.187.202:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | static.formstack.com | udp |
| US | 1.1.1.1:53 | js.stripe.com | udp |
| US | 151.101.128.176:443 | js.stripe.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| US | 1.1.1.1:53 | i.mtr.cool | udp |
| GB | 142.250.179.238:443 | clients1.google.com | tcp |
| IE | 52.19.158.193:443 | i.mtr.cool | tcp |
| IE | 52.19.158.193:443 | i.mtr.cool | tcp |
| US | 1.1.1.1:53 | m.stripe.network | udp |
| US | 1.1.1.1:53 | m.stripe.com | udp |
| US | 44.239.252.40:443 | m.stripe.com | tcp |
| US | 44.239.252.40:443 | m.stripe.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | xqpgcnvohjcd | udp |
| US | 1.1.1.1:53 | xugvuoboh | udp |
| US | 1.1.1.1:53 | mssopvqvfzsw | udp |
| US | 1.1.1.1:53 | fjl.cna.mybluehost.me | udp |
| US | 162.241.30.119:443 | fjl.cna.mybluehost.me | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.201.99:443 | update.googleapis.com | tcp |
| US | 162.241.30.119:443 | fjl.cna.mybluehost.me | tcp |
Files
files/dom-0.html
| MD5 | d792580cf5e21d41adbdf252311e7183 |
| SHA1 | 1e799298cb00bf60cb8566fc8570aae2ee37d999 |
| SHA256 | 5f4b6461e1094d6fa869471d8acbef5f5da77b39c3d2aa1b4de5c2526127361a |
| SHA512 | 1b180f4d05af809fce3411c7d1f2a7afcccb399220a0c15372408068f05957fc0f9409b9e6a214a3d1915f18a91c93f4b9f6c534f04e6b2177050116f68f68c0 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:03
Platform
macos-20240410-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://tororo.formstack.com/forms/to"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://tororo.formstack.com/forms/to"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://tororo.formstack.com/forms/to]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://tororo.formstack.com/forms/to]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://tororo.formstack.com/forms/to]
/usr/libexec/dmd
[/usr/libexec/dmd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=20]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=20]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=286822429 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=62]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=286919355 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=62]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ViewBridgeAuxiliary]
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump_agent]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/spindump_agent
[/usr/libexec/spindump_agent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=292995513 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=73]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=293422475 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=81]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=293678186 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=84]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=294273511 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=86]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=95]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=97]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=107]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=112]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=111]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=305473104 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=117]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=121]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=21 --launch-time-ticks=312303741 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=22 --launch-time-ticks=313329071 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=76]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=23 --launch-time-ticks=314305555 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=76]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=24 --launch-time-ticks=318068818 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=83]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=117]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=119]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=120]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=119]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,10075503856010331183,13793455831411210433,131072 --seatbelt-client=119]
Network
| Country | Destination | Domain | Proto |
| AU | 40.79.173.41:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | tororo.formstack.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 3.162.20.4:443 | tororo.formstack.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.179.234:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| IE | 20.50.80.210:443 | tcp | |
| GB | 142.250.179.234:443 | optimizationguide-pa.googleapis.com | tcp |
| NL | 173.194.69.84:443 | accounts.google.com | tcp |
| US | 151.101.0.176:443 | js.stripe.com | tcp |
| IE | 108.128.156.189:443 | i.mtr.cool | tcp |
| IE | 108.128.156.189:443 | tcp | |
| GB | 3.162.20.35:443 | m.stripe.network | tcp |
| US | 34.218.25.206:443 | m.stripe.com | tcp |
| US | 162.241.30.119:443 | fjl.cna.mybluehost.me | tcp |
| SE | 192.229.221.95:80 | tcp | |
| US | 151.101.3.6:443 | tcp | |
| US | 151.101.3.6:443 | tcp | |
| US | 8.8.8.8:53 | e10499.dsce9.akamaiedge.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| GB | 23.200.147.27:443 | tcp | |
| US | 8.8.8.8:53 | gspe35-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | gspe21-ssl.ls-apple.com.akadns.net | udp |
| NL | 23.209.125.6:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | gsp64-ssl.ls-apple.com.akadns.net | udp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| US | 184.30.157.247:443 | help.apple.com | tcp |
| US | 184.30.157.247:443 | help.apple.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
Files
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.UzSJ4W
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirwhgopz/CRX_INSTALL/manifest.json
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirwhgopz/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirwhgopz/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/8f8b306f-794b-4389-a449-d98e31fd7dbb/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | ce7f5b3d4bfc7b4b0da6a06dccc515f2 |
| SHA1 | ce657a52a052a3aaf534ecfbf7cbdde4ee334c10 |
| SHA256 | 9261ecceda608ef174256e5fdc774c1e6e3dcf533409c1bc393d490d01c713f1 |
| SHA512 | db9de6afa0e14c347aa0988a985b8a453ef133a2413c03bae0fab48bda34d4f9a488db104837a386bb65c393e8f11b1ed4856b211c1c186423649c147d6aabfb |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1267.xml
| MD5 | 03946fa932dfd5e98034347cd7345631 |
| SHA1 | fc0f883d7b1fcd51c5e077fb7c2ad85d2c19d49c |
| SHA256 | e4adbf33cefd337457008dec2da37ddd59f3bb64a09702c9afcf8bc27711348c |
| SHA512 | 437de6174b754e6f97f74cd415d172435c83a78ca6944903349fc1b436eb52e43e1676717c6715f112c5a3f0b91779e4080ec9be71fa320f5a4bcb45bf8ee251 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 5adf536a97681f1a4bc04b219b666afc |
