Analysis Overview
Threat Level: Shows suspicious behavior
The file http://v.vnet.mobi/ was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks CPU information
Reads the content of photos stored on the user's device.
Checks memory information
Resource Forking
Changes its process name
Checks CPU configuration
Reads CPU attributes
Writes file to tmp directory
Enumerates kernel/hardware configuration
Reads runtime system information
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies registry class
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Analysis: static1
Detonation Overview
Reported
2024-05-21 01:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:39
Platform
win10-20240404-en
Max time kernel
1513s
Max time network
1608s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://v.vnet.mobi/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://v.vnet.mobi/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2808.0.1886007684\842194187" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e0b589c-6b76-4972-9711-68c7aae5f2de} 2808 "\\.\pipe\gecko-crash-server-pipe.2808" 1776 1e67eed3858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2808.1.1202328538\2002536124" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a48542c7-0c8a-490b-928b-0f4c72095905} 2808 "\\.\pipe\gecko-crash-server-pipe.2808" 2148 1e67ebf9b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2808.2.1019911154\825815569" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2852 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a97d85c6-abc6-486f-94f4-bd2a13771749} 2808 "\\.\pipe\gecko-crash-server-pipe.2808" 2888 1e67ee5c358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2808.3.750624150\1394357779" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8891ae6-f54e-43c2-b2c4-9c441a476d02} 2808 "\\.\pipe\gecko-crash-server-pipe.2808" 2824 1e6069fbb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2808.4.1865454783\192910683" -childID 3 -isForBrowser -prefsHandle 4812 -prefMapHandle 4804 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26e93e36-032e-4288-90f2-18d94b823275} 2808 "\\.\pipe\gecko-crash-server-pipe.2808" 4820 1e607c90958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2808.5.451133046\1882598837" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4956 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3ccfa98-a01d-4874-a3b7-b2c8e23cfb8d} 2808 "\\.\pipe\gecko-crash-server-pipe.2808" 4944 1e607c90058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2808.6.501928631\327536144" -childID 5 -isForBrowser -prefsHandle 4708 -prefMapHandle 4676 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {277f21c1-89ca-494c-a240-2f2bae19abee} 2808 "\\.\pipe\gecko-crash-server-pipe.2808" 4820 1e607c8ee58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49769 | tcp | |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 54.188.201.143:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| N/A | 127.0.0.1:49775 | tcp | |
| US | 8.8.8.8:53 | 149.250.164.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 8.8.8.8:53 | 143.201.188.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.202:443 | r5---sn-aigzrnse.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-aigzrnse.gvt1.com | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.168.125.74.in-addr.arpa | udp |
| GB | 74.125.168.202:443 | r5.sn-aigzrnse.gvt1.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 44.241.205.248:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 248.205.241.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d4622f76-79cf-49b6-90b8-88f36c642331
| MD5 | cef58f0e3561772a57129fb0f4ca0099 |
| SHA1 | c40867f70e89f7ab1f9f705b2b665298e8dcd2d4 |
| SHA256 | cedbbeddaa4b058277ecce43d364ad98dd1fcbcd763c32d253c47b3b720ae1f2 |
| SHA512 | 8b594ef744f15620885dc38d834521506acc4e3b60ea23402270a9bf4200d6062d91127b7f47156b0a5afead770aa7fc0a0ed7c3509dc566e9b12881cf7035a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 5baaba0052e460baa602c31cb1e5959b |
| SHA1 | 9626b04a2afc13212089baeee8fe333dbafe5d47 |
| SHA256 | 835e3ead5ec7ea9e126511342467595ffa8940ddd6a9ca3d945feeb41ccd6dea |
| SHA512 | 65ebc88ebb3fc3870363daff484ee109e3ee57b432a3e38daaf98a735dbef0f22943e8587bac78d08bee36d29e7dd226ee39b664c1bfe6987f37b0a0d36d2767 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | acb98d3d4e718735b97cfa91dc502aeb |
| SHA1 | 169e52e36b0118c591b2c7c4566f7d24bb48a1fe |
| SHA256 | d7f03e1c2f27c7dcae5c28ea3c52ddb1d5c8086870d28206e8afc039d6779ce5 |
| SHA512 | a8aa54bcc302f0e67fc2d856e540696259ef259dfc9ca8cf59a02a9552f86e004a251129ea53acd0109f6c6e10395003c884bf45a25424a93165b1b25b883227 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 1bcb0ee4a7c963dc043cbac27b7b0116 |
| SHA1 | e8f1893f51a790cf9482e0c0c15faa48d0de3344 |
| SHA256 | 5cfcd10810d937712d184c57f31eca992f805ac208c853b34f8f90914d224b8b |
| SHA512 | d8cec0e156548467dd3951cbf0ecb89930f171b64db7cc2a0a1bea240b5f4b9a1c1cb262d248cd6b109ffbeeab71bc855b266eeb54e27bf02d8cc22d8a1d26ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2089b200b118298cc091501520a3fd00 |
| SHA1 | 29be34df71aff8671da2bda83b204d9bfbebb8d0 |
| SHA256 | 283b37fb725df4416c8cf25cf4efa042a6a87c8cdd22a6ed57d54721a31130f7 |
| SHA512 | 94ab1f02bb24609372f65558d466610492df87ce9559684f49e4547b46b9524b11cd9e1e5aa115ff598489b5532d0409c88c5fd003e36e2c27cfa8410a263a08 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 5a79bb0f4347cd635abeae7fa21cb058 |
| SHA1 | 45b178d2531b047fa8cb53ac448dafacccca0c30 |
| SHA256 | 95200029063cb04c652354cdf0d05221452b590ad84110424b3ba3ecc76d76d0 |
| SHA512 | 4daa63903292f3ccad915161773f98e5a3507fc656be5d2309f7a4e8d5decf36fe09026dd75e36ed116889b4d2211ee1bcbbf32e7f3d64d0845dd1102e5b12dc |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B57A54712D4634BE74C7624B33B2D5618233796A
| MD5 | fedc8511e20c9a5cc97cf0d8ad6118d8 |
| SHA1 | 105d52d81461dfb39961629263bdf0e0da197075 |
| SHA256 | 588b795dad43a528de863334e6d1cff6b1e6947e2aeffeea618dad484315c2af |
| SHA512 | 2d1732bb9a0012abd74b41653f59cbbb5f4d54576509792b6930d2796446d857dd1a4629894d2ef7d18c4fab683027753b9984bf89bfb94fe1e649fa378e1088 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 140ffee8cd061fe7173e1e2a81a03b9b |
| SHA1 | 41094e9d89b05b9406c5eab0fc1c6f484b186d94 |
| SHA256 | 3c86c226bac0bfdfdbb8a8b73134f32be53b5b5294a152350030d8f98696ffc0 |
| SHA512 | c24a84fbfa9b90e042a130976bef0258122fc498e56b92f226086631a58da06208992b6d1d39c6fdd64a613ac39cf2f62edb68d0fd7b2885587356c3ef7a52f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 1e8c6c3fe42334145812b6f6ddef0e92 |
| SHA1 | 9b40f3c3199572214b3e96527bda557276138764 |
| SHA256 | 7c54b9bd1a86a616a2bc740c13f1a9e56e5dde57102dc35e48c986d9862bbcfa |
| SHA512 | 6d8aa67c077c2325320f9d90763306c7b2407f5f489c96b5ce201b1a7b4be15d97a78047b6fb09ecdf2d1fcbb2e5bc4bd6c384b1574d25102130972fe29cf9ed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3c176915746e84a5324c352d13df2423 |
| SHA1 | 5dff302b7a51e2aa1df44b6817f0478a9bf9bda7 |
| SHA256 | 2d8430b127bbdef0441f0c92d786a8e1db48d1c1258a7083f2b9deb608b295b1 |
| SHA512 | 0d25a58832dba178e3e10eb6ed5dd302c68e2a8fc573c06443ef53faa95b49dd00f5b4fccc7a08ccb32a8e4cbec7ce92aecab3666507fa0c5d7bfab6a53ab89b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | f6664bf6cf1c007a311c4f3a6a6918ab |
| SHA1 | 563f2365c6674ccbde185c4cb504a68a7885bf6f |
| SHA256 | ac132cf0b2a29da67ad612b0266424de8dadb04b3bc1d90e0bebf5c6bc81a7d4 |
| SHA512 | 83a5e55ab62f113f5da4b1198e7866fbfebe2bdd1bb853e2c693e2a07578de00a4e414cbb68cd76000574332a108505a3d0f7bfa5675bdfde77bdc0246602307 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json
| MD5 | 396ceae37d20a86d41e073dfe919eb97 |
| SHA1 | 0f82205690fcb50f028bcaf23a58a0d5cfb3de13 |
| SHA256 | 07513213ffa82e24cc68d4eb8883890c3fa0009bfa201652eae90d095a9b8ba6 |
| SHA512 | 6635bd023ce9c9675c6bac50f2596c939635af856740282fd86adc432fced8f6cd23e1741494cf1a63a81de4d85cc8d2620b2a3094694b70d34dd2f3f691dc0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json
| MD5 | ad30aeed216ba20d5b2003e906709f1e |
| SHA1 | 3ba1d414500b48c04de5f9cbaaa234be3c54a7ef |
| SHA256 | 98a2f3fe9946c7a1c779131997c999a7c234955b234039ceeaaa0110ea828dfd |
| SHA512 | 8fa33df658d4f0cca485e6a3f6237faa402a5224fdc2b122c97b7057526f8bc936ba19550ca78263543b594e892b75dc030ef8ad2d4dc837a763e0fa23f020e5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-05-21_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4
| MD5 | 5454384ec38638981ce5e67157b8f07d |
| SHA1 | 20da940d1b48d7c555b5f7d050fcc26b9fcaa217 |
| SHA256 | faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11 |
| SHA512 | 5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 7af516821da5a6584c3429f53f0bd469 |
| SHA1 | 2c79fc947f9644b1ffec009cebe30fe030c717c8 |
| SHA256 | 7311b043eefb7fddc9dd0680e6bf6d21d576f9d1e179298079ee91322a53edec |
| SHA512 | 653f1b0f52135941ee5b285f6055c56f374666c50d484edd0d06ba1ff9545fb4ebe36d961f083b03e94b92b06f5f1be6acec1a6551005d7553e3c0c790760f2c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7847
| MD5 | a416036257c5e00df01dc747dada8297 |
| SHA1 | e8bef03a441af836878624b0e46c6df3fbef6cc3 |
| SHA256 | 19d0e98810ebc041575c66a87e05f5466eb16317cf4993b0293e6afa69e55f04 |
| SHA512 | f2cb7f02b14509b3ecbcdf89bc60be00cf81e231dd56dc8cd70d403abc6b0e28d0ccf0157aaf911da092c91c15d659f7229b21c6c9b198999b499cfb7f479bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 44e8045b4377c69d46d62f8b0efc7399 |
