Analysis Overview
Threat Level: Likely malicious
The file http://www.tekdefense.com/downloads/malware-samples was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Enumerates kernel/hardware configuration
Reads runtime system information
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-05 01:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 01:27
Reported
2024-05-05 13:38
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
156s
Command Line
Signatures
Downloads MZ/PE file
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.tekdefense.com/downloads/malware-samples
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5792 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4956 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5288 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2a74b442d4f447e691bb409ff6d855e8 /t 2668 /p 1596
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.0.514259291\592613142" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76fb51eb-ce58-448b-ae5a-e38bca4bb807} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 1948 185480ddb58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.1.1594918747\1653959676" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a7c8d74-51a4-4598-a74d-56be5879968f} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 2356 18547a3f558 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.2.405209962\572334673" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2952 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a49cb864-b08b-481f-b9d7-ee6dce5680c5} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 3052 1854bfa2858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.3.2061278023\1986619140" -childID 2 -isForBrowser -prefsHandle 1124 -prefMapHandle 3512 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2a7f334-57ad-4344-9808-b28c210fe967} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 3616 1853b55b258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.4.60979104\1727185916" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c2106c9-8a4c-4de2-9598-2fef13cc6088} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 3992 1854d174158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.5.1039264893\2106576076" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5056 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7b89667-1993-4035-9289-76717d7e0d2b} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 5016 1854c5b2458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.6.1016422503\1554332030" -childID 5 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d9ec16e-9479-49ac-b19b-c8e4c7231007} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 5160 1854e520e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.7.1880656417\1792048421" -childID 6 -isForBrowser -prefsHandle 5356 -prefMapHandle 5360 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dabf5281-e57e-47f3-b089-8c3c2d9cdbf7} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 5348 1854e759858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.0.770775106\1827621845" -parentBuildID 20221007134813 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1e901af-8568-4563-ac05-a55210d5f9a3} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 1852 24c2ccefc58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.1.1488685197\1959703269" -parentBuildID 20221007134813 -prefsHandle 2036 -prefMapHandle 2032 -prefsLen 17556 