Analysis Overview
Threat Level: Likely benign
The file https://njdsahdn.de/invite/i=3 was found to be: Likely benign.
Malicious Activity Summary
Resource Forking
Reads CPU attributes
Checks CPU configuration
Changes its process name
Writes file to tmp directory
Reads runtime system information
Enumerates kernel/hardware configuration
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 14:42
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
win7-20240221-en
Max time kernel
57s
Max time network
56s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://njdsahdn.de/invite/i=3"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://njdsahdn.de/invite/i=3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.0.820073237\1167308062" -parentBuildID 20221007134813 -prefsHandle 1260 -prefMapHandle 1252 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34779f11-f0eb-45ce-9311-9eee1a885158} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 1360 45bb158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.1.179524458\720499382" -parentBuildID 20221007134813 -prefsHandle 1528 -prefMapHandle 1524 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e85e707-9a64-45e1-a4f6-71b68d3abcf6} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 1540 d6f858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.2.1463432813\18540642" -childID 1 -isForBrowser -prefsHandle 1868 -prefMapHandle 1752 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1830b51c-3885-40a5-9f12-1617bfd7e9fe} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 1156 4562458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.3.1889563737\898752934" -childID 2 -isForBrowser -prefsHandle 2828 -prefMapHandle 2816 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {286b52cd-3fb2-476d-9087-e9efe1ba36c2} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 2840 1cd39558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.4.910927230\1128497726" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2560f761-d58c-4022-aabf-317f4247d8c2} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 3708 1e668b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.5.335570947\931643928" -childID 4 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a0e74f4-1a02-4e73-95e5-9c06a3953084} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 3808 200ed658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1736.6.2011736086\1755235923" -childID 5 -isForBrowser -prefsHandle 3980 -prefMapHandle 3984 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 872 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16d40461-45b8-4a60-8755-d04ef50171ff} 1736 "\\.\pipe\gecko-crash-server-pipe.1736" 3968 200ec758 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49190 | tcp | |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 104.21.6.138:443 | njdsahdn.de | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 52.42.69.239:443 | shavar.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 104.21.6.138:443 | njdsahdn.de | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49198 | tcp | |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | b.yzcdn.cn | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| GB | 104.166.160.226:443 | b.yzcdn.cn | tcp |
| US | 8.8.8.8:53 | ut89.v.trpcdn.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | ut89.v.trpcdn.net | udp |
| US | 104.21.9.136:443 | oncept671.center | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.86.251:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin
| MD5 | c2f0b7b7bcf59968642c46f77b319a76 |
| SHA1 | 10cc8a58675d1e3770e6c1c68d314c7e7c5e63ec |
| SHA256 | cb7e9d0dfdf95630f45931990d9f6edea15088fe8e6dfa72580475d17bada7cb |
| SHA512 | a5452f3ae63c5e66fafaee78e0980d3554a4277600b5cfa2bede6fa9462e9ede90f42fe5809d20f553b4991f79dc30c40d01e3ca793c5235df2061e4a1572aa3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\60aa2301-c6e0-45a6-bf1f-d826431f19d9
| MD5 | d4ea98bfc3b89de12dd9b3ac87be7ee8 |
| SHA1 | 114b2c523677d6f8329fc6312f8ded099d98b8ec |
| SHA256 | 8ad292eeb428ff24d9ef31658fb1dd6e690ef69e64b75861b67f3b56c277de9d |
| SHA512 | c0f19332a9e5d341d27ef2f5b78b3de24bcd56ee286be5946ae1592c2d653236373e10a2cabd4631fa7836e13863c3e6a4d375f1bd107072e51feb6cf10526fc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\0617e3fe-4042-4161-b43a-91c386d6755f
| MD5 | 2520e8262472ab5d4570333610483e79 |
| SHA1 | 57698002584cebc31e3316d226069492cb11e8f6 |
