Analysis Overview
Threat Level: Shows suspicious behavior
The file https://trixxware.sellauth.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user data of web browsers
Changes its process name
Reads CPU attributes
Checks CPU configuration
Drops file in Windows directory
Writes file to tmp directory
Reads runtime system information
Enumerates kernel/hardware configuration
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Modifies registry class
Modifies Internet Explorer settings
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-17 06:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-17 06:09
Reported
2024-04-17 06:10
Platform
win10-20240319-en
Max time kernel
26s
Max time network
36s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 010000009da3e160ed67ceb7e7161ae4c615f18675f56db671c261f27217f7676ee4d4b08519922736a6c6a4297c94c804f08be29ab051225ebc5e9728fd | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 8d96d8e68d90da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 77f5c9e68d90da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3971934951-2222591486-1444465656-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\winrar-x64-700.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://trixxware.sellauth.com"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.1.281878807\1823145677" -parentBuildID 20221007134813 -prefsHandle 2044 -prefMapHandle 2040 -prefsLen 20792 -prefMapSize 233305 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {048173e7-ccef-4f21-b717-6fe7b6420115} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2064 191a21f9258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.2.351139664\339741610" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2640 -prefsLen 20895 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86429b72-6240-436b-b347-eef9e46aff66} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2952 191a6076558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.3.1287621960\214362912" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26067 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {560f9d22-f337-4a55-8bbe-f505346c5541} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 3652 191a651b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.4.1477735320\1630298692" -childID 3 -isForBrowser -prefsHandle 4256 -prefMapHandle 4252 -prefsLen 26126 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ea087e0-e64a-4f35-a811-499cd3af043d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4268 191a7bc8258 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.5.400710091\1881668110" -childID 4 -isForBrowser -prefsHandle 4556 -prefMapHandle 4536 -prefsLen 26475 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a3e4b7b-bae3-470a-af2e-5bc2edb0dc4d} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4580 191a8734a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.6.34521344\1295992833" -childID 5 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26475 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62bdae07-8440-44d0-8128-10eb546d9fb6} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4824 191a8735058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.7.713514200\1069067077" -childID 6 -isForBrowser -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 26475 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ca6875d-23c8-4feb-b7a6-832b432dead4} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 5024 191a8bf0658 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.8.1424087103\235136598" -childID 7 -isForBrowser -prefsHandle 5444 -prefMapHandle 4888 -prefsLen 26729 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e0c9c25-c422-40da-bf60-72b03ead2207} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 4864 191a6074758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2056.9.554577136\1343481310" -childID 8 -isForBrowser -prefsHandle 2544 -prefMapHandle 3320 -prefsLen 26729 -prefMapSize 233305 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37724665-ee5a-452d-ae08-2e1ddd0798cf} 2056 "\\.\pipe\gecko-crash-server-pipe.2056" 2484 191aa210958 tab