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {641887c6-761f-4ce6-af09-0b80f667ddac} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 2064 24c2d174e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.2.359152571\514828270" -childID 1 -isForBrowser -prefsHandle 3548 -prefMapHandle 3172 -prefsLen 23627 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d074f562-2438-421f-878e-b8dcf0086695} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3576 24c31e22558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.3.1991207879\1254640864" -childID 2 -isForBrowser -prefsHandle 3028 -prefMapHandle 2908 -prefsLen 23734 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df501031-6d48-4329-b611-13073498a995} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3796 24c31a97c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.4.1707678678\395858728" -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 24816 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0621f17-4840-48a7-8077-1454de9eb63d} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3304 24c32896c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.5.2107740311\483034423" -parentBuildID 20221007134813 -prefsHandle 4440 -prefMapHandle 3304 -prefsLen 25750 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edf7776a-27a8-4e4f-b033-667cbb49d91a} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4452 24c2cf42258 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.6.293148974\1511147407" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 5232 -prefsLen 31796 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d95dff4d-b9ff-420d-b523-2ddedb00aa9f} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4924 24c2cf7b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.7.553512234\474618350" -childID 5 -isForBrowser -prefsHandle 4884 -prefMapHandle 5304 -prefsLen 31796 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d89a7e26-2a3a-4d43-a54d-442b07202f41} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 5208 24c34143558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.8.624215838\2005427723" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5096 -prefsLen 31968 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3010fa8d-1338-4938-af8a-99d9ee69d794} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4664 24c34c94758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.9.982041357\1844970501" -childID 7 -isForBrowser -prefsHandle 5720 -prefMapHandle 5716 -prefsLen 32089 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4c7acd8-931c-4317-80d4-f0a96e849b45} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 5728 24c344c2c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.10.1798098432\874688615" -childID 8 -isForBrowser -prefsHandle 6188 -prefMapHandle 6212 -prefsLen 32185 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {303e608c-c74d-470e-aeb8-3c1786630559} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 3692 24c34360358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5480.11.32923560\591055210" -childID 9 -isForBrowser -prefsHandle 5252 -prefMapHandle 4940 -prefsLen 32360 -prefMapSize 230321 -jsInitHandle 1272 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88b25c71-7c31-443c-b385-1155412cccd8} 5480 "\\.\pipe\gecko-crash-server-pipe.5480" 4828 24c32b55e58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.tekdefense.com | udp |
| US | 8.8.8.8:53 | www.tekdefense.com | udp |
| US | 8.8.8.8:53 | www.tekdefense.com | udp |