| SHA1 | 759192e50eb85d8cb22d75e72698a5859b297bd5 |
| SHA256 | 3e0ba6c69f94f669c3d1a4b508c962c9906919482a4b408d004baf61774a92f9 |
| SHA512 | f13bef4439b08ed39731b3e692dbb995aae53fd7bc99ecec2faf652f45b7aa39952116955f67e38e362ed2bbd47bce0c9c29b186312553db571716361d59d1c1 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a60a7bcfc47eacaa66e5e3d701d3ba80 |
| SHA1 | 7093ffc5beca33187c18461c7ff3259a1781ae35 |
| SHA256 | 17e96efaf7f2e45e407a3c68fb57b78f09dea6fc1edf3732b888be4a4eadd468 |
| SHA512 | 58736bd680d6c7a25b8d7db08fd4a258cf761dbaa44a5ece0c2b813ab12c20dc213ab40844dfc780687945cf2459f549f1a38bf3da16c5c332756f3b53e1c3a5 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.OnlFYC/0.57.44.2492_hnimpnehoodheedghdeeijklkeaacbdc.crx
| MD5 | b92bbcfd3c31f799c5863d78154db555 |
| SHA1 | 86b1b058e1e7d2f1f35e830db446b59e15670e5e |
| SHA256 | 6f6bc93dcd62dc251850d2ff458fda96083ceb7fbe8eeb11248b8485ef2aea23 |
| SHA512 | 38be0c179619c045a321d1fa2c67dda8419a33075a87f548feed9a858f5ba19b5b980c53d4a3bb5b745c7ce566b53773785aa1f7677e37dd5793ccae76e83787 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | a6ed424e1135465fac072dc8c30be6a0 |
| SHA1 | 8cb5811cfe6611074f7e01b8b9a533aa7bed4432 |
| SHA256 | c6a15fb293a7994c87cb4665fa076b4804c15a7f17753d267b6e271b036457dc |
| SHA512 | d6dc5f49efacc0bea1d388e490c2e1283f6a6f42829e1ab30ec18b0ad35faf44e21d7780b84b5a2ebaff1e79da6fdc090bc547990b513cb311db82fb54cd8972 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.waHKR6/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.WdN6dm/obedbbhbpmojnkanicioggnmelmoomoc_20230923.567854667.14_all_ENGB500000_j4ulfqgydb3iosc4yghs2ynkzq.crx3
| MD5 | 4fa818629f7aa7a42f048e08dfb7f3bb |
| SHA1 | 4e1bff38aa1adcedd8b719110a19d9795a054b04 |
| SHA256 | 8069f8805123f74944304604381770bb694317c9e1044e096f540222dc56c0f6 |
| SHA512 | ebbd49bf7030d9c6fd81b9bef122bbc910815fb68108f0e69bbf8beb6cd692b496f87dc1c91a4952d92579bdf734e6cf56d0e91e5c3c72e2d0c196b28e090003 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.vFyIsY/7_all_sslErrorAssistant.crx3
| MD5 | 636c653ec2c30bb767533901a18669b2 |
| SHA1 | 4b5a01cfea4c5deb62f3aafa01ef24265613b844 |
| SHA256 | 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a |
| SHA512 | a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.36y6Mq/khaoiebndkojlmppeemjhbpbandiljpe_63_mac_acj4pge7wnngtgdmbzd4p5k36luq.crx3
| MD5 | dd093ee4be8228581afa24a12c4ff5ae |
| SHA1 | 744b07f0920111293fd8614a8c08b91a7a9fbd51 |
| SHA256 | 458d41f9ddcf8cb983af99e4765c6653d1e70a30d15491f5b1cbee0ce4b07907 |
| SHA512 | 4fc4a8453804b44d9e2bc54c01fa68e7b69a21a2ff0da8bc73386bd94ac9b173fa84f26fa801e13e384ac2842e44c69ea9443e509418ebe385ebea1df3ec205d |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.VcAsH4/EWvH2e-LS80S29cxzuTfRA
| MD5 | d7d63288830d5930f435d6841de6de5a |
| SHA1 | a2afc39ac8fd17fa88030ba8b48d9d8ee93c24d5 |
| SHA256 | c64c9c1008f3ba5f6e18b3ca524bc98dcd8acfae0a2720a8f1f3ef0f8d643d05 |
| SHA512 | d4d85fd16a291474f99a6fa9cc76d5432f5865fa0d76e4185ff5ab775045122cdab771e88da8fc317a059ab901373644b2e7251d31c4fa2c389d9b7584351e20 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.zu5M1Y/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 77245279135f08fd5e9b290a9d15ce92 |
| SHA1 | 4b3577384212b7764b6429ec3ab48e987471f6f9 |
| SHA256 | c40c4c812ee83a7e94a9b62fba329233a6e23c23acb47da33ff659ee5e39f02e |
| SHA512 | fe66c263e365935dab853d4d98df2b794f76cf72204f52aafa763099b177cfce48255161b702c7498654f02968724201af854e1b8275407de45802a10a970a4c |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.zu5M1Y/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 1f60a34b4fbe240ea6c2eaa80b843fab |