| SHA256 | 0efe15cb6e38f926855d7a07ea87596ad746b554b26937109fa51d49ff28a84e |
| SHA512 | 81ea6e1e99f268c58d0ed74738306aec1fdb017b955b3f2e9371118d8a5850fa7aac21c0d47c2a9fd69dcb39e32529079ab96a0dea3cbae52e51aa0ff546834d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 65a881191b54c0fac2da189f713e0f5c |
| SHA1 | 74fff2a03c4a936edaf3bce91c527c590a8ef7ee |
| SHA256 | a2f8a8108edcf65b274ce69327c484e59dea35d059e3279b6b50b06071d879ef |
| SHA512 | f384f0c72456b1175768d1631ecbace356288e5b3c5a582f10bea01ab60dfe00b6daad97dc9d096de9f99d3a8380032205ac5ca191e05195d2dd0a73a67d75f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js
| MD5 | 7f183dd47541770abb8800a6b1302a27 |
| SHA1 | 0acc0a3825bcf65d232efd45d7b1b26d7d5b3f64 |
| SHA256 | 9444622840d80e5fcaf30b0b604d069aa2af073fd50383a0e87b87f69f7fdbd1 |
| SHA512 | ab1479e69824f593316ef868c01cea97561b6469a62c1e551bfbc3834a4c1d3c020d4ed3a4b870b30fb7acc9594c33bce7497a619f9cb09b00a1a63979ec8146 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
| MD5 | 2c43319653d992043bb44f00c6d8c8c7 |
| SHA1 | fa7869dd1ad11c9b291fd218d7c300bd9b5f1b2e |
| SHA256 | d705b99946e670550d062f74ef00ed887241365b609f8b350d8d2ecbfb8fb7ac |
| SHA512 | b5131063409b4ac237d860f6559cced08cca9bfa31be8e2fa6f8cfbbbf612df95d2b8ca861fdf389b0a9760051f127a9cf2c5f2268b8ecd45404beba5ec1b6a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 85bacd469d79233d967401e83b666589 |
| SHA1 | ce6d256391734eb7cc0314981b4c9d8e9243efad |
| SHA256 | c838127773d8c3ec0563233a7a043cf825b72eb6532832f9e9dcdfe5de65abb4 |
| SHA512 | daf9483a22428a11ed33f28e73509657d90d3b3bc907ab0fd0ff89def3982e87eb677895ad8a3247134bb9510df274487d160f1d58912383b8f99c935dc8c82a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
| MD5 | 70161687e2816e901ea67bcff17e54de |
| SHA1 | 3b2d7ebbfebd176a400b529374006c9386afca8b |
| SHA256 | a1b08df8d03b4c16899fffce7fb30318a0bcaa09e45da8b182880b9767bca106 |
| SHA512 | 11f09c3ce7465ee105968cac95cdbb8515513dca8a0ed71362a88027ef380f86dbc431a5ed9ad3abb81dd83416ae46a5d8eb02c170cf2252a4cd5eb383f18855 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js
| MD5 | 7c40db591820bf53fa803f15df43e67a |
| SHA1 | fa472e33723f9f30c6106ab5a7e96c2a3209c7d5 |
| SHA256 | e777c9d09157192d7f40019133e998f4dff6ebe5d5210e6239598384337ea911 |
| SHA512 | 6af070dacfb0cf20214bf254f68a521b9c00dcdadf3794bad0a4a3c819c5693c03f47ec9124d5b4b3ff30b3333d446c0dbe5d69d4ba2c693886c225b0256165a |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
win11-20240611-en
Max time kernel
57s
Max time network
55s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://njdsahdn.de/invite/i=3"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://njdsahdn.de/invite/i=3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.0.513742537\1279418258" -parentBuildID 20230214051806 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64c189d4-5c6d-4d71-8427-300a560cb151} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 1924 1af8a70dd58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.1.1659008081\1789345061" -parentBuildID 20230214051806 -prefsHandle 2436 -prefMapHandle 2424 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cf8df91-2c29-457f-a7a1-621e4c435efe} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 2448 1af8ab91958 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.2.793716303\1744460231" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2968 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec2a81fc-0a5d-4924-841d-6e8c7e0a55a2} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 3160 1af8d643958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.3.1282999595\455950574" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9099c7b-89c4-4305-ab06-ce51cd670a8a} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 3656 1af904e7b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.4.1748964990\1371944510" -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5240 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1db03cf-9bc5-42a5-9f50-f5dde940df59} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 5252 1af92aba958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.5.1495984207\1888489042" -childID 4 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4055efaa-d923-4fc1-abb6-14b9a668096b} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 5384 1af92abac58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3688.6.1460905709\812768388" -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df00f841-9dec-46a2-b0f7-78a329c74969} 3688 "\\.\pipe\gecko-crash-server-pipe.3688" 5472 1af8d643058 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 188.114.96.2:443 | oncept671.center | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 188.114.96.2:443 | oncept671.center | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:49725 | tcp | |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| GB | 104.166.160.228:443 | b.yzcdn.cn | tcp |