| US | 198.185.159.160:80 | www.tekdefense.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 160.159.185.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 198.185.159.160:80 | www.tekdefense.com | tcp |
| US | 8.8.8.8:53 | www.tekdefense.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.tekdefense.com | udp |
| US | 8.8.8.8:53 | www.tekdefense.com | udp |
| US | 198.185.159.160:443 | www.tekdefense.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 96.16.53.162:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.tekdefense.com | udp |
| US | 8.8.8.8:53 | 162.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 198.185.159.160:80 | www.tekdefense.com | tcp |
| US | 198.185.159.160:80 | www.tekdefense.com | tcp |
| US | 198.185.159.160:80 | www.tekdefense.com | tcp |
| US | 198.185.159.160:80 | www.tekdefense.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| SE | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:49874 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 44.239.14.124:443 | shavar.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.14.239.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49881 | tcp | |
| N/A | 127.0.0.1:50046 | tcp | |
| N/A | 127.0.0.1:50050 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 44.238.144.40:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 40.144.238.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 44.239.14.124:443 | shavar.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | git-scm.com | udp |
| US | 104.22.3.43:443 | git-scm.com | tcp |
| US | 8.8.8.8:53 | git-scm.com | udp |
| US | 8.8.8.8:53 | git-scm.com | udp |
| US | 8.8.8.8:53 | 43.3.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\578ad8d6-727e-42c2-8dc7-0e211f34a29a
| MD5 | aa8c4d75630cb3d7cc97b7db3e633616 |
| SHA1 | ca207069a9a6e131cda3dc6e307c9f6f111c45e7 |
| SHA256 | 79fe7c14f331e12123bd40812099f47aebdcd8aa082910aa62dbdc92528a1ed4 |
| SHA512 | 5485a160894f28f09fa7f15ed269f9dbed18eebb624512c47e84ebbb037e906e751bfc18ac49e0caf4ced698cbeb08fa5e0b0abf0cd3cf23cfabd76831b6e91f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 23ba48a780074d9a237d88114111c128 |
| SHA1 | 8e68eaa956c4ee6173168efacb2eae7d1f4c83e2 |
| SHA256 | eb84e88f826bba6e0d420a043be673e7b0df0716bc44367af854e25819e8b427 |
| SHA512 | 1add793342dc145db0e5f59644d0e22426fc8bc1467f9c0d5774445acc536f2c0d35a29d55c00978d6d686b5d0b66354643789b7735a73ee23a430f01bb7ad09 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\b55140a7-c7aa-47d0-8ec8-741e7e8bc25b
| MD5 | f2c8557f617e73d745a7e631af9780d5 |
| SHA1 | 95b8cdf737c5f37374c0d270ce4377ceface2cba |
| SHA256 | 3cd06a8a77d211120074d84f35e7df1d44619d4fbb9705e7fdf400680cf40703 |
| SHA512 | dcd49981d8b1fdd1f00467a94a64efaa1cdbadec43d686ba1cab54b877db30ed9b0d9a80d1a2d2e3c4e7f69fb7d9e3b4cf8de9b01d197d3fa5fea1da9f4d8df2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js
| MD5 | 580ddfac0734406242f415e2b228bd36 |
| SHA1 | 54c3d178d4c2923a65f801964bc0d393bcbb3179 |
| SHA256 | e5633bc0a1c0b13bf271c4bea6b61795fc1af623b78b75a39948206bfc156ee3 |
| SHA512 | b006f58336ad61eeec56a3d75c1d1b456738b88c1f469f7c121ef211920d16ac488c75ce2dd99ba8af496667a6df85a86f5b3712af91d7166bd3d5db14675eaf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | b01efd0877d8bb4a5d754d6d5a5922cf |
| SHA1 | 6dfaecd4219afbb206185171c64c777e9c73ae21 |
| SHA256 | ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90 |
| SHA512 | 6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | fc51eb4dbdfd892f2b700075e2ca3b5e |