| SHA1 | 7122aed5205b1ce520dcb789b6f01ef2b29bc65d |
| SHA256 | 65fa3742ea10e6498c05fe2337783af44ca5828659a7ed14c47aacc5f02ccdb5 |
| SHA512 | bb5bfd9887f0810ffb7094b9f8a99206c204064ace527e1ee46c607ed36ff25fdfa99a9c5bc7bb117cf44011ea1b1b666593ca5b977c36dd4d0264b21197fc4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp
| MD5 | 5a7aeb959001e385367a9e24baabd158 |
| SHA1 | f9af7cd87f397728c04eb3448cdedc44421946bd |
| SHA256 | 0242df1fc3f9d535b2a59caf141c25f2a1d91843b988933070e86682b2d15df2 |
| SHA512 | 77ba2e0e56eba85fe0b8936424e68704d5b186386ae9f12b0f1f4f7a9c2beea308ff5178c402f28ac61013317214a5a67dc7ebb698e735578dc35423c71b401b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29724
| MD5 | 28295b52df072331abba81af321f2e35 |
| SHA1 | a392c7a870fe7e533473552ef119b51b16ae0fb2 |
| SHA256 | 330a614a3eb3db8f12fcab2ce2fa9bbc046586a882003edd3554f604170c6fdf |
| SHA512 | 368e2901ffe1a170eff287980ceb2f3ea4151078546de07a03ed5f7fe9a5e2d43638357cfa05455344ffa380b1ed98e360509b6d382584927b088461462c3059 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:46
Platform
win11-20240508-en
Max time kernel
1512s
Max time network
1508s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://v.vnet.mobi/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://v.vnet.mobi/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.0.1420708927\836140081" -parentBuildID 20230214051806 -prefsHandle 1792 -prefMapHandle 1784 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5cfe805-efa1-47ed-9c63-896c1e6286a1} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 1884 1c44d905c58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.1.1567687955\1746747240" -parentBuildID 20230214051806 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f048c74-97bc-4fca-8c86-0aa0c1747295} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 2440 1c440d86858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.2.888821103\895560196" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09b9ca2e-e372-43e3-ab3b-bec79ed39a97} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 2956 1c450655558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.3.363234145\990820944" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3222238c-2cc5-484f-b7a8-53e6fdaf2997} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 3660 1c45382da58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.4.1686945763\2060068644" -childID 3 -isForBrowser -prefsHandle 5124 -prefMapHandle 5116 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2688ae83-f51a-45b0-9886-9b2abc56a4f7} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5172 1c45616cb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.5.1252948747\910192994" -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a215732a-ba39-4cb6-8c6d-819e3c02dc6e} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5320 1c45616aa58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1288.6.491448494\397926641" -childID 5 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e91baab-efe7-421b-b3e9-9ab1e72a4d8b} 1288 "\\.\pipe\gecko-crash-server-pipe.1288" 5496 1c45616bc58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49727 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 44.230.111.112:443 | shavar.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| N/A | 127.0.0.1:49733 | tcp | |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 52.111.227.14:443 | tcp | |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0f9a334cd41690bd3cb62342241074b7 |
| SHA1 | 54fb5c77f1cf5e1540286bf16bf57ce86b0c8cd7 |
| SHA256 | c1c6afcb448a41831f3a218149b4f1563054ebc80296dfebc194d270443bc9ce |
| SHA512 | e8751fc72d0586ed0dff4ab6f1e0bb36b1a5abe8f7d606affb10ca7b2e2a3c64a69a5cf4ed19e5750229fe0bec784b5742cd8662f73eb2c7f0f9ab6ce81c0df9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6acceaa2647e0b2fcb87c128061b71a3 |
| SHA1 | 1c7ce07ea4b0185ecd010b3c7f21f2d5353588cf |
| SHA256 | 6b6ee00aa528a3e5d68942a65cd68a5afd4cd35c6fe870b76e1a9c2ae2bada8a |
| SHA512 | d1deb89456ce839857324bbeb7da1536f97f10979a76c6b78f5f3d607025724d5a57e832e301861c689fb5ab1b547c9a1da88ce951fa6792b4a1db9bf5eaa2b6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\entries\B57A54712D4634BE74C7624B33B2D5618233796A
| MD5 | 3ef4f80318295b75b2417c4e687b2cfd |
| SHA1 | f22b69c176c15a709f1002598703e6cf04078c69 |
| SHA256 | ef6b5439fa689860a03c3e08b284d2183adda25728cfe7ff9e3db8f703f69951 |
| SHA512 | e5802842308db2778dedad23d33a02ab0bc06daecf16d198b0a23a6be4186298748289646da3fecf8e4fd7aa533d0a1694865d114de2348fd91f3dd977d36fa8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
| MD5 | acccbfca495487df56fcde2c9c3fd564 |
| SHA1 | a5ae95e1acb37fcc4cd07e7ad117ffa761f7f783 |
| SHA256 | b689bee8168ade02d5f58f1bd3127dec4cb0eeb4a4c026ffff82b05a948509c7 |
| SHA512 | 70d9ef0e3ffe006c9079a98601dcaf84e7e58314c0a28dc6e40a5ab89542b3b63de6c6575017612fa4e82d1abb41bfa2c5aac7a7eccb990ba0585fcfef2dd396 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
| MD5 | 2c93d3bf045f7b9beb7397e0dc71c100 |
| SHA1 | b107db0220532b277b2bbb2c8788e5c04223d8f5 |
| SHA256 | e447106e659721cafcd50f91ceb3fe1481a3c2852b838ae647d2ca014d8c4abe |
| SHA512 | ab556bfe92dc2ab99ea3c6408739a535f10dea76449719197ecfa5767df8f3f3290de8daee863c293a2474256369fdf12d1b1332f1ae6a4ecd11d77af72abe50 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | faa3a5a8bb73108f8885d8fa15cff4f9 |
| SHA1 | 446e2c875df9da4a391fcf785c79f8da511f875a |
| SHA256 | 6680b839edb13c1260b2a5d680c76092da2fdd225189783c59f16b08f20ecb04 |
| SHA512 | dad669e804d45d0634555aa9cbf2c9fdda210d1c33947068d37b7b69546c8770e6b2cd55c39590d1a7f954a754ccdf63ff1572d34498ff5f3db5911c9ccdbe65 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
| MD5 | cc052f62aa2b31694f51d1ed51a3ed10 |
| SHA1 | 4d664a940dda932fd996a89a70de7f63db2b0f76 |
| SHA256 | a34e46fd6683d22b2cfad31f1935c1de0fc0343b2185c4ebfebb5a789cf32048 |
| SHA512 | d6a904a903b00ea9a59861d6cdaf1ed823ddd7e2690b2a63f89064218ba61f9e72420adf07eda04c65a6389bf3608ef1883b73b6b794100541314240d7062f2c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\broadcast-listeners.json
| MD5 | 396ceae37d20a86d41e073dfe919eb97 |
| SHA1 | 0f82205690fcb50f028bcaf23a58a0d5cfb3de13 |
| SHA256 | 07513213ffa82e24cc68d4eb8883890c3fa0009bfa201652eae90d095a9b8ba6 |
| SHA512 | 6635bd023ce9c9675c6bac50f2596c939635af856740282fd86adc432fced8f6cd23e1741494cf1a63a81de4d85cc8d2620b2a3094694b70d34dd2f3f691dc0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\targeting.snapshot.json
| MD5 | b46546b4a0f6a190cf225557f3cf5b7b |
| SHA1 | c39bc539c7e75ac3823c32ff1090e522a9b615bb |
| SHA256 | cd283529fb4b6bba3ab362f950ebac469e63af3994bc3496654ff6374bb81bd4 |
| SHA512 | b9b208ec431b330231a386c8fc1033594273d652842fc760a3755a407d6010e8dc529f8226e3d7848e62a1df7099e304094e5297b4aec4f767abe903dda0f816 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\recipe_attachment.json
| MD5 | be3d0f91b7957bbbf8a20859fd32d417 |
| SHA1 | fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10 |
| SHA256 | fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7 |
| SHA512 | 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_sports.json
| MD5 | ce4e75385300f9c03fdd52420e0f822f |
| SHA1 | 85c34648c253e4c88161d09dd1e25439b763628c |
| SHA256 | 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14 |
| SHA512 | d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json
| MD5 | 6ccd943214682ac8c4ec08b7ec6dbcbd |
| SHA1 | 18417647f7c76581d79b537a70bf64f614f60fa2 |
| SHA256 | ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b |
| SHA512 | e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_science.json
| MD5 | 7a8fd079bb1aeb4710a285ec909c62b9 |
| SHA1 | 8429335e5866c7c21d752a11f57f76399e5634b6 |
| SHA256 | 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32 |
| SHA512 | 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json
| MD5 | 2d69892acde24ad6383082243efa3d37 |
| SHA1 | d8edc1c15739e34232012bb255872991edb72bc7 |
| SHA256 | 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a |
| SHA512 | da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_real_estate.json
| MD5 | 9899942e9cd28bcb9bf5074800eae2d0 |
| SHA1 | 15e5071e5ed58001011652befc224aed06ee068f |
| SHA256 | efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a |
| SHA512 | 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_shopping.json
| MD5 | 97d4a0fd003e123df601b5fd205e97f8 |
| SHA1 | a802a515d04442b6bde60614e3d515d2983d4c00 |
| SHA256 | bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6 |
| SHA512 | 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_people_and_society.json
| MD5 | b1bd26cf5575ebb7ca511a05ea13fbd2 |
| SHA1 | e83d7f64b2884ea73357b4a15d25902517e51da8 |
| SHA256 | 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0 |
| SHA512 | edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json
| MD5 | 39b73a66581c5a481a64f4dedf5b4f5c |
| SHA1 | 90e4a0883bb3f050dba2fee218450390d46f35e2 |
| SHA256 | 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17 |
| SHA512 | cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json
| MD5 | 36689de6804ca5af92224681ee9ea137 |
| SHA1 | 729d590068e9c891939fc17921930630cd4938dd |
| SHA256 | e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52 |