| US | 188.114.97.2:443 | oncept671.center | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 188.114.97.2:443 | oncept671.center | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | udp |
| US | 188.114.97.2:443 | oncept671.center | udp |
| N/A | 127.0.0.1:49732 | tcp | |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| FR | 23.200.87.12:80 | a19.dscg10.akamai.net | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 587a6982c692f65ca9ba7f2ce6af06f4 |
| SHA1 | a6e3bef40c91e22ef0783f30c7a5c785e6c60cfa |
| SHA256 | 751e8c891338b625b40830f84da9d412316024b7b92bf3b742b8c8dba6df383f |
| SHA512 | ceafd3eb2a33a9fd9b4f1c1fd05d3b1223532d2aeae07509b69be1e95ae0d75661ae2d0e3758edf71c91a4fb2b45ca170e7b20a607f524c5ae22af0c4ba7bdb2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 4a82b392d28b28a93ea7d67abeb95c34 |
| SHA1 | dbd3b6dcb491e2e38246672d261ac01bb817c493 |
| SHA256 | 1558942b2097dca2b8b19a44dbb4050fc99f6a0ecaf1ebfa6f8cfbe174450d87 |
| SHA512 | 36a90fb67a4a6961e6b25de3bfe32d2f1c99c516d24a79b7c3405e4fa904558a4daef252242198328e88c71d59f8dc32bb20a1f0cad39df9d0ef30c40bc4520e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs.js
| MD5 | aba4c4008df2176b71acf84b54b8d54a |
| SHA1 | 5b04532f88d4f534f1957bd163b02c33f97f0bd0 |
| SHA256 | 1c5bfb962217b78813a7bfc139773c6cfd9afac75a2f3a51a49db1a71ff4d1ab |
| SHA512 | 4e9c85407e0edb3be9221dd1e26526854c57506e7f2626be9abdeae43132f523197d054558f5773a668c95a4b6cf1486236864ad7ef52b50c17416937d24cd9e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | de22866a41127b8c718dafe9ed438ba3 |
| SHA1 | 1ac2e0c39f09156755642574d92d4e87bfc29188 |
| SHA256 | 6f45549103c4daa1a7b85964b438df3684750fdd173ea69f3d7c7ecda6257a45 |
| SHA512 | 92ce356f8eef9ea82abf1271a8d716122092768f933d025ff47e52a9aad07b5ac94f70728d82376dbb91cec473b8dcadd11f0622dd11f8beaa95299c664b94a6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7l3zro2y.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 54b4e136fc942022633189a16305e630 |
| SHA1 | c235a7ca6060007b51d996f20d2633510c20642b |
| SHA256 | ddea931271e707972e2147d6c21698397df1afb653e5fca663e519c5477fb0f0 |
| SHA512 | 23fc2bccc773ac88b1a30f7b22996779a71dc00e519b980ee355ecb138f58dbb7563d3f389899c05906a556109e4102bd36cd2239182bf8bd42438111a97a8f1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs.js
| MD5 | 01ba7851e0ccf84bac0ebb542ca7eef8 |
| SHA1 | 10f235d98c8f4103014859407ac1b0d067fc5fb3 |
| SHA256 | fa49bb9f07f501f0dcaf56e63325d3d1641628bc28e72285e311b01110d53a15 |
| SHA512 | 1a3e69d394413966294bf02b04a27234a71274208cfdf39549b6da189bfc33212e1b28c9d780e620d2089e23606de0a89c2a46e011bc639274c7a9e03cd4c7d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs.js
| MD5 | 63ea068edc031298fedda64a634f9c35 |
| SHA1 | 49967003bce079ddb7d2a2ecb4e997703c0eceea |
| SHA256 | a31c7ad5a9cef90059b8c94d7fc36405b7a2601e6975f32a8ecdcf7fafdfdec1 |
| SHA512 | 7d4d901ad545c176503e6cd115a4b1aa5643132e517ab4b3fb709320208a94830c9218a888e92d4e0ddb71fbdd2cd8e9e2b0218f12f779ea18e76ac347d3120e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7l3zro2y.default-release\prefs-1.js
| MD5 | 07abf212c6c980881f58a76a04aa3bad |
| SHA1 | 286f0a5e3b968f378a999f37a01f3a9eb6cc5387 |
| SHA256 | dd1562e46942cef001782b60ce76e8f87a1073eca04878390db57178e783ff12 |
| SHA512 | 9e64d657d242f68faeebf463076f7545f1c84b21249e754d6b6e433da192de8fab0530c512ef5bd1b66c7046069c18835fec4635f5bb676c3d1fc6432790a0eb |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
0s
Max time network
36s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/task/1466/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab https://njdsahdn.de/invite/i=3]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab https://njdsahdn.de/invite/i=3]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
58s
Max time network