| SHA1 | 10a3110e9a0ec5866b9f2dc27a3d47ff2725a4f6 |
| SHA256 | b2d9728526d9bb69cd55c3f63a2e47d855520e21a0e22dff98ab3ed97eece946 |
| SHA512 | f13e49f845c1dd2031d1c190276cd7ad929b5b53de871de47a389167cd2dcabe169460f3d93d0d0b0f492d3a208a24127d57471623db30ead5b6f7a21e98a759 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4
| MD5 | 7edb5d9e8ca9d02d86a9f10bcc8d2e7f |
| SHA1 | 9a7d8188a19e32c68cba42cf162ffbaf73b5e14d |
| SHA256 | 1e86cd64c3891748fe97e1fedf9de380dc6b655b2adc3e1be49a9f9a326efb5e |
| SHA512 | b1ed527a654ad66d9c77d451f27677958203fd0ef68cf171f776a4877bd2acab59f80835b588152c20ab0048ce3c44a6d752503867d8ed2756effb58173e6267 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js
| MD5 | ff232d5a3d6d059538d3dc5d98af3dd4 |
| SHA1 | 4dc625e9e660088db0e7f6ff93d7be8287bab6f0 |
| SHA256 | ffa40d7891697a1b63fa7daf338932b584b6b94f28f07494f06008b349f88b3a |
| SHA512 | 93634215f0c8550b79d0803008614dc6ef9abdca28fcc16c8855d212f2cab0bdfb1693d362c9babed15eb3587f51ac773779e5697d59cd85e2243877631900b7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json
| MD5 | 362985746d24dbb2b166089f30cd1bb7 |
| SHA1 | 6520fc33381879a120165ede6a0f8aadf9013d3b |
| SHA256 | b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e |
| SHA512 | 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\AlternateServices.txt
| MD5 | 90a968b4fd7439fa9f3127b581ef4370 |
| SHA1 | adab289b578d3d0636bcba119f88e53e982dda17 |
| SHA256 | 5033e3a681f321ce9cc11e3e7791f4c4cfda8cb98083788ec877e758d4f5dad5 |
| SHA512 | c74b2de0451aa3e4e312db33f1e727373622f4d08a879f46a8b9a7606d7c49d108f7bca3cf410ff272bfb9035abe2c48c22bba3b510d23c730f7db19855d0c0e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 6cace76cfe3b5c40ba5882306d373251 |
| SHA1 | d1e3d1f3e7452e6a5c3063b94c335bc909341191 |
| SHA256 | 6a4f1e0a5dda7a7735e4e36e8c98bb49b7760bee7c8a78087e408f8a7fbf9e4d |
| SHA512 | bd4bff19456ca90f7f3f646e379f8b8a2d4908baac60535902ed266aacf0e431e0e3a8fdb9f02529c94e1d47e7dcc3f4f72a075756c413ec71843a123642c074 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\protections.sqlite
| MD5 | deeced8825e857ead7ba3784966be7be |
| SHA1 | e72a09807d97d0aeb8baedd537f2489306e25490 |
| SHA256 | b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54 |
| SHA512 | 01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt
| MD5 | b07b69deefc2812412cd6d2f163bf983 |
| SHA1 | a6a00a05ede949a5e186b8b39530452d4c309398 |
| SHA256 | cf09c3e993467a48efd24329c04806634d9831aa89eee3267774e30d45b19223 |
| SHA512 | f88e615bcf9c6ea9b8bf73484a1e6ce16ef1fc61a7b9d6b66e4d9f4f8eb4b81c8e67e3e4e09b54f5dd081b2ea158bfd98a5818e1526c34a6a16c62723b4acc46 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | f85482e18d015dc2ec59f4fc5a255de7 |
| SHA1 | 5c1a08b0654fa20d477427cf9bc45a495aae16f9 |
| SHA256 | f6765047dc6c952a234adfd23bd2534fbefad7a83c7ed989c7de724a5b874b93 |
| SHA512 | 8a03989cec4d3f0533114e0ceb7b7cb76cb1ff21fa2563ef1bee4d82d0e21046db2820a528fcffb7504afa638f1f9a220e0c6bbdca320748745f183be98a12ab |
C:\Users\Admin\Desktop\Old Firefox Data\4s2odj76.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
| MD5 | 3d3516f9cf1dd5564ddd0c5f04ce6a18 |
| SHA1 | a878ca228d90864aff9cd263a0638128afe3f23e |
| SHA256 | 1b1553e8f19f2981f6e3992367a699427b00f23ee5c9aa6ad1710917abc9a3d4 |
| SHA512 | ff60ae8a8b89929ef0079a6c34c0b70cae72cb1ccc0e3976ffab9759abc118b91a7de196f7f04d5a0ac98253370f38527115b3c9858f636ca7f0e6fb9e773207 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json