| SHA512 | 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json
| MD5 | 5b26aca80818dd92509f6a9013c4c662 |
| SHA1 | 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f |
| SHA256 | dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671 |
| SHA512 | 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_online_communities.json
| MD5 | 37a74ab20e8447abd6ca918b6b39bb04 |
| SHA1 | b50986e6bb542f5eca8b805328be51eaa77e6c39 |
| SHA256 | 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f |
| SHA512 | 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json
| MD5 | df96946198f092c029fd6880e5e6c6ec |
| SHA1 | 9aee90b66b8f9656063f9476ff7b87d2d267dcda |
| SHA256 | df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996 |
| SHA512 | 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_games.json
| MD5 | 4182a69a05463f9c388527a7db4201de |
| SHA1 | 5a0044aed787086c0b79ff0f51368d78c36f76bc |
| SHA256 | 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85 |
| SHA512 | 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json
| MD5 | 0ed0473b23b5a9e7d1116e8d4d5ca567 |
| SHA1 | 4eb5e948ac28453c4b90607e223f9e7d901301c4 |
| SHA256 | eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b |
| SHA512 | 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_finance.json
| MD5 | e95c2d2fc654b87e77b0a8a37aaa7fcf |
| SHA1 | b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc |
| SHA256 | 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e |
| SHA512 | 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json
| MD5 | 6c651609d367b10d1b25ef4c5f2b3318 |
| SHA1 | 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4 |
| SHA256 | 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9 |
| SHA512 | 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_law_and_government.json
| MD5 | 80c49b0f2d195f702e5707ba632ae188 |
| SHA1 | e65161da245318d1f6fdc001e8b97b4fd0bc50e7 |
| SHA256 | 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63 |
| SHA512 | 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_health.json
| MD5 | 11711337d2acc6c6a10e2fb79ac90187 |
| SHA1 | 5583047c473c8045324519a4a432d06643de055d |
| SHA256 | 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565 |
| SHA512 | c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json
| MD5 | a92a0fffc831e6c20431b070a7d16d5a |
| SHA1 | da5bbe65f10e5385cbe09db3630ae636413b4e39 |
| SHA256 | 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c |
| SHA512 | 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json
| MD5 | 70ba02dedd216430894d29940fc627c2 |
| SHA1 | f0c9aa816c6b0e171525a984fd844d3a8cabd505 |
| SHA256 | 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34 |
| SHA512 | 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_reference.json
| MD5 | 567eaa19be0963b28b000826e8dd6c77 |
| SHA1 | 7e4524c36113bbbafee34e38367b919964649583 |
| SHA256 | 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49 |
| SHA512 | 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json
| MD5 | 250acc54f92176775d6bdd8412432d9f |
| SHA1 | a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65 |
| SHA256 | 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54 |
| SHA512 | a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json
| MD5 | c82700fcfcd9b5117176362d25f3e6f6 |
| SHA1 | a7ad40b40c7e8e5e11878f4702952a4014c5d22a |
| SHA256 | c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780 |
| SHA512 | d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json
| MD5 | bb45971231bd3501aba1cd07715e4c95 |
| SHA1 | ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a |
| SHA256 | 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d |
| SHA512 | 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\personality-provider\nb_model_build_attachment_travel.json
| MD5 | 48139e5ba1c595568f59fe880d6e4e83 |
| SHA1 | 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78 |
| SHA256 | 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa |
| SHA512 | 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\bookmarkbackups\bookmarks-2024-05-21_11_JXbfKS6Bkmoaf5t-KcHZ-w==.jsonlz4
| MD5 | fe1d3d0726082bc885f337142cb0fba8 |
| SHA1 | e31bd5e0eec405d8353e3566e2a6dd6fa9878c52 |
| SHA256 | ac815374d768ebf60cc7887526265afc05ed37af0b97808b4dc8298aa3be7a00 |
| SHA512 | e4a33e259a2edb376f9c63ea5cee29dbf99e067241648e73ae582938cfc7553c882b82b5abe12bf914e3069a86514b70a3eda6618be27e6ad75e43b1a1484cb4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 9d33014ba96e12b041eea4918efc3575 |
| SHA1 | 3ad15d1609d1b60deaf12fa2ff783c536374ad9f |
| SHA256 | 38fa2dd816e250d0268742976700f67c4feea8651da721bb574f19bb5eb0a195 |
| SHA512 | 98912dd86f1beded73b249cba46ef20eb304c8858489af886fb176cffb31564c9d6c673d710e0f5a71045826ac83a89969a38445c9170d829523ed830be1a9f2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\8303
| MD5 | a84afd94493a003362df7d4c86a5ca5a |
| SHA1 | ce07452d9be5980b769762b12bfaf1c07a6d2d6c |
| SHA256 | a08b150d960b5078391dd8e9b5a52308d58d38a85a0e5c770ec0c2a32d3dea22 |
| SHA512 | df81d42669c96a29c9e4e18804f9636fc9f89495db13ea2dce30fdde1ed05a7ae230b6490fcd5a72b36ee46c4ab18c7f5581181a5b5fdec6a07791c398ee48cf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\prefs-1.js
| MD5 | 89e8abce193aaa18e1b02142aa22a41d |
| SHA1 | 8d8e4f2fc69cbbca9b73d4f67a6a40adf8dfdd54 |
| SHA256 | ae413daf4261e2d0937b90d3d759a49ff23910f3fe205564e595b86f8774dc82 |
| SHA512 | 1bcddf6c3b18d2a26b22db7929719ee5b2465348375d3f3ea3f3ba733745677045fa9ae44c30c6e8e0b831cfa180a22385cfa4e68956b502f88beec4713b1850 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9w3t05jh.default-release\extensions.json.tmp
| MD5 | f3f367c5bda0d3ca959d10a6953d6271 |
| SHA1 | 315ec6af376882ce1c4ac4d3eec9cb9b27360772 |
| SHA256 | 5fcfe7b4b6df66f8a5fd99f1625c7da43f30a8a5ab8da59e05a695e8b6eed249 |
| SHA512 | 38916b5360bdd0e40b1822b2dbbf8eccf1e8a4efa1a7f5600356a1009d1a36613265386181304647445b59de359f9d6ca85ce887272a381ff5340f4cfdc3f3bb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9w3t05jh.default-release\cache2\doomed\2585
| MD5 | 426174f5cccc77100c00ceb092d76105 |
| SHA1 | 3ad090f8fc51c6d650d278a2919e5ebc9ec01800 |
| SHA256 | 1cc2dab338797ee66601c339e5166d3228ba57d3e3491cb0538fa214b98a38d6 |
| SHA512 | bfd20333973da1109ab77f3384416822b413a49dbe8e68d94096e05dfaf851881d19ca916de3b1b21ca27aa46c040266c57f9bc0598d32b1039772f1d578b749 |
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:19
Platform
debian12-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:19
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:46
Platform
win10v2004-20240426-en
Max time kernel
1513s
Max time network
1503s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://v.vnet.mobi/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://v.vnet.mobi/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.0.2007285026\46080507" -parentBuildID 20230214051806 -prefsHandle 1772 -prefMapHandle 1436 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03833ac2-e238-4e76-803d-59955053337b} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 1852 2b273f09a58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.1.1817313545\1662363458" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2404 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1089cc5-f07a-4eca-9bda-5d5df4d0f942} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 2444 2b25fc8a258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.2.1378958939\2071934424" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4db1d31-e588-48e0-806f-02b50dde9220} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 3028 2b276e3a258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.3.1192514583\2072390360" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d03c0876-a414-4dcf-9798-15099bebbf3b} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 3664 2b25fc79f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.4.95059603\947173904" -childID 3 -isForBrowser -prefsHandle 5128 -prefMapHandle 5124 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10c82424-5fd3-4153-a637-a1d82437a1bc} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 5140 2b279e99558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.5.1007284689\47096467" -childID 4 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {122f3dd5-cf30-465a-b121-9e856e577c49} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 5272 2b27ab15458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.6.1807282451\950964221" -childID 5 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26745433-43d1-4b3a-b93e-e3cfe941d1b9} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 5464 2b27ab14858 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:50833 | tcp | |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 44.230.111.112:443 | shavar.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.111.230.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:50840 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.197:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | c3afecc6dba4117fd84055a5cd97d81c |
| SHA1 | 394f32d372ea88fb23ba9c55f9d505b2b5c001da |
| SHA256 | c3755bb42620e08ea4c0f4eabe3feec5a3d43d8c181da208f3f54ee17ea7632e |
| SHA512 | 0bbfa71d45e3f161dde3c97a372f2423cbb35f65fb80a144fba2d4ea7ffd8f8c04d9bc5ae115d32a9fa0ed6064165a7c586b3b5ee6b1c0f31800cb476668899a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js