55s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/fd/116 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/92 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1446/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/115 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1739/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/93 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1734/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/89 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/74 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-identity-service | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1671/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/114 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/self/fd | /usr/libexec/gvfsd | N/A |
| File opened for reading | /proc/1728/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/10 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/dconf-service | N/A |
| File opened for reading | /proc/1699/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1722/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1403/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1612/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1497/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/nautilus | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1491/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1755/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/32 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/113 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/118 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1534/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/67 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1722/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/1400/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1565/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1652/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1748/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/120 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1543/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab https://njdsahdn.de/invite/i=3]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab https://njdsahdn.de/invite/i=3]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {16775b79-b0c7-4453-9450-694a6ffafa3c} 1400 true socket]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20271 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {7548dd24-b310-4299-b0bc-be9cbc120fe5} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 28792 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {8778e829-5689-43b8-894c-47857bb6d312} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 29483 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {cfc1d670-175c-4396-a290-bc63462eba97} 1400 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {acaf17b9-7216-4130-8303-4a3f12b86ec8} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {c53456aa-5cce-40ca-b1ec-bb8858c483b0} 1400 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25826 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {669f1892-2d2e-476d-a559-b2a24da89c7d} 1400 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 104.21.6.138:443 | njdsahdn.de | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 104.21.6.138:443 | njdsahdn.de | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | oncept671.center | udp |
| US | 1.1.1.1:53 | oncept671.center | udp |
| US | 1.1.1.1:53 | b.yzcdn.cn | udp |
| US | 1.1.1.1:53 | b.yzcdn.cn | udp |
| US | 1.1.1.1:53 | cdn.discordapp.com | udp |
| US | 1.1.1.1:53 | cdn.discordapp.com | udp |
| US | 104.21.9.136:443 | oncept671.center | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 52.33.96.36:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | ut89.v.trpcdn.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| GB | 104.166.160.228:443 | b.yzcdn.cn | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
win10-20240404-en
Max time kernel
57s
Max time network