| SHA1 | 923119b2e1e221dc9822dbfc874d9afef14bb058 |
| SHA256 | 4993bd2b1a57453582bf364dab641df46b51bbf2e55853444de4c2bb7c9b03f3 |
| SHA512 | c3897c6b6ff7a32e1641b8505873e13bb410a845660c27201d79a3822fca7f317ca40a86e2234d02913c2d6de634462ab7db4c4d7d28c21bb6770e6965864f8d |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.zu5M1Y/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 00f7ab30edabb0ef3a94ef1c3c878cd6 |
| SHA1 | 313baec4207c85d0bc4e625978d3b9424bdc8bd7 |
| SHA256 | b9ba5cad8f3a80617f0caa6921ff2fb2385c9a17762b24f957581ee547693967 |
| SHA512 | 4d131f15fccbe67ae38d2e7003b9816d6daa6b4e3a06fd8337f3daef929077f4bb0ac8f1fcbab559ebb49c031f9b13ed758a03278997b33f5230800063d431b3 |
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.5b1nbz/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
| MD5 | 49ead9b7d2b2ec477daba795de846db0 |
| SHA1 | 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc |
| SHA256 | 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a |
| SHA512 | 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.g73sAP/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 39fbc1bf4c6c8f919181e3e72630f974 |
| SHA1 | b73f2394a2c1ac341df75ba63eef4e5e9830fade |
| SHA256 | 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96 |
| SHA512 | 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.rnw3s0/hfnkpimlhhgieaddgfemjhofmfblmnib_8677_all_acmopi2d6abq4ejza3vqdjems2oa.crx3
| MD5 | 4cff09474ab43c0f0db3dfdf332e9d20 |
| SHA1 | 3be4621c3aaeb5d2aeeb3e8b61e3d62b3db748bb |
| SHA256 | ce6cd856019670da6defac7bd9d8c7fd6ec87dc4f9aed85f35b4708246b7fe40 |
| SHA512 | bcaa9d80b8110a96873674bc000fda40d67e5f63e15a88e4bc572865dc84be970ffdfa131dc410c10816eb47ccc3b3cdf3a8aaf7be6528a445eac92bdc60c488 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.vGff1J/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.GwwRNX/jflookgnkcckhobaglndicnbbgbonegd_3026_all_an75hpewbujg3uqbc7zvphe73a.crx3
| MD5 | 25d9086469baca3047d5d3aaef6c98e3 |
| SHA1 | 04f34b6fa058d25dea98ba0cd1456b4681fdcf82 |
| SHA256 | 0bd20c0ed22291b160114420a22e8ae9fd79a002cff2efdff99285f35a15f629 |
| SHA512 | 3d3fbb7292307c9fa51c2e8ca05eaafb9e8c7eda27d714a6f509388010e0e1bf8312315cd91cc58f04f04b2b0f1fa309c92454fc4390b26959a51af5f4ba7e8c |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.h9bcFF/lmelglejhemejginpboagddgdfbepgmp_442_all_ZZ_acy7defk7zfhlgrh3rutnme644jq.crx3
| MD5 | dd130d876b6436639d5b3b9ada352555 |
| SHA1 | e451180c5b296cbeade1fcd25192ce7d8d56e42d |
| SHA256 | 0312d42f5f3877a12e6f5da85001549cd9dd435debf72aee5652d1f6a550d351 |
| SHA512 | e0ddb76f8119466e435706c5bede42d83be5797ccbadb48eba5339d2582d1e038ae36bd667df4bcd09015e7889acee2124b013d5fc954bf2b15048f7c75c19d1 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:03
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1689 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1689 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/places.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/key4.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/content-prefs.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/extension-settings.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/cert9.db-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/favicons.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/ls-archive.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/favicons.