| MD5 | 17807e10f62aa5c06804bc5750c9d678 |
| SHA1 | eab4e4cdd995f351f0897a372dd52d0d4eb8f408 |
| SHA256 | 2d5028b1101d5ea7ed601946027c1a9a483ab24c6a7ae1258e1c27e373a95c34 |
| SHA512 | cc0c3720abb3b289fef8a9d5f9883b4fe7b506b6955164d637344d78742a228af5333faee2a7adab0c35fd1a6aaf795bd7378c355f10c6c494f9f3bddc5f101e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a0de07ba119b45f55b266ad70e9f86f6 |
| SHA1 | 73fc42434107fc0060cfe2e2edd9ea44ad46f967 |
| SHA256 | 030a47bd50c53b2335af1957c27b630f7c114f0da67210c2170039f063e34bac |
| SHA512 | 62b1abe879216e9fbc8d7fa04ab7b1191e182293251c01495b59c868a5d76e54d588d21d015159454d85937257cb8e509e0f81b00b6529c8c1128af8e4f4ba32 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js
| MD5 | 9b4ff3335e21586051ec2112c9a72807 |
| SHA1 | 0f5805a69db89ff9fce5638e6f72e8e3f7a8d21e |
| SHA256 | e4eccd23381d798ea540e1468ef24673b4cf43ed1a3f8941c4f5b1f154af0623 |
| SHA512 | 86502537fee91c1b4885c54698822ef17f196214d45249e3b695d7c096342a295e1011b27bb4dbf57a8da7f6fb068483fd6c781f81123b3ac1416411270f9ec7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\B57A54712D4634BE74C7624B33B2D5618233796A
| MD5 | 24a7ab5a437d34d5dbd413607c9d23b3 |
| SHA1 | 95e57110273d1dda3394eef8c9c248a7e6a8cdbb |
| SHA256 | 7315d09bcc2334a37197f88d05c5c84a0b532f327e4f997805d209c97e47fa4a |
| SHA512 | be8f6df78d513a467cbf138aaaa26bd51bad0b415ebef0741fc61f4315b2557071ed49b18c6be0938815501c18a5803d14d154193811723e31a4f04123135ffe |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
| MD5 | 08fc48ae47566bd2f9627a1173298485 |
| SHA1 | 0df7ee4b5a6c90c0734e1b7b07480f83195e96bc |
| SHA256 | 329d87f5ca906dd0d0963a1e17168e8f6528b926c74326cf21c43b1ccb0f0278 |
| SHA512 | 9cd187a83ed36466f7b237b018c71e21f14db4a235075a98c94a9fc3182339f16dd2a1020ea3107f475e12b4aeac963e397c87c4c3ef6a1a8217390771b0d214 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
| MD5 | 0b8494cd0b22c595dba8d09c22aea912 |
| SHA1 | 419d9ba0fc31fe9c32306ff93069d1ab5e538639 |
| SHA256 | 413fed214dc096f6b0aeef1a222a80dba2f0479a567755a0653f31a23053cf4c |
| SHA512 | ecadb9f2eaed2255ac9aaf6da4f4c4eb45bfbf42cd8a542376df851cea3a9a11949fd5442f5a54b01df6153b4994b40703a98a589c9ba42e60cbc41afbafceae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c0b6c820631c437eea4e9f682fb87b0f |
| SHA1 | 0167ab9444ca2c85010c44191a56e4effb322ad5 |
| SHA256 | d61dbc4304af9f9440afddc5c1a0c53fbae90c9548e5592ea3987ab29b40a5d6 |
| SHA512 | 889e9a883d9cd12c9db56e644c000fc5f8cb0d35c1eaa177f8681994983bed3c4704fa3f2339e829b1b9fdefb05538318defdf3005f336b17074317e84f4c88d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
| MD5 | d508ab62344861bb09707949166c2394 |
| SHA1 | 414ae630f25370b209b05861df3d3e3d1a0b4806 |
| SHA256 | e822baf7dfc9b52a4529dc8143b03614e32e27ed8a1b95342d170578654e7344 |
| SHA512 | 559e2f4a8a2614ab9ad37a6d757ccdcbc61c8715e0084f3d53363f84a9cc364de817147e2da33f454aa7545b8152cba6753103302bb7176b11387ec3ad910ed5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\broadcast-listeners.json
| MD5 | 396ceae37d20a86d41e073dfe919eb97 |
| SHA1 | 0f82205690fcb50f028bcaf23a58a0d5cfb3de13 |
| SHA256 | 07513213ffa82e24cc68d4eb8883890c3fa0009bfa201652eae90d095a9b8ba6 |
| SHA512 | 6635bd023ce9c9675c6bac50f2596c939635af856740282fd86adc432fced8f6cd23e1741494cf1a63a81de4d85cc8d2620b2a3094694b70d34dd2f3f691dc0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\targeting.snapshot.json
| MD5 | d5655268d621227acb913acee128d7e6 |
| SHA1 | d1eb43168c432d1551970d120dcdef1b7b13f9ce |
| SHA256 | d07f4bcc3704cbc017a9208fa95624b5dc362e934f2194ac202f90c225bdcef6 |
| SHA512 | 7ec0f92d64709998033fa48b6fd3bbb9ea082bf93d8ddef427a01d7329801d4412ff6bad65140d27ec239ef55d5ec5340d3ad73ba91500d4e720c5f16fb36076 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\recipe_attachment.json
| MD5 | be3d0f91b7957bbbf8a20859fd32d417 |
| SHA1 | fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10 |
| SHA256 | fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7 |
| SHA512 | 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_sports.json
| MD5 | ce4e75385300f9c03fdd52420e0f822f |
| SHA1 | 85c34648c253e4c88161d09dd1e25439b763628c |
| SHA256 | 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14 |
| SHA512 | d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json
| MD5 | 6ccd943214682ac8c4ec08b7ec6dbcbd |
| SHA1 | 18417647f7c76581d79b537a70bf64f614f60fa2 |
| SHA256 | ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b |
| SHA512 | e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_science.json
| MD5 | 7a8fd079bb1aeb4710a285ec909c62b9 |
| SHA1 | 8429335e5866c7c21d752a11f57f76399e5634b6 |
| SHA256 | 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32 |
| SHA512 | 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json
| MD5 | 2d69892acde24ad6383082243efa3d37 |
| SHA1 | d8edc1c15739e34232012bb255872991edb72bc7 |
| SHA256 | 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a |
| SHA512 | da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_real_estate.json
| MD5 | 9899942e9cd28bcb9bf5074800eae2d0 |
| SHA1 | 15e5071e5ed58001011652befc224aed06ee068f |
| SHA256 | efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a |
| SHA512 | 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_shopping.json
| MD5 | 97d4a0fd003e123df601b5fd205e97f8 |
| SHA1 | a802a515d04442b6bde60614e3d515d2983d4c00 |
| SHA256 | bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6 |
| SHA512 | 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_people_and_society.json
| MD5 | b1bd26cf5575ebb7ca511a05ea13fbd2 |
| SHA1 | e83d7f64b2884ea73357b4a15d25902517e51da8 |
| SHA256 | 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0 |
| SHA512 | edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json
| MD5 | 39b73a66581c5a481a64f4dedf5b4f5c |
| SHA1 | 90e4a0883bb3f050dba2fee218450390d46f35e2 |
| SHA256 | 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17 |
| SHA512 | cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json
| MD5 | 36689de6804ca5af92224681ee9ea137 |
| SHA1 | 729d590068e9c891939fc17921930630cd4938dd |
| SHA256 | e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52 |
| SHA512 | 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json
| MD5 | 5b26aca80818dd92509f6a9013c4c662 |
| SHA1 | 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f |
| SHA256 | dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671 |
| SHA512 | 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_online_communities.json
| MD5 | 37a74ab20e8447abd6ca918b6b39bb04 |
| SHA1 | b50986e6bb542f5eca8b805328be51eaa77e6c39 |
| SHA256 | 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f |
| SHA512 | 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json
| MD5 | df96946198f092c029fd6880e5e6c6ec |
| SHA1 | 9aee90b66b8f9656063f9476ff7b87d2d267dcda |
| SHA256 | df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996 |
| SHA512 | 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_games.json
| MD5 | 4182a69a05463f9c388527a7db4201de |
| SHA1 | 5a0044aed787086c0b79ff0f51368d78c36f76bc |
| SHA256 | 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85 |
| SHA512 | 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json
| MD5 | 0ed0473b23b5a9e7d1116e8d4d5ca567 |
| SHA1 | 4eb5e948ac28453c4b90607e223f9e7d901301c4 |
| SHA256 | eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b |
| SHA512 | 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_finance.json
| MD5 | e95c2d2fc654b87e77b0a8a37aaa7fcf |
| SHA1 | b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc |
| SHA256 | 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e |
| SHA512 | 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json
| MD5 | 6c651609d367b10d1b25ef4c5f2b3318 |
| SHA1 | 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4 |
| SHA256 | 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9 |
| SHA512 | 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_law_and_government.json
| MD5 | 80c49b0f2d195f702e5707ba632ae188 |
| SHA1 | e65161da245318d1f6fdc001e8b97b4fd0bc50e7 |
| SHA256 | 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63 |
| SHA512 | 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_health.json
| MD5 | 11711337d2acc6c6a10e2fb79ac90187 |
| SHA1 | 5583047c473c8045324519a4a432d06643de055d |
| SHA256 | 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565 |
| SHA512 | c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json
| MD5 | a92a0fffc831e6c20431b070a7d16d5a |
| SHA1 | da5bbe65f10e5385cbe09db3630ae636413b4e39 |
| SHA256 | 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c |
| SHA512 | 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json
| MD5 | 70ba02dedd216430894d29940fc627c2 |
| SHA1 | f0c9aa816c6b0e171525a984fd844d3a8cabd505 |
| SHA256 | 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34 |
| SHA512 | 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_reference.json
| MD5 | 567eaa19be0963b28b000826e8dd6c77 |
| SHA1 | 7e4524c36113bbbafee34e38367b919964649583 |
| SHA256 | 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49 |
| SHA512 | 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json
| MD5 | 250acc54f92176775d6bdd8412432d9f |
| SHA1 | a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65 |
| SHA256 | 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54 |