C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 52.34.56.182:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 182.56.34.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49789 | tcp | |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 124.14.239.44.in-addr.arpa | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | trixxware.sellauth.com | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 172.67.177.236:443 | trixxware.sellauth.com | tcp |
| US | 172.67.177.236:443 | trixxware.sellauth.com | tcp |
| N/A | 127.0.0.1:49793 | tcp | |
| US | 8.8.8.8:53 | 236.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 172.67.177.236:443 | trixxware.sellauth.com | tcp |
| US | 172.67.177.236:443 | trixxware.sellauth.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| GB | 146.75.72.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | 193.72.75.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | imagedelivery.net | udp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.2.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plus.l.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.14:443 | plus.l.google.com | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| US | 8.8.8.8:53 | 163.68.195.51.in-addr.arpa | udp |
Files
memory/3308-0-0x000001F8FFF00000-0x000001F8FFF10000-memory.dmp
memory/3308-16-0x000001F880800000-0x000001F880810000-memory.dmp
memory/3308-35-0x000001F880A80000-0x000001F880A82000-memory.dmp
memory/4448-63-0x000002384C930000-0x000002384C932000-memory.dmp
memory/4448-65-0x000002384C950000-0x000002384C952000-memory.dmp
memory/4448-67-0x000002384C970000-0x000002384C972000-memory.dmp
memory/4448-69-0x000002384C990000-0x000002384C992000-memory.dmp
memory/4448-71-0x000002384C9B0000-0x000002384C9B2000-memory.dmp
memory/4448-73-0x000002384C9D0000-0x000002384C9D2000-memory.dmp
memory/4448-75-0x000002384C9F0000-0x000002384C9F2000-memory.dmp
memory/4448-77-0x000002384CBB0000-0x000002384CBB2000-memory.dmp
memory/4448-149-0x000002384DD20000-0x000002384DD40000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WUF66XFW\v84a3a4012de94ce1a686ba8c167c359c1696973893317[1].js
| MD5 | dd1d068fdb5fe90b6c05a5b3940e088c |
| SHA1 | 0d96f9df8772633a9df4c81cf323a4ef8998ba59 |
| SHA256 | 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101 |
| SHA512 | 7aea051a8c2195a2ea5ec3d6438f2a4a4052085b370cf4728b056edc58d1f7a70c3f1f85afe82959184869f707c2ac02a964b8d9166122e74ebc423e0a47fa30 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-17 06:09
Reported
2024-04-17 06:10
Platform
win11-20240412-en
Max time kernel
27s
Max time network
14s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://trixxware.sellauth.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed5633cb8,0x7ffed5633cc8,0x7ffed5633cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,14666007572209022874,13619953612478956179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 172.67.177.236:443 | trixxware.sellauth.com | tcp |
| US | 172.67.177.236:443 | trixxware.sellauth.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 151.101.60.193:443 | i.imgur.com | tcp |
| GB | 151.101.60.193:443 | i.imgur.com | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| US | 104.18.2.36:443 | imagedelivery.net | tcp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 15fe2ca7fbb19bce73b3127d3ce38b40 |
| SHA1 | 3b6d7bb9a2a45706b41570c3237620977f91bfe3 |
| SHA256 | fdc0d483560fd857db4fd1f96c8dd963c4400095e8191206cc1400e07cfbe097 |
| SHA512 | 8a2ed9de98c5e82d7924695caf8350a4cb702fe52bd6183f929966bfa9909e4b55471cccde3c0324024061bc4d6ea50076708fed9fe4e0cd976106784caf5fda |
\??\pipe\LOCAL\crashpad_2388_VUBHPODPVMSUSWPG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 387bda50a259f550e0a5b9c3f441359d |
| SHA1 | 9e0a87fad07a1fc8e67b5f44244aee8c49289a28 |
| SHA256 | f7a53d094bdb8498f4a5edf5dbfa6f1f04e62013a9173d48cab6f31e7fdc4f68 |
| SHA512 | 060019710d5059241e00e23d6780ff44a016774f4658d16443d1ca7b7187aa4ab4ec484b18d380692f75dda19b882411749cc29545c9e3e57488a758bf618e24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f689703f230ca2c34eb6421a60252c99 |
| SHA1 | 8f2f66669a66167eacda48f82309023bab4f41f1 |
| SHA256 | eb5775bcac0c5365fb2d9884a0123dcb64cc88b94d8f537b7d66240b33dd8505 |