| MD5 | d73c81d104461c3c4cd37302d5bda0de |
| SHA1 | 1d51c8f969b1e858da2afa7c2c3f5f8531630c6f |
| SHA256 | 06cc629d9b5a1d494a77a5b52e3dcca304cd40e7468fc5c0b24fb632a15abab1 |
| SHA512 | 7c7683fae6ef74c1d2122bdcc0fc42a2fc45dd5283b8ae24921e2fb9307aacb0361427c85d6b354d89f6ee1dc536c13d1ddd6c56401a2e34ff7dceed265f827a |
C:\Users\Admin\Desktop\Old Firefox Data\4s2odj76.default-release\xulstore.json
| MD5 | 05e1ddb4298be4c948c3ae839859c3e9 |
| SHA1 | ea9195602eeed8d06644026809e07b3ad29335e5 |
| SHA256 | 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be |
| SHA512 | 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 12a8f38b8a22868d6fc794c34b07a303 |
| SHA1 | 98fde6964d9badc7b03560fe29b22b780a4d0a32 |
| SHA256 | 1f9aa58830de6b780ce3edd060db67120a21e3bccf6fa71e25d05e00ae3e9117 |
| SHA512 | d237f37e28124b2167d9a2786e4444638e488de6b5fa2e81dd2087f73ed0947c3f422965424cb878a34a00d8b1afb362ff254558362a68af0ec0758e2d417357 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 3ef5741e20a967de685413e3c744127b |
| SHA1 | 51840020e389dd2d340c8e62a22d76a658d76418 |
| SHA256 | c00333604ae89914082bdf4abf8db642d3b1e5d2691e4004d536998b4ea5c890 |
| SHA512 | 38aebce9649ffbc3f6beb9c72ff854ddbe59164c47c8c4661818323bc84cd4fe0cf25e391184ffe8a039bde6282fa5a5e6cf4960abf422f462423da42c97a6f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
| MD5 | a45491902d94772edac3a65634ba9991 |
| SHA1 | b5c25c3915bf173dda01e13ad39a811800d6610a |
| SHA256 | 4a3bf5d3864d691195b6e0b44861ef524b892c97e88f83e5353de81a4db03e05 |
| SHA512 | fa870c48d3c7080bd8e234bf46f9896ed073f4c2f01d2a93fbd83dac650214ac6f5aae21dbb357a36911a86c9c367a3c0be874c27fee5054a7d9d85941b55cc5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\startupCache\urlCache.bin
| MD5 | 52108c87dcecdfc3307911e304c903e3 |
| SHA1 | 909d29792263fccbc01a85624ec9b736ba9fc906 |
| SHA256 | 7f80308eabbfe640e1baf5e4ba66f62a9b334dd5882229bad818720c8d42dbeb |
| SHA512 | 5c553b6c9b3955d46491f3961078e04717ec3ca7a855e20feace77cf5c3343fbdb2bc6e126b2a297573ef2054689d405b16b999b2035498e1d8ef745119a9790 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\startupCache\scriptCache.bin
| MD5 | 28a1c3782e464f5473c4917efd5961cf |
| SHA1 | c2c4452bcbf3390792c232e156be98408de6a282 |
| SHA256 | e6fc321091f18293e90e6c2d3f342b3a8f6288eb1451e52f6be153235041fc5d |
| SHA512 | 7b6ba8dbb45ae6c94275a40553985016b44bd90536314f342b590b86713ddeeb63764c5e65cdb69dadbdb459723a24ad41966ff393b563569726c6f56bc14ee4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
| MD5 | 69484729dd463f54d8b4ece129acad83 |
| SHA1 | ab25516841bda679279e616446e6b99a68b9399f |
| SHA256 | fb4cb9b4f3c02399ce513688b4eaa552b1f502e7342ee9b606d924c8840fb3ce |
| SHA512 | 5e617d8ae3ecf11dc4087ed8dbd030207f8043f518cf5b8fcb52e2dc8a21b50c3be4636bfb9c118883bb083fa27e333394c4e16491e948e245c048987966e595 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore.jsonlz4
| MD5 | 4fdb7f9a51ba177262d07d38c0238915 |
| SHA1 | f12c5a74467bf624164ac77ab7af517ce46ace8d |
| SHA256 | a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7 |
| SHA512 | fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
| MD5 | aca80c4b68521be7eeb6903445e4b7ae |
| SHA1 | 17548b89cf00f7014dc784c102a021bb8c7afeb3 |
| SHA256 | 2ebd6ae67832ac83c5aa8737a6b5002e1078d1e1504233cc38126b0f541300e8 |
| SHA512 | 8de503ce278dfc2dd23c86aca25f90c36c3130ec758822aeb6544887e5acabc67b23fb08a6d1830651b18ae2dad16a30413face858056c8d9b45d03a861ff767 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\activity-stream.discovery_stream.json.tmp