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/places.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/places.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/sessionCheckpoints.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/1gj7t934.default-release/favicons.sqlite-wal | /usr/lib/firefox/firefox | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1593/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1737/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1708/cmdline | N/A | N/A |
| File opened for reading | /proc/1728/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/42 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1713/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd-fuse | N/A |
| File opened for reading | /proc/1577/status | N/A | N/A |
| File opened for reading | /proc/1577/attr/current | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/51 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1572/cmdline | N/A | N/A |
| File opened for reading | /proc/1659/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1813/smaps | N/A | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1732/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/6 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1696/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/34 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1661/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1830/smaps | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1717/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | N/A | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/1813/statm | N/A | N/A |
| File opened for reading | /proc/1830/statm | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://tororo.formstack.com/forms/to]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://tororo.formstack.com/forms/to]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://tororo.formstack.com/forms/to]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {1a11749d-39c5-408d-a4ef-20d7c0c8e123} 1659 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.25.6.244:443 | location.services.mozilla.com | tcp |
| GB | 18.245.162.43:443 | services.addons.mozilla.org | tcp |
| GB | 18.245.162.43:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | tororo.formstack.com | udp |
| US | 1.1.1.1:53 | tororo.formstack.com | udp |
| US | 1.1.1.1:53 | formstack.com | udp |
| GB | 108.138.217.129:443 | tororo.formstack.com | tcp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | static.formstack.com | udp |
| US | 1.1.1.1:53 | static.formstack.com | udp |
| GB | 108.138.217.43:443 | static.formstack.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | www.formstack.com | udp |
| US | 1.1.1.1:53 | www.formstack.com | udp |
| GB | 108.138.217.32:443 | www.formstack.com | tcp |
| US | 1.1.1.1:53 | js.stripe.com | udp |
| US | 1.1.1.1:53 | js.stripe.com | udp |
| US | 1.1.1.1:53 | stripecdn.map.fastly.net | udp |
| US | 151.101.64.176:443 | js.stripe.com | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 151.101.130.49:443 | tcp | |
| US | 1.1.1.1:53 | i.mtr.cool | udp |
| US | 1.1.1.1:53 | i.mtr.cool | udp |
| IE | 108.128.156.189:443 | i.mtr.cool | tcp |
| US | 1.1.1.1:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 1.1.1.1:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| GB | 18.244.177.229:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | contile-images.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile-images.services.mozilla.com | udp |