61s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://njdsahdn.de/invite/i=3"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://njdsahdn.de/invite/i=3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.0.465581090\719736558" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc15ee83-819b-4dc0-8075-e492a8b587a1} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 1796 1b47f2f1358 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.1.1718969324\380415765" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da37c30a-350e-4035-819d-81cb7302e2a4} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 2168 1b47f1fa158 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.2.1018292530\682555851" -childID 1 -isForBrowser -prefsHandle 2660 -prefMapHandle 2652 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa28edb9-6b12-4448-ade9-aa328e39cf05} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3012 1b40add6f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.3.860773778\1710370635" -childID 2 -isForBrowser -prefsHandle 3608 -prefMapHandle 3604 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3a0aa73-102e-4e6d-9780-e0b2589837d9} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 3616 1b40bed6958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.4.546601900\1771521360" -childID 3 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c79cb493-4a36-428d-b7db-ee89c9b559d8} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4800 1b40d430a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.5.437787481\1369079356" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1dccb0a-063d-4e97-9800-c56894cb02e5} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 4928 1b40d740c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1940.6.1341782685\120902654" -childID 5 -isForBrowser -prefsHandle 4780 -prefMapHandle 5124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7469480-58bd-4831-8bc1-9c505f85d93d} 1940 "\\.\pipe\gecko-crash-server-pipe.1940" 5112 1b40e3b3e58 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49766 | tcp | |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 104.21.6.138:443 | njdsahdn.de | tcp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 104.21.6.138:443 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | 138.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.194.232.44.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | b.yzcdn.cn | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 172.67.130.224:443 | oncept671.center | tcp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| GB | 104.166.160.228:443 | b.yzcdn.cn | tcp |
| US | 8.8.8.8:53 | ut89.v.trpcdn.net | udp |
| US | 8.8.8.8:53 | ut89.v.trpcdn.net | udp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.160.166.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:49772 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.87.12:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.87.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 104.21.9.136:443 | oncept671.center | tcp |
| US | 8.8.8.8:53 | 136.9.21.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0defc4ed-821f-4b1c-8b1f-ef6b11e9f780
| MD5 | a4b65e520988f599a16709823d7d4134 |
| SHA1 | 0608704b4dae96107c415c7a92e67bfa38683355 |
| SHA256 | e609ed638658d9455d63e13d8812f86b53e94d41ef9e2b79fa09eec62dfc6177 |
| SHA512 | 29c7c5f6e83f358806e89ed89740dd1015064017ee7ac9ebb8cff544660b347ee421a4f325deaa9ada05644b365dc9322679a74fe75612e9306cbdb84e249a81 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\cdebd17b-b757-41ef-8487-8902e4472ebe
| MD5 | 2ac0a96d4540b62771187eef7a9567a0 |
| SHA1 | a4c8e705231e3bc6819599578e2aca74f0978325 |
| SHA256 | 4b8582a15abbe985610f74a47ed8d4a0d49f409efb844a29a65c05f76b1b5d12 |
| SHA512 | 52093235c4bc322980c904cbd49c474d3f6763f114c16a73408d29ce3f968887e02d94e3e2f7d8f7f0db60be19beb7b7c56a90b28eb18db87ecf3f30af9ec3aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | a311e2974843326497ad42291974141a |
| SHA1 | 6f219b94c8431c2818946747a33b43d227704487 |
| SHA256 | dff82db0a334de56f4ee1541577368e90cbc3e33651d099ea46f06c437e9462e |
| SHA512 | 0878546c1c872c0874538f9e4127bcaf35df3ef8e4e7e7a5432cbd697a1af971bd0601d169338d55e35b9e858d8ee2b728e1259ff92aaa68bc8db5d1ef24394f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 36acd5255f7050ccf3d2fbd6db60e56d |
| SHA1 | c83ea65613ad5ded2113664c9f270d521f0fd6eb |
| SHA256 | b473d47c2d401861ad50ee9868df22b22ce47ebc927884fa09a77d23027d2944 |
| SHA512 | c516d5c292dfcb0b6f875b3526bc8b4fa2ae59e9b8d58b13359f0d7f4236d5916bdae4e9ba4432ab3ad6abb525c8e5a1fcb3af2f7b62ecd9fc0f42589aa20dd3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 66e7b5faddbc128bd0b6f431a5c98418 |
| SHA1 | b4ac010eae32f42aec11576db87f14eebd1fb719 |
| SHA256 | 627b83861923b418e9ee916b0176225000a241484b02199eafaefc82311fabe5 |
| SHA512 | a935aad155f46e583649b490e268489a05667138703aa9fc4ab000e4576bcfebf9baebcd75cafa101002b7ed14056f4afaf992d4291e70d924eb64f063392907 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | bd3bb88b8924f1cdc86c832d9e11f5ff |