| MD5 | 999f35fbfc9f2e9a98060ad757d31fd2 |
| SHA1 | c31465290697c768d6acc507eca52c2c25540dba |
| SHA256 | 03e396529a8e797e7266084516633c8a0f66a644c5a962b0432d03a2b71715f8 |
| SHA512 | 95e73fd2bc25377294f066cc6eae216a60d8b41934f65e9b21750abdefc4a47bdbec94526e5f32b73a77b720589a1da4e3d57f6427b0d3dc21c8f70edcb3e978 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\db\data.safe.bin
| MD5 | 37299a0d2a457411aef3cfeea31d6c6f |
| SHA1 | 32f0ea8c9b2122e1933d28e51c9c746a2913765f |
| SHA256 | f782dcdf973686286c6c82750f57c32fbe7ddc0cee1d9d340dcd7ca7d6db3823 |
| SHA512 | 19c08aec26cf12ab814ebc3c05f0749969a05924bc90570684b2ace8ac6b885349c76b7e5b89f1cab1fdddd520dd66380062b56fb43edf2468bc1ad9da3b216f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\db\data.safe.bin
| MD5 | 6c017e12e55af04ac3a228a2eefcab79 |
| SHA1 | 3b7cb022e59f6c290b9f5fee0bb60144553540d6 |
| SHA256 | 7ad5083ca316b9ee55a5db0282e3735d3c0404660a8c3de8c1d0e48bc71539b2 |
| SHA512 | 5c56bf2446f5c3a78047c1c1b096241715904418743b4dc00889141bc9f923b4b570e751602d2ca7e24e932e06c9ef5e8d53b08d78b2494ce23bd290c20713b2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\pending_pings\5b6906a0-1026-481c-a256-f781ed75ba25
| MD5 | 102c42e9a9dc77b80902be412d2df10d |
| SHA1 | e3dd0ccae93f9ea7b92e1801cff93c6995dcf737 |
| SHA256 | 36e24b5dacbecd41dc89a725d328cc6f2990a859c4ca7d849ee403c5596dc97d |
| SHA512 | 98edc3ab304f60f2b3ba7bca123106db010be6017d28006be6d8a91aab315867aa417dfe7dcb68d84711bc7209ed4497b5d9d36ef7309b5b935366a6d46ef249 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\pending_pings\fef70d1d-e631-44e0-9aa5-6eafb9b3dd7f
| MD5 | 0afd3e615aaccec168ff2b1fe59e865e |
| SHA1 | a6517bb87fdb5a8b48201e59da594fde1ca81121 |
| SHA256 | 12af651b6a651422ca356aac47eaac4708b37cbd2dfa98780539a5e0e513771b |
| SHA512 | 5b2005f4f74623727f17e8e0128ad1614b7c3881d8dd1c7da7c528b35a1db5789c34554acf964f70a6dbf5ce3d9b569c2e9a9714fdc3ce4e89d30f9381a4a8c8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\datareporting\glean\db\data.safe.bin
| MD5 | d1258fca00d6ebd70b527d70e532638b |
| SHA1 | 20bffc39324d3c919031dca0b6cf25ce8c56fa54 |
| SHA256 | de0e33bae336d472e71125a812d3dfa03fd847d8bcb3db41628c69955ca2edd1 |
| SHA512 | ee52ca7b2b49cc849856e69df30184e5baf193fb3d44feb4b55fcf5e27991b588dc9dd7c7e372580b70380517d808738c903cd0e4f394189c801f202ef96edd6 |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
| MD5 | 7d1d7e1db5d8d862de24415d9ec9aca4 |
| SHA1 | f4cdc5511c299005e775dc602e611b9c67a97c78 |
| SHA256 | ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda |
| SHA512 | 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\handlers.json
| MD5 | e7a65c5ead519a7b802f991353c26d3d |
| SHA1 | 34cc3c1cf9bd4912dba5fa422010934e46419fa3 |
| SHA256 | 0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2 |
| SHA512 | 2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\search.json.mozlz4
| MD5 | 41d220d4783f67d2b57beec20c135229 |
| SHA1 | 6e97765e77920b6010fac2cb4abf1e3cea106541 |
| SHA256 | 5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc |
| SHA512 | dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\extension-preferences.json
| MD5 | ae847cbf837f2442924326b0e1da512a |
| SHA1 | c4b8800837aa542921d44de0f5188db78b153a69 |
| SHA256 | 1d48a03b907ea8c2412ab0dea238abcd1c7ba686dc1cac155ec55a598f0533f3 |
| SHA512 | 9f7437c3e3bdebdee427642c232ad23a83142ec1c8cd2a3288358a8afa496c4b9a4a98f29a7baa706e837eb84ffdc1a4794114aaa3b7ced3b77bb97486410673 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\extensions.json.tmp