| US | 34.120.115.102:443 | contile-images.services.mozilla.com | tcp |
| US | 34.120.115.102:443 | contile-images.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | fjl.cna.mybluehost.me | udp |
| US | 1.1.1.1:53 | fjl.cna.mybluehost.me | udp |
| US | 162.241.30.119:443 | fjl.cna.mybluehost.me | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | www.amazon.co.uk | udp |
| US | 1.1.1.1:53 | www.amazon.co.uk | udp |
| US | 1.1.1.1:53 | uk.hotels.com | udp |
| US | 1.1.1.1:53 | uk.hotels.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | www.bbc.co.uk | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | www.bbc.co.uk | udp |
| US | 1.1.1.1:53 | www.ebay.co.uk | udp |
| US | 1.1.1.1:53 | www.ebay.co.uk | udp |
| US | 1.1.1.1:53 | gtm-uk.www.bbc.co.uk.pri.bbc.co.uk | udp |
| US | 1.1.1.1:53 | reddit.map.fastly.net | udp |
| US | 1.1.1.1:53 | e11847.a.akamaiedge.net | udp |
| US | 1.1.1.1:53 | getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.com | udp |
| US | 1.1.1.1:53 | www.npr.org | udp |
| US | 1.1.1.1:53 | www.npr.org | udp |
| US | 1.1.1.1:53 | www.thecut.com | udp |
| US | 1.1.1.1:53 | www.thecut.com | udp |
| US | 1.1.1.1:53 | www.menshealth.com | udp |
| US | 1.1.1.1:53 | www.menshealth.com | udp |
| US | 1.1.1.1:53 | n.sni.global.fastly.net | udp |
| US | 1.1.1.1:53 | hearst-hdm.map.fastly.net | udp |
| US | 1.1.1.1:53 | m.stripe.network | udp |
| US | 1.1.1.1:53 | m.stripe.network | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | normandy-cdn.services.mozilla.com | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| GB | 195.181.164.14:443 | tcp | |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.120.208.123:443 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.208.123:443 | tcp | |
| US | 1.1.1.1:53 | www.vox.com | udp |
| US | 1.1.1.1:53 | www.vox.com | udp |
| US | 1.1.1.1:53 | aeon.co | udp |
| US | 1.1.1.1:53 | aeon.co | udp |
| GB | 185.125.188.62:443 | tcp | |
| US | 1.1.1.1:53 | vox-chorus.map.fastly.net | udp |
| GB | 185.125.188.61:443 | tcp | |
| US | 1.1.1.1:53 | news.sky.com | udp |
| US | 1.1.1.1:53 | news.sky.com | udp |
| US | 1.1.1.1:53 | www.empireonline.com | udp |
| US | 1.1.1.1:53 | www.empireonline.com | udp |
| US | 1.1.1.1:53 | e10653.e12.akamaiedge.net | udp |
| US | 1.1.1.1:53 | d3a5a5uc9z2x2a.cloudfront.net | udp |
| US | 1.1.1.1:53 | foreignpolicy.com | udp |
| US | 1.1.1.1:53 | foreignpolicy.com | udp |
| US | 1.1.1.1:53 | qz.com | udp |
| US | 1.1.1.1:53 | qz.com | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | tcp | |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | arstechnica.com | udp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | arstechnica.com | udp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | www.abc.net.au | udp |
| US | 1.1.1.1:53 | www.abc.net.au | udp |
| US | 1.1.1.1:53 | www.usatoday.com | udp |
| US | 1.1.1.1:53 | www.usatoday.com | udp |
| US | 1.1.1.1:53 | e3161.b.akamaiedge.net | udp |
| US | 1.1.1.1:53 | domains.gannett.map.fastly.net | udp |
| GB | 88.221.134.209:80 | tcp | |
| US | 34.107.243.93:443 | tcp | |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | tcp |
Files
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | c4b1dff9d420926c50010178d08b5fc0 |
| SHA1 | abb8e8f41ed52313c3bac0fc3ad3157c766dafa0 |
| SHA256 | f88f3aeb5928afb0c4f422e700185886e9e984eebc43f56d6af564cdf30c6c9b |