| SHA512 | 4fdcf343e61c52b37e89ef3068c559238c851dda441492a1742cac59a48e8e913544516edac042a42e38d29b98a4b976cc17fa8e08e30f845759040a1eec1b40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7198ebfe6ebea37600eb08533cb836d7 |
| SHA1 | 6e971dd988403d62c1d22b737eba178e5d53c0f4 |
| SHA256 | eb31daa3851fe38d6f0a3e749d708887fdb15525af9496c994a806e6f23061ea |
| SHA512 | 7ea6cc9bb67909b9bc7613c4e32e18935e5c0bd730267dab8b7c423e93e6290d9e80c0417f20a120f76d7e335e8ec80e837de551d0611b8c4c48c7fc3eb8303e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3b01ef2f993be61fc637ec05e20f3e47 |
| SHA1 | f1696c403e60d583683e45e66f0cdc5f0a4ae8d6 |
| SHA256 | 5f218631595a35e21b046be674afe22e9dfdf30b10c41910b79cbd683946ddf3 |
| SHA512 | f836c897f114f539912875c6645bc8c9880a5f2c62e140e7d837e6e8515586b4ba51104169433c70697ecf10871c53a3e3f71d67e0a6c8dea725b781f332fa10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a656f4c2e3d5176b56a06495a740a4bc |
| SHA1 | 6e9b386f2908029dccb23e9721f65bbaf9092802 |
| SHA256 | 2655121e0a908537c77f43e123663cf64b85a29b6aa1ddc64dad93ed55263f72 |
| SHA512 | 2ed5c6fb5e67c11d4ef3d3e233adeaeb8873ff8c7db62c540e856565a0e7bb99b8bd598fecc90e87d982575bdf4382a4d35c8be7f89bb1b033c7ba212ec11d50 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-17 06:09
Reported
2024-04-17 06:10
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
6s
Max time network
28s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1691 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1691 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/ls-archive.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/SiteSecurityServiceState.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/shield-preference-experiments.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/key4.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/ClientAuthRememberList.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/AlternateServices.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/xulstore.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore-backups/previous.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionCheckpoints.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/addons.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/permissions.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/pkcs11.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/key4.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore-backups/recovery.bak | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/handlers.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cert9.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/times.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore-backups/recovery.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cert_override.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore-backups/previous.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/key4.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore-backups/recovery.baklz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cert9.db-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cert9.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/11sexf6t.default-release/sessionstore-backups/recovery.js | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/self/task/1650/stat | N/A | N/A |
| File opened for reading | /proc/1648/cmdline | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1734/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/1585/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1566/attr/current | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/42 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/1566/status | N/A | N/A |
| File opened for reading | /proc/1714/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/33 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/self/fd/76 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1768/statm | N/A | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/6 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1723/cmdline | N/A | N/A |