| MD5 | b7e35de1f99dbcb0aee11451175f4c97 |
| SHA1 | 8b35249cd7d4512301267e75108aad1d723b4ae6 |
| SHA256 | 4eddaca8af2e9d62f69dc92030bb0bded2105428c5b0d6367be819ec7e1800f8 |
| SHA512 | 223eebd4381e8cc5060cb5572eb11e9011100c9b3cbf06770c5644174b252d9fb610e8e2e51e0cb4e6f1d0add79d61aa3982751e425c2a1ac27ca11ecf1c93c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\shield-preference-experiments.json
| MD5 | 285cdefb3f582c224291f7a2530f3c4e |
| SHA1 | f816c3e87aa007b6e6d31eb6a4618695a7d83439 |
| SHA256 | 704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05 |
| SHA512 | 8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\containers.json
| MD5 | 94a3843fad8c45c48b0e07342df3dfdc |
| SHA1 | d55b650208bda884d573afebd90830a3f4d7c201 |
| SHA256 | 854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72 |
| SHA512 | 4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
| MD5 | 830380754a25a0932993536eab0aa077 |
| SHA1 | 99d45050a02eac089ae9619278728c0c3e632ea6 |
| SHA256 | cb760d6e030f12be0060a2dc4ba5c30d00ce595425238fb11868b21cf69e6c37 |
| SHA512 | a66cebd75d27ec9d2a12881936446eb8fb8725fd7e0838b785cd846bd8d4190c9460eca9be1a8cead5228d6c43a9ccb82fe597f66ab2706b5fdc95fcbe8b67f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
| MD5 | 4b0551a1b271c50d8be99d0f623804c3 |
| SHA1 | a7eb60f0dcbf49d4cb29e931136b7ad765de4837 |
| SHA256 | 9b1d70c1954959c040f2de57296a09720fcad14ed9ab268c7ca774d7e7dd65e8 |
| SHA512 | cd371a2896fb913e4c9f5757cd509aebbb1c61e656c29f0b6ffa0b202f25de2ed3469624690f73e91720f85e3f91ae7cb4e14a6a57adf1f9d53a93d87e62acd1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs-1.js
| MD5 | 97147b442e690208002c1787f56a88fe |
| SHA1 | 0c576d0a9186d9c55cd17d848c22ac3a4be032aa |
| SHA256 | abaafb9e4a2121bde3eacf09142b8dfaae99cf363c779ab5bdc13d0335c9fe67 |
| SHA512 | a58f341b0c11e29398bbb15973a09d13878f1d5bea2be79d312a09d05bd9a7057ccd06ac6984297a0302cd82c28a1db96ec1ec410c26e5d8d058261df4983abc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
| MD5 | c7be421d5fe3f6e4a68a10ccffc80b42 |
| SHA1 | e8e72c8e586c72066e886b4ca915ab13526d8e0e |
| SHA256 | dd50a6b84c5a3eeb1659dc5783bbe58587f71c29e0a20a2dbdddc625865f67c5 |
| SHA512 | 9949d3b8917865b0e322694e065cefc345098b3f7da31a156ca1a9a42b06bc11828dc8a0fadc96e41e12254936d4caace0581eef3f5e616e1b3c879e071652e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs.js
| MD5 | 65cec362f4e082e39b0ba8e55b5bea46 |
| SHA1 | 1b67bace26859ecff92cb6c835c6a4b1c7810470 |
| SHA256 | 044bdd46c060765d8737f584f4b5abe85f42d42868b1a707f902553c83daf2e7 |
| SHA512 | 88cb855c334522115b82e250086c7336be1851fea12c3f1c7a00d1e50d90f97ff3af16ca37cb4992a66fd2813fe8fc125faebb0452e49dcddfc3e5f526dde7ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\key4.db
| MD5 | 0412d4f1fbbc8a52195c0dd0c4526eb5 |
| SHA1 | 8e3c27b0d10adf47213956a1b53a30488017a948 |
| SHA256 | e3e09a94b9254c4f8f1b0d17f07b14a4e3df56eb70f32b2ed72673c72430e190 |
| SHA512 | 957faf91c2fcb46f7503e1046f45707a678d0b6eb15ad045f93030a0694eea79081e37e440a2e704ec1cc6cd946d6d3b7e4e897914d133fe551d7cfe42df88a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
| MD5 | 9f914c624c6c449c75be4c5b83fe5172 |
| SHA1 | 618ec5f561eb508babd5de40148aa85cc8598a53 |
| SHA256 | 0f8ec13084c5a2e7d694ac7648b57eb35c024ee03345c948b42c43892abe5ded |
| SHA512 | 89f8d9a322431194f61bb155e7e1ddf9e62c48e980b8d9ca67389ac7edb4e182867c8a77ef49417557ba4cd0f3af0bcecba8acb35f3756114e1dffd89a083163 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\prefs-1.js