| SHA512 | a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json
| MD5 | c82700fcfcd9b5117176362d25f3e6f6 |
| SHA1 | a7ad40b40c7e8e5e11878f4702952a4014c5d22a |
| SHA256 | c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780 |
| SHA512 | d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json
| MD5 | bb45971231bd3501aba1cd07715e4c95 |
| SHA1 | ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a |
| SHA256 | 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d |
| SHA512 | 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\personality-provider\nb_model_build_attachment_travel.json
| MD5 | 48139e5ba1c595568f59fe880d6e4e83 |
| SHA1 | 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78 |
| SHA256 | 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa |
| SHA512 | 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\bookmarkbackups\bookmarks-2024-05-21_11_JkL4jvSueFH6SMjiN1dWRg==.jsonlz4
| MD5 | 631980835d626d13447207c26ddba801 |
| SHA1 | 48a949919ef0d1d30d0d7b43f372d720986c537e |
| SHA256 | c750624e8d3bf2b79a845fcf4e6d8a5c8e1797e385a99b4b285096961194e083 |
| SHA512 | 900c4001eed201bbdb744cccfd84ece6312adfbd46be8fbab9eda496a87bfad07214e56efc59307c1fed423a82aa3fa05aea4d83c8853307b7a24a4b11b4df04 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 8076642818a652f2b501d1a9ee1dc41b |
| SHA1 | 99de26ef6a80e87fca312606ccaff0129a34a58b |
| SHA256 | 5ba3e74fabd476be09f09854af370799861469208278e42993488db638d9be2a |
| SHA512 | b1e34a18e9bff64e8f573d3ed405c79142991f55c1aca936fd6c499f61e6248bb1decc4bc567530015fdde02b933b89ac6681b82803e96361ee901086854bbf7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
| MD5 | e226a6d3fcb72940496f7df2bcd1b982 |
| SHA1 | e0b4893c727151c4cdbfc7511fd4047ab0e54606 |
| SHA256 | 5756b0717a4bfbc772caae7b371338583f53836f5ee5b2f432b256a8294929bb |
| SHA512 | dfad79dfc5ac197b2dd4a064374c0f101a1bec46dce72faaa652e5e67c8f1badfe9ca00fce810866b8b719e73df5a39b846c787f215384c6de35ecc2ecff3d1b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\7943793AD6EF12CA229A1DF7A721B44C210BBC82
| MD5 | 900b25fe61d8562e65237c0135da1897 |
| SHA1 | 05f7d566e9656a95a50d6bf90765ccae0cd8d66a |
| SHA256 | b54ec4fe7495a04ce91a6117d6355f39ab2468e831fc2e0cf40bcda8db893d92 |
| SHA512 | cb0915c41272c65e590e68cc5d79ec429cafc4657eec90e8a30fe5967de263cc90c91843055ab577b43526a090fb165e5be331cfa90c6323bac2098018d5a889 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\extensions.json.tmp
| MD5 | dc775875f33e6d1efbf03bb097871992 |
| SHA1 | 39fd125a18f7085da628385003ae4ba06a19dd05 |
| SHA256 | 040547daaa6a9259e9522252f99da0b1bc80ab89f557280267abc2e1590a641e |
| SHA512 | 1b7aef15adba2523488eadd4eba100e934aa9506826f9aedd7b68dae04a61e25ff75c2df88e47a1651d401cd2867db3244485418e4a502933e121501c91fa36e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\24989
| MD5 | 50207349ba24eb658376cffa316e7817 |
| SHA1 | 8318231bcb20d4b8989fd57baa00d87f8af3756f |
| SHA256 | 19daf8e1d8e481e6f29962979554dd24e9d72663906343ccc5325556154d5470 |
| SHA512 | 9eec231f4f6fe584c3ab5224cdefaa49fccfe7a6c6a3547b1b6d9638a9aada1c6d5f009391fb564d30090321474f9a4c78e22ee34e91fd1174a8ec4e9f075772 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:48
Platform
android-x64-arm64-20240514-en
Max time kernel
1805s
Max time network
1822s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 216.58.201.106:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | v.vnet.mobi | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.250.110.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | v.vnet.mobi | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | gzxkvhijzolbp | udp |
| US | 1.1.1.1:53 | ejeeamurahget | udp |
| US | 1.1.1.1:53 | kxqkgov | udp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 172.217.169.78:443 | tcp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.228:443 | www.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:48
Platform
android-x86-arm-20240514-en
Max time kernel
1784s
Max time network
1832s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.195:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | v.vnet.mobi | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.200.10:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | fbqeubu | udp |
| US | 1.1.1.1:53 | nagqknsmhx | udp |
| US | 1.1.1.1:53 | pmixuhikgaidulq | udp |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.178.3:80 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.187.226:443 | tcp | |
| GB | 216.58.212.227:443 | update.googleapis.com | tcp |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.3:443 | update.googleapis.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.169.14:443 | android.apis.google.com | tcp |
| BE | 64.233.184.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:19
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:19
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:39
Platform
win7-20240215-en
Max time kernel
1559s
Max time network
1560s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://v.vnet.mobi/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://v.vnet.mobi/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.0.714725935\1977680650" -parentBuildID 20221007134813 -prefsHandle 1284 -prefMapHandle 1168 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {472d9151-8c39-4ef1-aa6e-ac3a8f4aaf7c} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 1396 107ef458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.1.59592892\1111834320" -parentBuildID 20221007134813 -prefsHandle 1564 -prefMapHandle 1560 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a442e7e9-0cc6-4ae6-803f-d1cc130f1ec1} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 1576 e70458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.2.606358150\792449228" -childID 1 -isForBrowser -prefsHandle 2056 -prefMapHandle 2052 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 652 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea76a6ce-4d1c-4d98-b37b-63270ccdb8cf} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 2092 1a281b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.3.955300266\839501178" -childID 2 -isForBrowser -prefsHandle 1724 -prefMapHandle 1720 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 652 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85fe955e-0d0a-4c12-a7b7-6c741a6d61ea} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 628 1b4eca58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.4.2060239938\1058975279" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3660 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 652 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {478cc895-cb17-4f70-b0e8-537a7a28c0bd} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 3636 1e720e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.5.924220019\530837470" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 652 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8539879-20ac-4abe-86c2-fc72306a8607} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 3760 1e723858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.6.310902133\194300991" -childID 5 -isForBrowser -prefsHandle 3840 -prefMapHandle 3784 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 652 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ecd58e5-c202-4967-88d4-cf6ef530a10e} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 3828 1fda3a58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49188 | tcp | |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 54.188.201.143:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49196 | tcp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.241.41.59:443 | locprod2-elb-us-west-2.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 202d214b126bd5be790e38d18aca1c69 |
| SHA1 | 9763c5e028ad1267cffd7bc2c6076b50e1089609 |
| SHA256 | 8d2680f4cecb9a056c2e7519d2e230f37b6936fde388d7f13c420c2664c5553c |
| SHA512 | 7e3fd70036b93705be2e44653cec677193df9672c24d982e005deb6b2fd21dd7a66f342fdc6a02a754de7a856f75dc99b68af9cc9a3bd79264ca057c30911cd8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\32044327-c26c-43ea-8f19-a09e6d5bec22
| MD5 | ca58c2805148306b92f9d18486eed1c0 |
| SHA1 | 901fe223ed626be39aa9266c88375e2bb7b6ed37 |
| SHA256 | a1e87480d9aa37669790e9ee2c69bb49aba0c2363ab8c14ed8454335391eeed9 |
| SHA512 | 74df1ba2503222032520b30d329ddb3b9006b476ed776f0d6dc2ecc62dc640f2944de3395edafa20c0d201d5ea00ace2598c4956f864516ecdcc91f4eef00833 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | d950025355e38f205533d2b98522b41e |
| SHA1 | 97dd6d03edaba4322a86ba5e7eb5228c18b2029d |
| SHA256 | a15cdf2fa5315c10eaf35daf9665479685d71ce8e3ef37e466fd98cabf81e863 |
| SHA512 | bbc0d5d7d31431538d8ffd4222c3a792d13f38d1ecc22f473d68e59d5fc8b342157a324412e09ae09cfc6a6dbfe711efe844e7dcc49fdb097797d032da705530 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6a3d70733e1908f380bceff12dbef4d3 |
| SHA1 | 020120041fbfb7241e37f00e6e9b033584f99bb9 |
| SHA256 | 89b007f28f8389b5752b5ba8b5a747c6d0f778f2f0f527e7e96017357db6591a |
| SHA512 | 33b7e53229cb3a0ec7e3eb8d8c7a7fbc3ee9c53fcac8ed79c251f3d67e5a007ad887fa36f881235029927e7ec4b7da7e42b39e75fbf902cf6e78bd38079897b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\B57A54712D4634BE74C7624B33B2D5618233796A
| MD5 | 38d62a93b6471fd36cf899211073db85 |
| SHA1 | d56e6eb68c8dcf07b0e2c340b723175b7f3bb593 |