| SHA512 | 7ec5cac9d5909e4b44d72e48e00307d1da98b1738b67aa943c21e3ad497dfde05ec1ba44b80100c4b9e0732bf674aa0fe79ab423ae168f033e21a53e6d7ae652 |
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | f09cde30e212b446020d90c777b5dd61 |
| SHA1 | af438137714488e631824d30678d33c52f14d8ff |
| SHA256 | d3988d331756379801c1fc2b9a8d0b0cffe175742b7437a27c181e04cb6af96a |
| SHA512 | 0599df5c9abd752ed4c789c8ee6cd88c7122254c5ffd27291be469943092614a1cd35db5d4b11c6b4e9c911a165d7cb1a94f921da4e133feefbbc7bd841615d6 |
/root/.mozilla/firefox/1gj7t934.default-release/times.json
| MD5 | 90485c6e54850c2e0970955c0c8a09ee |
| SHA1 | e21073ad4c7dd83687f4e184111e8966af6ad2ed |
| SHA256 | 4227af0c4b2078f021403f6223292f50ac6332f9f405441010e68e6348256ec3 |
| SHA512 | 9f043f4102e411010d3d96370f864afae64b70852ea72eae657a34d794fdc52e36488176d07cb385e9ed6b1067fbcab72c4e61a942bfba423fda2d48b637b65d |
/root/.mozilla/firefox/1q3k5r8p.default/times.json
| MD5 | 545c2c421d36e78fa741d43349158c60 |
| SHA1 | 188e8b421498083ebc89332e881b70085466a9ea |
| SHA256 | 8343c43ea519fdfa8f6c659c1694e6e346b2be3e0d737440fe852c6cfe65b417 |
| SHA512 | e0e17bc59013049d601f4ab65ca19013f78e5f7c83d095d6592d5e34fa716c746ac4e006d9b42c169d09317e03770a0bcc01fc6328931574100feac665032afd |
/root/.mozilla/firefox/installs.ini
| MD5 | 374536df6f0f14044d01f46da6124cbd |
| SHA1 | 48e28241e3ed787379480c40c3bd10bca4a02eac |
| SHA256 | c3420f457464a95ad419ff37431173fdbe4d49f03367eec6908dcfd01c13ef24 |
| SHA512 | 2d95aed48680e2de03c0e8dc9b3ed9954af60bc01e61dbb4a09f2de8e91c2ef9a310df607df56f789db09f5815496eb7983f915641e1fadebb2bcfe3b3e47c05 |
/root/.mozilla/firefox/profiles.ini
| MD5 | f913c8875567cba50412a0172b6a2368 |
| SHA1 | 0a7d50f7255f77a4fc95bef2bba2b4ba0e594b06 |
| SHA256 | 2ff62b3b7482345da08561d9c1b5c25bb872f7d4d141df115d782a51e3f54a34 |
| SHA512 | cf05ec19f9a8b4041834bf1e0b45e12b4bdca16c2d12710e57deaeaf634b67e4de8ce08a74e71df06b9f1c177a0df8271b47aa991b9fffdc6750ad2bd6218e36 |
/root/.mozilla/firefox/1gj7t934.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/1gj7t934.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/1gj7t934.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/1gj7t934.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/1gj7t934.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | e1ed34aa8fb56154abd9d32bf4fa0a4f |
| SHA1 | 219cb0d631c3f414e9c6fd966fa6aa8c7b8bc7db |
| SHA256 | 4c4364b453c6d0740d7f46793fc10f291f6e8ba6bcad41d35b392c524a2a4686 |
| SHA512 | 8f3aecd2357ec9f49fc137b2d5fdac859e843e0bf8e2a0f873eaa13470eb4b51d32c55b0c75a57170e3a9a3c62a8d0e3dbbb9f9dc5f0c142e4446543a3504967 |
/root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | e2efdf071902cec76de665f2d928ba54 |
| SHA1 | e9d6fb320d3898bf8e3c00411e95a97b2f95ba8c |
| SHA256 | 5732e417853b8d9e56a2a8438e76f8ea9a0d4f43085c33efdc26e6254b2bd010 |
| SHA512 | 8c5f04793228eaa47f115bf78387e616c248f08c925c917470a868477c9eb3b24f7d9b506db241c9e06659353bbafb78e2c985f9360d2e9cc16a239b6f245092 |
/root/.mozilla/firefox/1gj7t934.default-release/prefs.js
| MD5 | bb98776fb67297ed42f697468604988e |
| SHA1 | b48857b983ea87c3a829aaec63e06b7b86fcd3e7 |
| SHA256 | 2d086e799884b33b11fc75cc212a8ac379c97e1c75cc2de33e3edf79151ead14 |
| SHA512 | d5dfb29d9a9646f082136b4c7ec51d2ff63d539d548278fc1f03cb7305fd0758d2e275d75f72bf5c7e5ba945a436289d173853671b34b7ada3f11c53e2cc26b5 |
/root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 1cc1db8a8ea0f21dfa8f55b6cbc850d1 |
| SHA1 | 20a782e35b7a7c44483d55c96c0411d52d444564 |
| SHA256 | 5377a7212c95367ec903e7420779cffb8fcc3fc58c6818cc2c08af2a31223048 |