| MD5 | c2ead25df80baada7461c2a19be91a4a |
| SHA1 | e15e72b2e64e1e487c6e1c5f2e4b368b9b9144d4 |
| SHA256 | 611840de9b4b8fe3e2f6f5b344cca3866728c416c0eacb18968e07949d83b4b6 |
| SHA512 | d5b976ab391cacb45a145c7d5603e8ee09408b9bcc59a80c798a65594c846a689a7011a3a2797a851a313033968d16b73ef8571e1bc01a528fc23d329fd64363 |
C:\Users\Admin\Downloads\Git-2.0qRcFIAQ.45.0-64-bit.exe.part
| MD5 | 5807a2765d82b841715bb5bbd441f939 |
| SHA1 | 439c549c9f2d7a39656c06f046fa21f621ef5845 |
| SHA256 | 771d2b99a25415f21cb9a25287e0ae5d110708e5ed16945dcf58e9109af2b956 |
| SHA512 | f5469d7e37cafc88c997344b4eb395030a45fa05c791d8c1ade7cd30aa9c452734f70a95a937a16bb5e894357473711ea9b91d6bb83b53cf401a56644c5a0728 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\downloads.json.tmp
| MD5 | fc85d2d4d4bd22ad9dedfc9c3eaddcc6 |
| SHA1 | a831be700a56c973f9319b98174f692a7eccd1dc |
| SHA256 | a809a93a603253e50aa7881a10dc49426e27d03a73d60b7c340d288621201b9f |
| SHA512 | 014c0644f765a053d710713aa90dd246df7a4d547c7019d07aa66cefb8d95938dd7c8f59d0f76b552e4148fc09d81911c256fa2fdb211f1c2e3864a59d986691 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
| MD5 | 80ddff2878fe3e2b424a7b2053cbe0b0 |
| SHA1 | 4ac68af4a29a668a6863e59105ee268ed808d724 |
| SHA256 | fe45635a8debe8c686c38ba9bba1525755df06c588d4985b7c9133a51721fd41 |
| SHA512 | 3bd95ce35dc3731304b0edf6071fd720456a667f0a6a963a10c4adf85d16e48b13d3d091f67c564b56f3b9121416839b381fd13b1d7645e49dd2891288730118 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n66081c2.default-release-1714916197178\sessionstore-backups\recovery.jsonlz4
| MD5 | af8134a6708c623d2e4806fd44ee39b2 |
| SHA1 | 4feab440b4ceb9d8706b13ebb004ed962ccfb50d |
| SHA256 | 66a5921818a3eda8192da01d8a05668491b7a807ea424b6fa99a4fb93da6f50a |
| SHA512 | efa2a055af9647807a53edad1a7339c451ec80d68d453123a30208ce6c3ef0947fde7627b95b7234b79515f60a10f582564b872e6c33f4630234d40e80fee0f8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-05 01:27
Reported
2024-05-05 13:38
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/task/1721/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/task/1708/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/task/1695/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://www.tekdefense.com/downloads/malware-samples]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://www.tekdefense.com/downloads/malware-samples]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://www.tekdefense.com/downloads/malware-samples]
/bin/grep
[grep -q %s]
/usr/bin/x-www-browser
[x-www-browser http://www.tekdefense.com/downloads/malware-samples]
/usr/bin/which
[which /usr/bin/x-www-browser]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://www.tekdefense.com/downloads/malware-samples]
/bin/grep
[grep -q %s]
/usr/bin/firefox
[firefox http://www.tekdefense.com/downloads/malware-samples]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://www.tekdefense.com/downloads/malware-samples]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.194.49:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.2.49:443 | cdn.fwupd.org | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-05 01:27
Reported
2024-05-05 13:35
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-05 01:27
Reported
2024-05-05 13:35
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-05 01:27
Reported
2024-05-05 13:35
Platform
debian9-mipsel-20240226-en