| SHA256 | cf0d1c94a1fd97a106523604b0d922a205f2e258db49c173fc05b8763ff53f65 |
| SHA512 | f9963420d336a5b86560b6278588248cb0cd20e1279b1da8d39ae3aa7f4c3481065919283da94d8e15f94b81414a1896a102e2bd6521b6d9e8d277e6acd1bb56 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
| MD5 | d1cbb9d97c4ffd1cde39a7fd803d688f |
| SHA1 | 8cbc1e9e8132c4838165dab15ec98a9b5fc40f8e |
| SHA256 | 8fdf8dc5199aa60888fb763ef1cc6e35bfbd872306ee6b629398cdb4f947da24 |
| SHA512 | a13043cd26fdd096543d193922db65421e518fcc7a7ed97b2a28533a139f843233df6353b135eb3060a4f140e848224de3b2883f3a5f1e7e1d8967a31b62c7b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
| MD5 | 335e7949bbd1b1c64f9d66ebab6f3f6c |
| SHA1 | ced195fef697b1af0925dbe528085e877fe0a12d |
| SHA256 | cd5845eae5dd4fea4c0878413d6619a68a462bee97c806d3044cd74557229df2 |
| SHA512 | 21da285b96e1e18684e3718b737bc05ed00a90691842febbc740fda93538bda0a297f7cb7ff707732ffff0a80955067af2b22f23f7c4c45cf42634f468a84026 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | faccd3464c68706ef770a32bd43ad320 |
| SHA1 | 479c90790249e4fca798f7ba844119398d412450 |
| SHA256 | fc270c9f27ae6cd6da9abb91ba7a0f53593f1a103d9c34c1a7c2ead957e16f3a |
| SHA512 | 04a870dda7d7ddcc68ad7124c2b78571ab84265e936de07003f9ed7587ce211b2725af4145d7bba697e73d1d5ab5c224d0311a06eaa0db3edb915f7737519220 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6a59e523bd220eed5bf74b957da4d82b |
| SHA1 | 9804bec09b1730894e95539e407e0b01abd605eb |
| SHA256 | f1421cc7f280480df2f28d58cf71324bccc40953a02ce15903c44fee7148797f |
| SHA512 | 22937563d2daaa7edb506e795b0a54e7d3dea9bb55b07bc4fcd1fcd0a2f486380353f1d9537de69553ae278e1080fe337c829df30cb2f9912567b69130494a01 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
| MD5 | 4ab546d418518a35290161ecb7422ad7 |
| SHA1 | 8e7e3cb0b17200c00133b41a2df4cf962898830c |
| SHA256 | 117ee12e4ac9d88a75591979f30014e8b8f4bb26fee6fd8d29fbd975bb6afbff |
| SHA512 | 444ac8199e4bbe5ee339afb43ad052acb03494e6545313ea0641ba3eb0a2d08b1d3d6b21f713787fa805681bb1ea612088355b1aa7d0a7233451663e10773891 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\broadcast-listeners.json
| MD5 | 396ceae37d20a86d41e073dfe919eb97 |
| SHA1 | 0f82205690fcb50f028bcaf23a58a0d5cfb3de13 |
| SHA256 | 07513213ffa82e24cc68d4eb8883890c3fa0009bfa201652eae90d095a9b8ba6 |
| SHA512 | 6635bd023ce9c9675c6bac50f2596c939635af856740282fd86adc432fced8f6cd23e1741494cf1a63a81de4d85cc8d2620b2a3094694b70d34dd2f3f691dc0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\targeting.snapshot.json
| MD5 | 9fc1274a876c62d5fc79605e908571ad |
| SHA1 | 5655f05615abf8e78b4b755f82b387d262617f8b |
| SHA256 | dcaeaa694980584235c964e288a97826637353f6e2b9175ba7aa1b5af8a79f71 |
| SHA512 | e8cc9ed1a131385c6397b1f8819fd84a89f1aaa4204a37ee2866369a762d1d7bb23d5fa175e2d001a10f91ecc31e9cb75e569dbe143c599c1d333e6752d735a6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\bookmarkbackups\bookmarks-2024-05-21_11_mnkoSynjVnGqdC6r6kKnuw==.jsonlz4
| MD5 | 680e60dd1632ca5aca18d0ac51c0ffdf |
| SHA1 | 6942ba42c730059f0bf86266cd0601bd174fc1c8 |
| SHA256 | 2193918c9e6be24ad95b177d6bb274635a8c6b34308560b26bc2906e01a1e7f8 |
| SHA512 | 1334cde9f88a3bba29cd111cbeefa8b3b3fa6ce2fd6b02edc73502edf5dd530eafbd49ef1e7716374150d1fc6c9ca75c260e10f5e9391001c7e80380c326fe68 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 5ce9a64fbc3605925584c9cafab69fd9 |
| SHA1 | 99b0f269801c54f7958d3c37db8546fa17023eb8 |
| SHA256 | 68da73189584696abad9efc89a46e317e24c99ccf5f83f956dd94183a352ae51 |
| SHA512 | 70f13195561ae77aebda22a96726a84ef818d5365883ad495f9dea5d0a0c3d1ea097e5a287cf6fbc682c4bf3fbe2ff02113317ddf98ec5d0bc8021cacd92665f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
| MD5 | f8bba51647e2af5bdddadbc63410e06c |
| SHA1 | a3db84b1a4bcff2af3ffe892f3f788115a0be654 |
| SHA256 | 5c8cbb00ebcd7505f359ecded85a033ededa739c8df6c1261cca51ff5e4b32fc |
| SHA512 | 5b0bb6b8d05510458bc57148514b562aed979bbe45aaa01d1b3afc867ee7130e6dfa4cfb4254691d21d7490fe0c37bd682ef5f445a9e6c0698eed99fb9b1ca58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\extensions.json.tmp
| MD5 | de449619356ef3f77de910c01c1373b1 |
| SHA1 | d780da63de7b638fd760fae666a35155f3c25198 |
| SHA256 | d4232bdc6a2371296a385a305f96b1c3b406a3c7aab2094c2a2196905f1c98c7 |
| SHA512 | 2d30e1be279f92fe5eba4104bba807a8966da2f7d277cf3175d6fbc2693dfbc9f6d7e8ed13dcde98a0eabeea2e7e29b9b0e8dc040db867b8b81b16b8218c092c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\31136
| MD5 | c4d0949c6ecffadec9cb0724f4eedca4 |
| SHA1 | 49152bfd3050a9e752a86bbb91bab9466521fd84 |
| SHA256 | 8ce34843caf8dde8ff4dcfd288f866dfc2e5bbd2a03d701cff2245a89c894509 |
| SHA512 | 39045732b9a88cc34f792c3b537ede3b2104327d2a17656f8d8e2c83a096ac5845a815a602877f1651aff76e2592aba0d7b690a96c790e26ad4dbb5b204961b0 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:48
Platform
macos-20240410-en
Max time kernel
1253s
Max time network
1695s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer | N/A | N/A |
| N/A | "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck | N/A | N/A |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
Processes
/usr/libexec/xpcproxy
[xpcproxy com.apple.var-db-dslocal-backup]
/usr/bin/xar
[/usr/bin/xar -c -f dslocal-backup.xar dslocal]
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://v.vnet.mobi/"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://v.vnet.mobi/"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://v.vnet.mobi/]
/usr/libexec/xpcproxy
[xpcproxy com.apple.gkreport]
/usr/libexec/gkreport
[/usr/libexec/gkreport]
/usr/libexec/xpcproxy
[xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer]
/usr/libexec/xpcproxy
[xpcproxy com.apple.systemstats.daily]
/usr/libexec/xpcproxy
[xpcproxy com.oracle.java.Java-Updater]
/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer
[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window http://v.vnet.mobi/]
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater
[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window http://v.vnet.mobi/]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=27]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=50]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=299776724 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=60]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=299856950 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=60]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=303104841 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=303350651 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=77]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=303653860 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=71]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=304141488 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=79]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=88]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=100]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=113]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=72]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=310240863 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=114]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=116]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=118]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=33 --launch-time-ticks=386329492 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=124]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=34 --launch-time-ticks=387451494 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=124]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=124]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=124]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=124]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=43 --launch-time-ticks=472709535 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=44 --launch-time-ticks=583422597 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=45 --launch-time-ticks=640636724 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=46 --launch-time-ticks=723282780 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=47 --launch-time-ticks=809875242 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=48 --launch-time-ticks=921653078 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=49 --launch-time-ticks=1063428077 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=50 --launch-time-ticks=1445307185 --shared-files --field-trial-handle=1718379636,r,1273106805765281279,8758047318696230435,131072 --seatbelt-client=122]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | v.vnet.mobi | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 142.250.178.10:443 | optimizationguide-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | optimizationguide-pa.googleapis.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | bag-cdn-lb.itunes-apple.com.akadns.net | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| GB | 142.250.187.202:443 | safebrowsing.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| IE | 17.57.146.88:5223 | tcp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 8.8.8.8:53 | 3-courier.push.apple.com | udp |
| GB | 17.57.146.154:5223 | 3-courier.push.apple.com | tcp |
| GB | 17.57.146.155:5223 | 3-courier.push.apple.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