| File opened for reading | /proc/1743/cmdline | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1768/smaps | N/A | N/A |
| File opened for reading | /proc/1561/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/1738/cmdline | N/A | N/A |
| File opened for reading | /proc/1782/smaps | N/A | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/51 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/78 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/38 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/task/1702/stat | N/A | N/A |
| File opened for reading | /proc/1719/cmdline | N/A | N/A |
| File opened for reading | /proc/self/task/1774/stat | N/A | N/A |
| File opened for reading | /proc/self/task/1792/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://trixxware.sellauth.com]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://trixxware.sellauth.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://trixxware.sellauth.com]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {409306ec-84ef-4d09-84ec-fef8f7bc70cf} 1648 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {52833ab0-95c1-4beb-bbd4-25c788197ebf} 1648 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {8d00e50a-d693-4e24-be27-6ea1f0fb37f9} 1648 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.194.49:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.43:443 | services.addons.mozilla.org | tcp |
| GB | 18.245.162.43:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.6:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.34.56.182:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | trixxware.sellauth.com | udp |
| US | 1.1.1.1:53 | trixxware.sellauth.com | udp |
| US | 104.21.64.71:443 | trixxware.sellauth.com | tcp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 1.1.1.1:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 104.21.64.71:443 | trixxware.sellauth.com | udp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 1.1.1.1:53 | getpocket.com | udp |
| US | 1.1.1.1:53 | getpocket.com | udp |
| US | 1.1.1.1:53 | qz.com | udp |
| US | 1.1.1.1:53 | qz.com | udp |
| US | 1.1.1.1:53 | www.bonappetit.com | udp |
| US | 1.1.1.1:53 | www.bonappetit.com | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | condenast.map.fastly.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | i.imgur.com | udp |
| US | 1.1.1.1:53 | i.imgur.com | udp |
| US | 1.1.1.1:53 | ipv4.imgur.map.fastly.net | udp |
| GB | 146.75.72.193:443 | i.imgur.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | imagedelivery.net | udp |
| US | 1.1.1.1:53 | imagedelivery.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | tcp |
| US | 104.18.3.36:443 | imagedelivery.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | www.inverse.com | udp |
| US | 1.1.1.1:53 | www.inverse.com | udp |
| US | 1.1.1.1:53 | discover-prod-1777428142.us-east-1.elb.amazonaws.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | contile-images.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile-images.services.mozilla.com | udp |
| US | 34.120.115.102:443 | contile-images.services.mozilla.com | tcp |
| US | 34.120.115.102:443 | contile-images.services.mozilla.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | normandy.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | normandy-cdn.services.mozilla.com | udp |
| US | 1.1.1.1:53 | a1887.dscq.akamai.net | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | classify-client.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
Files
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | 9793725598f38ca95b1ac44bb6164660 |
| SHA1 | 3180f1f023a0a212d9d0457fae36d85568ee1b50 |
| SHA256 | dd4aecee1cf57fe91e454897d94a663c263c4ceeaba1ec5e26fcf0860672121e |
| SHA512 | 7482b37c270983c8a962ec7f198a363bd6cec4f6607ded4623122d09a3fe4d29990b50d5860bd618223071faa150abf35ca3bb20d7eacaa636d8fdeec270c766 |
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | 86ebeac207bfe693e3f3d5c73dcba070 |
| SHA1 | 71b323bb3143af84e4bf9be8cc8de7d884367f0d |
| SHA256 | e72f33ad34b48fd9842bbcdb15238b0e5344b9f61ef95c112c3a23903f8f02a6 |
| SHA512 | fb6c4f345e5ee35a9dd6f810689ea23a2ae1a5a4638d67ee1ddb37fb66cac11bfca38d87d65f1f5102ed4ddcd0ba4939d462baa3d13f3ef59448b4a5b40cc26e |