| SHA1 | 4c22d04a87502964b9e0995753218c973a38a80b |
| SHA256 | 4ba9cf030c5fedf68d4a7462e22459dccc0ff048f93bd0e53b88c54a51b74a2d |
| SHA512 | 6fccd8439226800745616f94c599ba555f12a2925ed65c35676be7c9bfd19d3c835f70abdf517c67ab5c793b76b7b24bdf6bfb6835faca50eb569b32f74500d1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
ubuntu2404-amd64-20240523-en
Max time network
59s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.wikipedia.org | udp |
| US | 1.1.1.1:53 | www.wikipedia.org | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 1.1.1.1:53 | www.amazon.com | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 1.1.1.1:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.amazon.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.wikipedia.org | udp |
| US | 1.1.1.1:53 | www.wikipedia.org | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 1.1.1.1:53 | www.amazon.com | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | www.amazon.com | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | incoming.telemetry.mozilla.org | udp |
| US | 1.1.1.1:53 | www.wikipedia.org | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | www.amazon.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | www.wikipedia.org | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | www.reddit.com | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | njdsahdn.de | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | www.facebook.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | twitter.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.wikipedia.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
win10v2004-20240508-en
Max time kernel
57s
Max time network
60s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://njdsahdn.de/invite/i=3"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://njdsahdn.de/invite/i=3
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.0.1661778882\832361266" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1772 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56082dc6-5dce-4822-ab13-85c894c83278} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 1852 2f7bc925658 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.1.1181371130\484396095" -parentBuildID 20230214051806 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 23095 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c277a00-dce7-48ad-9fd4-ca95828ec961} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 2444 2f7afb89c58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.2.598097268\163671665" -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3080 -prefsLen 23133 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bd471d8-60b9-4769-a2b3-05b07d7fa168} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 3096 2f7bf732a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.3.112841857\1412167452" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 2740 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {329bdd37-387d-48e2-9433-dde5de72efd9} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 3652 2f7afb3e858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.4.773992231\2143777446" -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5224 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d7fdbf3-4ed5-4499-aa52-f0a6ecc09551} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 4780 2f7c3cdbc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.5.1101269751\2008851860" -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5360 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b315dcf5-ec70-41e4-b3e8-cf2be07bc409} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 5344 2f7c3cd9b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3592.6.1948135174\1527908241" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1320 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {575a6d38-f27b-4d5d-816c-85911a5abbdd} 3592 "\\.\pipe\gecko-crash-server-pipe.3592" 5380 2f7c3cda158 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4240,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=1272 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:49814 | tcp | |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 104.21.6.138:443 | njdsahdn.de | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.6.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 104.21.6.138:443 | njdsahdn.de | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 163.194.232.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.yzcdn.cn | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 172.67.130.224:443 | oncept671.center | tcp |