Files
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.o1MSnL
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir3CTjV0/CRX_INSTALL/manifest.json
| MD5 | 87213fdc9783cd5d58e380eb255daa53 |
| SHA1 | ea326bf03d6a72dcd8e764f322a2a213a8b53f0c |
| SHA256 | 1e64c0c4d7ba808fdba4a0860d174a16ee62ef06ee02833594d3c3404733da8e |
| SHA512 | 464169aa5f254763b4e81a457460c632313d9412fd05ea002553c19174ecf1d0e7548ef934936b6128f25d779dc3163a9206aed67f8602ac7edd12ec224e7eec |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir3CTjV0/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dir3CTjV0/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/01e4d76b-ad32-4ed3-a18e-be2a02150569/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.sPx43a/lmelglejhemejginpboagddgdfbepgmp_447_all_ZZ_acwp6wvglyek6afqzpjutmbxj2oa.crx3
| MD5 | 6f8712ab0f7b19a9d78b58b07349e22e |
| SHA1 | 3fa134a4e8e5c82d81da98e71d614d84543811a8 |
| SHA256 | ab2d131d4f9b49c0072f414b09924c36db8837195235f495db3df1027795b506 |
| SHA512 | fc31d1f532fb8f15fa283a5a530dbac4d86f9b926ab26c2e5b2fd774c97a797d513a79c6d888829ff96460d1703ccf25303b4accb41fe97a9438b9434d917725 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.9q8cNF/khaoiebndkojlmppeemjhbpbandiljpe_65_mac_dzlxuetwsybdv7gfmhikquhdj4.crx3
| MD5 | f5ed8ad664370de2d16265ac99085dbc |
| SHA1 | 52deeff97bc4c2777b70b7d79bedeae161183150 |
| SHA256 | 9fe1922c50cef6ab1c62d9b37a37e0a7d6e82639217b4b7fb1537183ae0dbf55 |
| SHA512 | d0ee804f80dbb6a6a9a5e6165829f840761526782933997b73e22fcda452be6a2b4025c51e22c7980d5a49b985d26b70a2d1f4e5d40f5863712103c1c50e67c7 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.uyylj6/jflookgnkcckhobaglndicnbbgbonegd_3029_all_adnxd2rvpn477d4egwq6cpd2mz6q.crx3
| MD5 | c1b74942132ada8ca3e3361a7f0a8198 |
| SHA1 | bdcc82266bb17cb163f4638a1a351dd0a112a48d |
| SHA256 | bcd7ce195652ac4d6d3e79888a6a21b5175c69e617fcdce5d765df921456dc64 |
| SHA512 | 19013cb481bb7ccc3223fce19ff9522b6f2dbd5a6a6f8cdd485da8d6b69efbd2796e96992faae560e1bdaace700458559cc6f87d50f3a155b1daf7b32975d9cf |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.MnDMgH/ggkkehgbnfjpeggfpleeakpidbkibbmn_2022.10.19.1145_all_ac7cecrzrmfngskhgmtk6zmhfjoa.crx3
| MD5 | cb79d407a4d6d8526b42060b9210b5c2 |
| SHA1 | 331e3d66e82e130042897faf86dcbd05d7b227f1 |
| SHA256 | e3a7322843834a5270a01c56533a34a24b1a253e3bda6f14046e10d818446165 |
| SHA512 | 0ea283f2077ff874e1f2518565497864b11fd8a65f03d65e2b2996048bdba19849fcab81d9a8220cd51d4a09741b9cf222b1393f6ea4fde6db76dfe0590efdf9 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Po4k6R/dhlpobdgcjafebgbbhjdnapejmpkgiie_20220505_all_adfdqqtvlhuhhtrt6irlkpynghca.crx3
| MD5 | 667e9eec04509aa9e2b318f580addd8c |
| SHA1 | 346267ecad10c54de52a3aeb766ea72449500326 |
| SHA256 | 0c24e9bd976adffa987e08fc54dc0950c84cf18f9cdb4c5caabc6acf24887c4f |
| SHA512 | a9d22d49290c164abf36dd7e887063ccdd2bf508eb2d16bbac6de749e5152805ecb38ca39352706150de29a76839fa6a56c084ea4f2757b61887b3a7912be917 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.3C2yc7/efniojlnjndmcbiieegkicadnoecjjef_960_all_l7ehgbhkri3sx3rpysdff4oy3u.crx3
| MD5 | 4ff67390448e5e098f98410dcf5b8a7d |
| SHA1 | 7a8e878aa322093282cfcbed177dc5956eafce35 |
| SHA256 | 5c9f3521e7178bafcd6134b7b4f3c64073bb2a13b16d412e3b55a2c5ecfb1115 |
| SHA512 | 92dd39a950d9331a459c1664e80d825835e49c5889e94b1705e93d78372eed749589b6056fa210312a8385c796c39ba1fbdc7806a63876eb6365fd95cb45fc4f |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Gngcfn/EWvH2e-LS80S29cxzuTfRA
| MD5 | d7d63288830d5930f435d6841de6de5a |
| SHA1 | a2afc39ac8fd17fa88030ba8b48d9d8ee93c24d5 |
| SHA256 | c64c9c1008f3ba5f6e18b3ca524bc98dcd8acfae0a2720a8f1f3ef0f8d643d05 |
| SHA512 | d4d85fd16a291474f99a6fa9cc76d5432f5865fa0d76e4185ff5ab775045122cdab771e88da8fc317a059ab901373644b2e7251d31c4fa2c389d9b7584351e20 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.u8KhAK/pdafiollngonhoadbmdoemagnfpdphbe_2021.08.17.1300_all_acatmzocbizfck6xlj6bync6egba.crx3
| MD5 | 49ead9b7d2b2ec477daba795de846db0 |
| SHA1 | 95c030a130b9171e8ba4dd35ba3ee93ea5fb2ddc |
| SHA256 | 54b93e249d02a0f9061e8f70866d4668a0260db9ae43483810ab78f97f3eaa2a |
| SHA512 | 661000c35e25564c6d76219a5fd327edff7287a29dae54b677a7399eb136d0c93f099eb00ea9d0b3c965d068ea505335bcd580931662aeea2c796588ba8ce049 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.ocEJOd/imefjhfbkmcmebodilednhmaccmincoa_29.0_mac_bfqwqczv2chgncq7qnwqjby3my.crx3
| MD5 | 0fa505d26fd906c645e60aa05f12af36 |
| SHA1 | ecb1def63dba6d475dcd61c4d3a6938855e6f24a |
| SHA256 | 9738a550f51cdfb80146b1620b40a37d58c5136254ee1f0f03c20a864fab89d2 |
| SHA512 | 6c49784a21465a2b7348720003f072a279a7aaeb88783b98cdb968a54cb1ce6771122a6f1bbbfb8dd36507576c81d6caa000166f2dc0f81a3feca4e8d5131a00 |
/var/root/Library/Application Support/Google/Chrome/ClientSidePhishing/29.0/visual_model.tflite
| MD5 | a9803d560544e4d1fe551b2c113c5370 |
| SHA1 | a998fdb1e80dbca61267db112812a7ee34b82dce |
| SHA256 | d38a4cda8912f9598b8701dac7d5ee90eff324ed1fb9d277b9784fe45a4e6c72 |
| SHA512 | 65b8b6ecfea2aeae95a39581c39476a54721e07ee7c296650ccddea29a09b29a11cab15fdc89f97295bd61423dc13a66666faca371200bcb459dc1f25b6c89fd |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.VJiMOf/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
| MD5 | 2db7e78c310ca8e73c069a604eac4d99 |
| SHA1 | a6d1e03514f8eba03ab81f1380fc54aaded823b6 |
| SHA256 | cd1978742a4afdbaaa15bf712d5c90bef4144caa99024df98f6a9ad58043ae85 |
| SHA512 | 681eaddbf304f4513b008b98493272b44815460568876b93528851ff7806775de38e6ec588fe27a2cf3dc804415e83a420e45d754b25ad4bdf68ef2c78403aa3 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Unindexed Rules/9.49.1/Filtering Rules
| MD5 | 6274a7426421914c19502cbe0fe28ca0 |
| SHA1 | e4d1c702ca1b5497a3abcdd9495a5d0758f19ffc |
| SHA256 | ae2fd01d2908591e0f39343a5b4a78baa8e7d6cac9d78ba79c502fe0a15ce3ee |
| SHA512 | bf1287f502013308cdd906f6e42998c422ef1e272b348e66122dc4a4e471d01333b418f48d1bb2198c72845bdc950612597e179e612aaa1ba6cf8d48fb8f0cf5 |
/var/root/Library/Application Support/Google/Chrome/Subresource Filter/Indexed Rules/35/9.49.1/Ruleset Data
| MD5 | c5e30274fe7b93847f6d7c02410d1209 |
| SHA1 | 488a49f38459f29e110c706c51b61ca1ae3b0e26 |
| SHA256 | e634e3cfdd0d27d0be1f5f9a19748d19d564928765db343503f42a6e1f5dd4ea |
| SHA512 | bc235bb3af269e9a828e6788dbae2b42cabc879b858102f4cc76c0fa02af0e296d20ffc8f134c0a3f9b408643e4810e8c46afeb0c285b892908b06ea1aa1b811 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.7QlW2J/obedbbhbpmojnkanicioggnmelmoomoc_20240404.625479014.14_all_ENGB500000_incvymraubxlb6ke6cnqmodupm.crx3
| MD5 | e2c281ae14ad2d32ce83029ba21887c9 |
| SHA1 | 8bf02cf7f5b19f8412ee2d736cb8db733941899c |
| SHA256 | f0682b4237a8e14c53c5d54f83d1e49697793125ad1f1f6955bb3e8cd750d8c4 |
| SHA512 | ac8eca3f3170495ff572fa1f410faca483275f97d1914bdda190b044eb78fcdc43609888d756f70c628f6f2e74aaefddc6d0d548b9bfa40890700f31443be883 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Nmw9Jj/7_all_sslErrorAssistant.crx3
| MD5 | 636c653ec2c30bb767533901a18669b2 |
| SHA1 | 4b5a01cfea4c5deb62f3aafa01ef24265613b844 |
| SHA256 | 3eb16d6c28b502ac4cfee8f4a148df05f4d93229fa36a71db8b08d06329ff18a |
| SHA512 | a4128fb20a5df9e573e92b45f5bc18dcdf4be6e7e39172d08847882f17361320141e89b35deef337e40c365d6f1ccdd1b991eb4593d805dfa2e39a5257c335ee |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.yGbiRz/hfnkpimlhhgieaddgfemjhofmfblmnib_8772_all_acvoxv6qajl2xtyn6lspje56za2a.crx3
| MD5 | 77906575b00e996ad735a0071fb9cf9e |
| SHA1 | 0e46394f86ee9dc42cd7d8820b5cff1ea1c272b6 |
| SHA256 | b7b32d9868216d26ca81eb795b2865140b950db456a97249e60657a3a7ed97af |
| SHA512 | 805eed9566e0749295c651c3d174b4a5712375b8dad9c680bbd73043183dae7147cd7ef79e4dac29b10a4c9a8a3fa7836c8143dc61d1ae5d6b19eb136ea655b5 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.UlLmVj/1.0.0.15_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
| MD5 | 39fbc1bf4c6c8f919181e3e72630f974 |
| SHA1 | b73f2394a2c1ac341df75ba63eef4e5e9830fade |
| SHA256 | 3a118962ef814c91f6476bb9f0de58afa63103af6ac1b8729be9b39a86789e96 |
| SHA512 | 2dbd8f772bc113f6500dace5d187b12c79e6e3a5c7f6f68d270beebc482334a1970499b28de5187a3619ff3ecd20aab10c31df8433d509dc011e1e88978ab70e |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.7D7j62/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3
| MD5 | a40c655b337e082c76b6ab04042b7ae0 |
| SHA1 | 3cc2a2b7178a29fd2d246cbc532684d6ae45bea8 |
| SHA256 | 545666a4efd056351597bb386aea1368105ededc976ed5650d8682daab9f37ff |
| SHA512 | fb4d54b573eb2275d8a3580fff138ecd7bded27ec58086b909b12c03c8005e35105c354a4a1ff76ada608ee8bbabeaafe208bb9e557661bb74e4ca39ee5eee56 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.HJgWeK/laoigpblnllgcgjnjnllmfolckpjlhki_1.0.7.1652906823_all_jtggsagwbg7dhs53nvq4e53lva.crx3
| MD5 | 91e1255f92fc76b16509bbd174a992b5 |
| SHA1 | 44cbc6b7b60470149850d375f2e2ae95cf1c012b |
| SHA256 | 29661be65c8fb50d3d4df2fe040a1cc6dd525f50a95850aae6a191301c3de744 |
| SHA512 | ac1588c003c345aaf9a7c4b5f2d338fdaba041dacd65db567ff8cc588b47e372863e44a4a87f611c1530fb42fdb1388814d3caccf8bb3498c7efe78fc321d9cf |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.hlFdK4/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 91a8d56c19e60520cf00b78a506b87f0 |
| SHA1 | a794be44a680983ac0f87b1faedf064a65016623 |
| SHA256 | b158d145928f6c80d855f1fcc5b6813e73b7e14327d65fa9abb26c438e56bf29 |