/root/.mozilla/firefox/11sexf6t.default-release/times.json
| MD5 | 8475d003b2455ce96ec32e0b5aca2379 |
| SHA1 | 29e054aa58775b6f5cdd2378aabf0cd5f4ccfe7f |
| SHA256 | 4a20e981ffaff26acb90270390acbbbddb1196c0743b1cb8642f297f4ebb75e6 |
| SHA512 | af43a90ea86558a3bf70e8865b0f553991ea59c2833885fb769fd7a09b17bedcb3848016d46da97f11ebdaf2cd45f9281d04c616fef70ca0636c1281a6688197 |
/root/.mozilla/firefox/cgih8y34.default/times.json
| MD5 | e5ad14f0de2eaa5d4ca10eeafd93cc3b |
| SHA1 | 7a2bee8d8fcb9fbf8bad166463d0cd3965a0b9a8 |
| SHA256 | d7b3060b93084216078813be44bcea28c98179846646b248df8977d2a4295781 |
| SHA512 | 5731e8af38919bc852a1f5d4b7fefe8c7c7d1bc74ab6590108a0a39557f96debdb5e7b847d2df4e90f7e0ee3e714d126afc68d30608e78964d7c9e5ca7c7174d |
/root/.mozilla/firefox/installs.ini
| MD5 | c4c938a5a270374b9329b4319f1ee8a0 |
| SHA1 | bd62a69b875f40dda910d50f6cb64b3fb62ac9ce |
| SHA256 | d16eea479294a4396edc96f3753941711d5f93696ce175a680ec69a713e4c05c |
| SHA512 | 9fe94f5d145a26e37a7741b1a5e0335a3cd72853e72b095c62b54b0e4322804ffe45ae3e881c8305b654060c6342d671d3a824427eb58ce4a9329f1ffe2032ad |
/root/.mozilla/firefox/profiles.ini
| MD5 | c58b8c69aafffdf68450d789b4e9517a |
| SHA1 | 4c3c54347749a8447084f1d1823a6b11421d6baa |
| SHA256 | cc861460ee5630681fb940f28055831d28086cc460c6119f0340c96fcdffbb2a |
| SHA512 | 3b4c43445518aabf4804f6b608856602cbc6d4f2dfaa16e8a0e962874ef0646264d25ef0d2cc4f262fe756b6cc08ef4f9d3876f73a890a39d8766297bc3d7b6b |
/root/.mozilla/firefox/11sexf6t.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/11sexf6t.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/11sexf6t.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/11sexf6t.default-release/prefs.js
| MD5 | 53d78f6222ae18bfbe7c24e1a66093d6 |
| SHA1 | 628f38b5dba3e7fcc9ed87d8ca8ecda7f6425e59 |
| SHA256 | 21fb1aeedd9cdaebc517a742e54f08fc3e8d8c2560dcaa102b2ebb8dab2b07bd |
| SHA512 | 0705c4a41b590ca33295a3e757bac356760218edb80cc5107dcef230dd834c0319190b14bd1acb48a2dc5f2dcb591aa1000533e711848dc494045ad8c014a05c |
/root/.mozilla/firefox/11sexf6t.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/11sexf6t.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | 84f8c31a264116883615c2e51b06e461 |
| SHA1 | 89d20a2a5b8a55c8d09b1d3cd2aa893266219ee3 |
| SHA256 | 3e0a2c0a0d454b01f5f04c2993157e988e813692415b8b5b23a77bcac6fffc7a |
| SHA512 | 0984d3fd1ade62d5605866dc433863a0693d1affe75458cfd231b6eb1bca3bceeea3e0aee7655164c59b3057b549c4be0b3d6bd8c356afe0d325655786fe0003 |
/root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 2e9576c9379a3b588558607f32be94ea |
| SHA1 | 6c5fc2ec664fd4d684d8861bed43d61983738e22 |
| SHA256 | dbe3d564a794877e5cad61454d6ad81f6ba8c9248183ff7a5777fccabc63853d |
| SHA512 | 613d19605a08c9bd82bdc775a29b75c03f34756e58c158edfdd9fb4ec4f2eb755888c8c3e3b499fa1d56bb57a7e7c0ae8bfa37f5020194ad0b970eb2bf2408b5 |
/root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 4f7984943990c1fc3ca9da70078a7c85 |
| SHA1 | 1d4600e8d85d9fc59cb01ee89b92035a170ebd72 |
| SHA256 | 874d3392cbec29c408d591819dcf66f7e8c5c8e2fdf1697d7b5cb3c3c118f804 |
| SHA512 | 5a5011da3de9da779b27cce4d3c6069e34b87b03414af8bd05a5d39803fe07e1d61e426bf031ad9a6d9bba3f31614c3b97fbbd06f4182bdd26e2830420c388ed |
/root/.mozilla/firefox/11sexf6t.default-release/prefs-1.js
| MD5 | 45861da3abaec23aa66d94f3e9cf23f5 |
| SHA1 | cb03c373ce69c5a82a1bd846b8a72d382555c7c1 |
| SHA256 | 1488dbde2cc48bb9a82ee94f6a2135b2238e72ddec5ebc51d4c21ca4cd6062c7 |
| SHA512 | cabf9943a203391154d8f7316a5aa654f2d4c73222d315b67622d8378a7826a852ae3570af67594d773edfefc29c902e77942acdfda94a6c6be1881e4cbe6132 |
/root/.cache/dconf/user
| MD5 | 8f7cbbbe0e8f898a6fa93056b3de9c9c |
| SHA1 | 49594bfbf3a97620aa5dea68d4440b39b6bede04 |
| SHA256 | 67ebbd370daa02ba9aadd05d8e091e862d0d8bcadafdf2a22360240a42fe922e |
| SHA512 | 1d8439717191d47a17bf9a446c913637bc88d6c241b25a7f64b96cddb796788eb076706b00b5038b2b4229c7ba13be29823761b7a399d4f2eba714f6c28ab92a |
/root/.mozilla/firefox/11sexf6t.default-release/permissions.sqlite
| MD5 | d84b545ba3361c1d3b45a9025a947b3f |
| SHA1 | 1d6281d50eb60c7441c925b62a876f3e278c3619 |
| SHA256 | 7cad40820ca6720973f6efb7c96db4c90d76ba402c23a0066a4095eca437baf4 |