| SHA512 | 053bcfc3cd026d86612183ff92516cbd7abddd0224e6318274402fa11db073cabc2f5a658cd4039aaee2909db968777af298ad933e156e1a0cbccd37c40ef580 |
/root/.mozilla/firefox/1gj7t934.default-release/prefs-1.js
| MD5 | 91bddc2ae83420dc8040c4b8d0092ea9 |
| SHA1 | 0d3fee9da1fb2b10985a3b35b61058ddb1f4492d |
| SHA256 | 6db4b49308d843627896f4a2cad9d43726162e88c4808847061de2b0f16600ce |
| SHA512 | ff8369540b8d4bb4484ba8a643d6f9d8d7ea9f7cd60666d82e3600cd10b8330d2e60b1a9d4a55721b67e422d1405dbc4573d18865a00db366c83834b66859922 |
/root/.cache/dconf/user
| MD5 | cf595bf90db7193297195e48ba82104d |
| SHA1 | c8d66731e39b0d3fb47ea2877a6ad8150ee145d7 |
| SHA256 | 2ecd8a6b7d2845546659ad4cf443533cf921b19dc81fa83934e83821b4dfdcb7 |
| SHA512 | 083c0151f931208dcb4b0134762c30d1858c6cafa40eaeb4113b69717dc286ac69a890b548b7dfb489cd3b2527903ac45236bb13af8d2c5f2f27807c6d62b6e7 |
/root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | dcc3062c308be53e38a122a93c37c333 |
| SHA1 | 55dd55b99b8f39ae9b1955d812fda61b1640f9fc |
| SHA256 | 6cca8d477ebb98e0876e4812758f69b5682ac6f15534aa883e2b19b1b173eb4e |
| SHA512 | a2cd83efa7add36a4a5af56349f88de7944a9681edc7890773fa317236ca7ab0efd3355e08f9d9a609476fcf6e7bf7b29135d666eeaeb1e4b6df17bf27b4a20c |
/root/.mozilla/firefox/1gj7t934.default-release/cert9.db
| MD5 | fe5ac825570e5ff91d01e4615fd0506c |
| SHA1 | ebdb19764cbde08eb920aa3e793cd19bbb245299 |
| SHA256 | e4233ec5be0afc1111386ce915cad782f4b83fd701c9e264177542fd14c738d2 |
| SHA512 | fc4ce3c87a96f9b574a451426114e52bddf5832692c7b46b66361b47ffcee6c69ce33ee6df8ad0c2aa4b98d869e0cbe28f479020823b4c527036e115969d3d44 |
/root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | 7352c8848e88edc39b7fb5e663888187 |
| SHA1 | 8c3dffe25cc56c7aec1b782292d6fceed81e6304 |
| SHA256 | 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a |
| SHA512 | f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280 |
/root/.mozilla/firefox/1gj7t934.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | df8f5d826cd57a46eef682f180f1a343 |
| SHA1 | 07de843cea7c6cd5c2b9115a7b139655246c9120 |
| SHA256 | bc1ef9002a053fa2b6b9e5043499dd07fc7e77dbc4297ae254ada9dfd0caffee |
| SHA512 | b803fbb66977511210e7ae80bca29bd396613af032de56e7571d52e043a199c66ccb0bd77ffa0e67dfd663e413582983f533a7b5564d775ba952ca7ffa395a5f |
/root/.mozilla/firefox/1gj7t934.default-release/places.sqlite
| MD5 | 9d96569d06e283722330fcb0accbcfc6 |
| SHA1 | cbf28d5f7aed8ef08e2c780979888bfe1d39db43 |
| SHA256 | 5513a0f2a0508001351bc9f9caf09b945c762dfa7d93daf5d29f90c2c15fea9f |
| SHA512 | c76ae60c995e726a8debd83cd569f7cdb8184af2989e7b9f3ea0076726d98bb15b02432d900204a1ad3f5fede3a84ff751b84c151f8e8b85db5cd2dc9fda71b5 |
/root/.mozilla/firefox/1gj7t934.default-release/favicons.sqlite
| MD5 | 3c0a1ec298284608bfa51081ea539be3 |
| SHA1 | e51b58f6fe89d45fd8a1d935b51da172d5f6f32e |
| SHA256 | 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2 |
| SHA512 | 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f |
/root/.mozilla/firefox/1gj7t934.default-release/prefs-1.js
| MD5 | 70113990026d7e137ae9bdb6902da02a |
| SHA1 | e6538a7c87ff26acc2487603098c75b0045cb438 |
| SHA256 | fe9aa8c7744b97aa4c4a61585a86cc4ff91486997c4d33875f234d96d457a5cd |
| SHA512 | 51e92066fc5410c0cbb6746f1ad8a9b7cdd27e816804d02283098ba7141d21820958333df4eb5be0842258b8a39ef111a1b0df76dd7e958cbf1583c921da7adf |
Analysis: behavioral8
Detonation Overview
Submitted
2024-04-17 04:01
Reported
2024-04-17 04:01
Platform
debian9-mipsbe-20240226-en