| SHA512 | efe8b3be1ff7c30596230e091a5109b1328b3f603a4f3cad134ad99cf648b8b3a0dbdd79413f854a53dae4e1316862c6b6798660dd9f37283a97115905c65d06 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.hlFdK4/npdjjkjlcidkjlamlmmdelcjbcpdjocm_1.3.19.240_mac_adygwryqqyfdwvvjh32xxi6rilea.crx3
| MD5 | 861e98ac32975e811c39c952cdc0c05c |
| SHA1 | 9c7eeb28abe6e73302711b20483db9249b22dd7a |
| SHA256 | 37600add4e35cf0d2f58e147fdf3c2e8e7ef213f184ecfbf3a9c9ddcd5b5a9b8 |
| SHA512 | 4f05d7f8204a13023ca7f05e9fb0ed47a13ef32950472ab4d7ec2c0910150562a47f5909ca675df466b75618be2f5e89c9c10fd4a572077a8cd7b6c63b81a332 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.0MEzqb/gonpemdgkjcecdgbnaabipppbmgfggbe_2024.05.14.00_all_pt6odrcwmcz2ifcbvpdpv25i3u.crx3
| MD5 | 252acf01a9d4dc426e5cd19663e4df42 |
| SHA1 | ac59d37d42d032dcc69b33dad2794da277f02aa7 |
| SHA256 | a0d36633da5e9660efefde44a0762f678cb7a0e47eca24d0f3e479b6ae303673 |
| SHA512 | d467bced9a90bae54324517c9053de48985be287d0a097edae51d805141f2d0484170510fbdf35d33b907b4032b55a0b80959435b0fb1f630190cce95387a2bd |
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:49
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
1678s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/task/1535/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab http://v.vnet.mobi/]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab http://v.vnet.mobi/]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 195.181.164.18:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.48:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | daisy.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.49:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.49:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.96:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.17:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.96:80 | connectivity-check.ubuntu.com | tcp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:49
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
1799s
Max time network
1680s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/task/1577/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1758/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/1552/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/1738/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/58 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1644/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1504/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1702/status | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/self/fd/131 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/110 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/self/task/1413/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/79 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/self/fd/117 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/119 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/77 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1411/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /proc/self/task/1646/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/103 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1556/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/106 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-afc-volume-monitor | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1523/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1616/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/115 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1660/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/74 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1722/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1459/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1528/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/72 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-identity-service | N/A |
| File opened for reading | /proc/1/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /proc/self/fd/12 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/114 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-goa-volume-monitor | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab http://v.vnet.mobi/]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab http://v.vnet.mobi/]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234760 -appDir /usr/lib/firefox/browser {a0e91d60-46ed-4b65-9ddc-642b0ff196a2} 1411 true socket]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20162 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {079d4af9-ad75-4d00-aa72-4d03757c910c} 1411 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26350 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {3c753094-d9f4-48ca-8bcc-9c8327aa3484} 1411 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 28846 -prefMapSize 234760 -appDir /usr/lib/firefox/browser {0688675e-716f-44a4-834b-d9a6f8e2b49a} 1411 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25428 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {dbc987a4-ddbb-4eeb-8053-fd13ed032286} 1411 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25428 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {8df5fd22-cb4a-47da-9e92-af3c09e23ce4} 1411 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25428 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {1a1783ff-cfde-4359-a958-3a3d688ee650} 1411 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | v.vnet.mobi | udp |
| US | 1.1.1.1:53 | v.vnet.mobi | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.241.205.248:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 35.164.250.149:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | a19.dscg10.akamai.net | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.18:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.48:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.96:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 91.189.91.49:80 | connectivity-check.ubuntu.com | tcp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:47
Platform
android-x64-20240514-en
Max time kernel
1814s
Max time network
1831s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Reads the content of photos stored on the user's device.
| Description | Indicator | Process | Target |
| URI accessed for read | content://media/external/images/media | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 108.177.15.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | v.vnet.mobi | udp |
| GB | 172.217.169.14:443 | tcp | |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.200.10:443 | safebrowsing.googleapis.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | txgmpmwpg | udp |
| US | 1.1.1.1:53 | fqubtvoqqnentct | udp |
| US | 1.1.1.1:53 | sqethieromkpth | udp |
| GB | 172.217.16.228:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| GB | 142.250.200.2:443 | tcp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 216.58.212.227:443 | tcp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.227:443 | update.googleapis.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| BE | 66.102.1.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:48
Platform
android-33-x64-arm64-20240514-en
Max time kernel
1812s
Max time network
1820s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.204.68:443 | udp | |
| GB | 216.58.204.68:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 162.159.61.3:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | v.vnet.mobi | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 173.194.76.84:443 | accounts.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 216.58.204.74:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.178.10:443 | gmscompliance-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | gmscompliance-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.204.74:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 216.58.204.68:443 | udp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.201.100:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.169.35:443 | update.googleapis.com | tcp |
| GB | 172.217.169.35:443 | udp | |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 142.250.200.34:443 | tcp | |
| GB | 142.250.187.200:443 | tcp | |
| GB | 142.250.200.34:443 | tcp | |
| GB | 142.250.200.38:80 | tcp | |
| GB | 142.250.200.38:443 | tcp | |
| GB | 216.58.212.194:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 216.239.32.36:443 | tcp | |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| GB | 172.217.16.228:443 | udp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | udp | |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| GB | 142.250.187.195:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.169.36:443 | udp | |
| GB | 172.217.169.36:443 | udp | |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 172.217.169.36:443 | udp | |
| GB | 172.217.169.36:443 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| GB | 142.250.179.228:443 | udp | |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| BE | 74.125.71.188:5228 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| CN | 118.85.193.208:80 | v.vnet.mobi | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-21 01:07
Reported
2024-05-21 01:19
Platform
debian12-armhf-20240418-en