| SHA512 | bb76d70deb2a630b7c7095ce3c9d9e1f6d6757e26f231a9071f83d4b681750b444acb37ae3a17da997bf0253c91e2e31ea08e5c519e68f30b5d71183433bb5e6 |
/root/.mozilla/firefox/11sexf6t.default-release/prefs-1.js
| MD5 | 83796e83729c17364239ba036594e62f |
| SHA1 | a157adbb2f1064b7ffcba6803e1ab7d2f8e7301f |
| SHA256 | 6c3b20c9f16aaf2a6c8c2334dc1351fbd5a597208bacecb76f3b5122d3876db6 |
| SHA512 | 7a70a96d0a318369cfa5965e003822e54487386a930134fd33a79f7682bf4ea86eee290e6cb6447fc6d7fa66405da4a893dcc9948ae6aae923cac71938934f15 |
/root/.mozilla/firefox/11sexf6t.default-release/times.json
| MD5 | 01263a5660f4093ed99d0e32fdb42006 |
| SHA1 | b7a8ea7a216b17b04ef3f8daff77b34f99a70729 |
| SHA256 | de34acbf6b2992f584635fb201dfd9a7a979364315318b1eced3dfedfe7603f7 |
| SHA512 | 0eb28c5947f57a65da66c04748a5ebd9bc47d541aa26164a8d5bdebcb8c44409f9e54c18fd99d5fcf1c8d6583fa402e01ebc5a65f4d6cda9f91261ad33a87686 |
/root/.mozilla/firefox/11sexf6t.default-release/cert9.db
| MD5 | daee20adb9d20052e301beb4e2f85f3c |
| SHA1 | 1556ff6e4874a436fa65ac9a1b637514fb7a6f4c |
| SHA256 | 70341af8a7c68d03a9d26484748a054ca59c6c4df24a73adc9c5357baa0e8958 |
| SHA512 | 679e5f0bacb281debaf4255345c9ba3ec095bb12844016824ada829e8bb7dd074a6de15a8f7e1d6d0d237a4380f44d8628a08410042084b39566cefd0f6f261d |
/root/.mozilla/firefox/11sexf6t.default-release/key4.db
| MD5 | ecdb3c74c79cc6cb3a223c4123fcf143 |
| SHA1 | be00c5465f9e5b153eb66f01f3f59f3ec4aa55eb |
| SHA256 | 252efbddb4de3eee6349a1813e6cab3c51b4e8d02e97412d35a80805160af259 |
| SHA512 | 8b7cc4e9347610832f9dbeb69ebbcc8e1775dd2544f2def9e38e86662eda5a5cd14d68783570cdfc4c890c0f3cdf34509b89baa4067ed7cc41413de82bd08357 |
/root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | c92c08d86e3c7cce6a0d8d142c908508 |
| SHA1 | 285be2241572946119d50ecb855c6650cd390ffe |
| SHA256 | 961148885ba1082261754fdbd024ba748c93176679999ebcf64826f0bf115949 |
| SHA512 | 32a3d0dbedf14db404dd11c4b5a3479ab5190a29d6c5a26b84eb720eaf760bae4b58dc91381a744eae0f138f37626e6253891969627d1301786a3cdc7a608846 |
/root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 2e2e6e8811dc8467921b284e9dc499a9 |
| SHA1 | 279ba95bc347caefbef993823099ade72dd4a027 |
| SHA256 | 266ee38ec1b84ee22f9b89af42c0003902b881479d64eea789dff346e435058e |
| SHA512 | 320cf306d6a5472185817b0f2829b969f62b1b530cb62a556f2c1639bd9a0e2793a722cb21f6c661db032db1eb0912797f620f74b087501b12c2ddeb6f6aebd1 |
/root/.mozilla/firefox/11sexf6t.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | dd3f6ba37c670af5953593535e435d04 |
| SHA1 | ecfe4e650a050bce77e8ff7468de04c1b8acc9a4 |
| SHA256 | 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561 |
| SHA512 | 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3 |
/root/.cache/mozilla/firefox/11sexf6t.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | 99a8a2a8dba2d012c40aeb60f20b603b |
| SHA1 | e01eadeae0af6c7c8159931bd16bc78b7c485747 |
| SHA256 | d9f91296e26a7da12799431a788ff6a18552f141318cc0ec379d12e3a73d0565 |
| SHA512 | 77df2cfd7c8fde8c722ff19eb4e9dbda9196d9d91a584f78463455ce056a2bbd74505d8becc7d54c1ba6b8c54320c09dffd1baef34687d6d5391482abda6fe0e |
/root/.mozilla/firefox/11sexf6t.default-release/prefs-1.js
| MD5 | 8554e3b42b9daa9c44bb952acf8bb10c |
| SHA1 | d0eac91f906cb11fec56f79a5bf3a0895371b183 |
| SHA256 | 6227ddc393c10169daac503bdab2d5ceb90527b5b5b2d9bef2226d3f7a4f7bbd |
| SHA512 | a7075744e629c32c4fce59aef4557666eaa2eb3c47dadff411b68ff12be09f4619e83dfe3561007cbccc8bc389f78f166f0140c9488e9e287a736d01ed676b3a |
/root/.mozilla/firefox/11sexf6t.default-release/prefs-1.js
| MD5 | d841ee9ef87c9ef7466983eca7cd07bf |
| SHA1 | 1427f5140d333a152e508f74db58143af7b7fe75 |
| SHA256 | ca98c305ccaf20eb484df7c0630fe57e562e6f6f03d1b30c8906fe94cbba8843 |
| SHA512 | 5a32b4a8cd5f99c1136de4391a1d509c210965df32bce66e463bb99916aad249ace48c4c38278644d5550c94b99840c8d1a494be36f8bda279529311da996f26 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-17 06:09
Reported
2024-04-17 06:09
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-04-17 06:09
Reported
2024-04-17 06:09
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-04-17 06:09
Reported
2024-04-17 06:09
Platform
debian9-mipsel-20240226-en