| US | 8.8.8.8:53 | oncept671.center | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 172.67.130.224:443 | oncept671.center | tcp |
| GB | 104.166.160.229:443 | b.yzcdn.cn | tcp |
| US | 8.8.8.8:53 | ut89.v.trpcdn.net | udp |
| US | 8.8.8.8:53 | ut89.v.trpcdn.net | udp |
| US | 162.159.129.233:443 | cdn.discordapp.com | udp |
| US | 172.67.130.224:443 | oncept671.center | udp |
| N/A | 127.0.0.1:49820 | tcp | |
| US | 8.8.8.8:53 | 224.130.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.160.166.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.86.251:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.86.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 104.21.9.136:443 | oncept671.center | tcp |
| US | 8.8.8.8:53 | 136.9.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | d7bfce07455bf2e502fc3c2736ddcfbc |
| SHA1 | 5a01f727f16ec2d7701d913e110a80317fa455d6 |
| SHA256 | a4f553ef1dc1599909d2a0ae04c814922f9342c638b26fcfc1a23864396fe59a |
| SHA512 | e7be2e49d2dd6f4bc08a571ba1fe1a86ee848db1ba88a254af5bb867ae5ba0cfe747626303d058ab44d25c890f8ec4c26f741b4bed560e17ac27fd8755233245 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js
| MD5 | 96eada05311d9d3ed67e91099940b418 |
| SHA1 | a3f4377d6c2d0d6b458524aeb314811de1ebaa8b |
| SHA256 | d15ba68639c29e0102347019ed0f8a26ad6d7a2f1950052458ee6c60f8f7fd90 |
| SHA512 | a1f9eaa87095727c569dced21ea7a29ec2a76eccd6dfe585920a8695c41e5c5ae18072803443ddb2f6578f504cadcbfe462aef7823098d36062cada2e7fdf1cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | 9c809aa018a0945ad60b353936261215 |
| SHA1 | af19ea2c5629949dc63f3d81e70a7cbccf549756 |
| SHA256 | e3ee42047cde2e312eabe9c5f9942899e4b0629b40e05a69049029862c9011ab |
| SHA512 | 0bf3624ac4e2cbd5a0709e7fe5db4d5d956b4170c1d6767f4c90cd292a5fe6765383a2c2f178d7e5a8a511b487e13c0ff41d0a9035decf2bb87143463de7adb7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5b48098ec94088de44bdce4a219fb4ab |
| SHA1 | 711efdfac029512371bc809e4f8d5b73f049324d |
| SHA256 | 5a4cb71c9f53cee61277c271e41d743a1f81b3a9a05424dffd9a1862251c94f5 |
| SHA512 | b96f7bc0ca9dfc90d0b1491ee2cb87f8657181dbd021fe4120d496ba5420ef0cc904617b56d754633be8d9863bdf27e6873839a4092e89467cd26171d3c7e727 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 65921e47165f990b3fc893e517b41d64 |
| SHA1 | dc546b4c45d87e2679b3c6302aa72bc4aaee804b |
| SHA256 | 3e7c64f5c3507aa137ddd6bed5ef265e75c3cdd75aac337ec59a9b445ef7a7ed |
| SHA512 | 3c409741c5af5c74125ea0028798881970b952e76a2ff766f3b245c38d184364b22d65661f5e7f34d821201fa2b4b1a36324b01fe078201cfb8a3f98d464f7f9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | cc21ced5426af398159acebb7cf24960 |
| SHA1 | e79bf6bb460e77b8f4122a77e17e5df804113d73 |
| SHA256 | a66f6887bdf4141356ff1d43b29cb1c8cf3046bd948b730d7371156524af6f9a |
| SHA512 | 7c636dd54b95da876446ccb324ccea715253e24dd59e3999807a10e4c006d3cec67b1cf0fc78dd011bbf559ab4281b51345352add5a2cc73fb52cda031fc4182 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | 753a90a312ff2e8bd8b15393538ad9c2 |
| SHA1 | c38c3bca840e91500d8206a3fc0492aa118081fe |
| SHA256 | b6468674aa8db08fa1c455c3b3061b18388a5055b16aece8349939af33038fc2 |
| SHA512 | c495ee37863f46e474904859f5e209540ef0dc1d260a11a13720415f1379045bdb92b8ce05d69cce67d0ba95008e34c0a2e8be791d8d4409e8e3e11b77f75a25 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
macos-20240611-en
Max time kernel
60s
Max time network
58s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall" "--install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" | N/A | N/A |
| N/A | /usr/bin/tar -Oxjf "/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz" GoogleSoftwareUpdate.bundle/Contents/Info.plist | N/A | N/A |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://njdsahdn.de/invite/i=3"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://njdsahdn.de/invite/i=3"]
/usr/bin/sudo
[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://njdsahdn.de/invite/i=3]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pluginkit.pkd]
/usr/libexec/pkd
[/usr/libexec/pkd]
/bin/zsh
[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://njdsahdn.de/invite/i=3]
/Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[/Applications/Google Chrome.app/Contents/MacOS/Google Chrome --simulate-outdated-no-au=Tue, 31 Dec 2099 --new-window https://njdsahdn.de/invite/i=3]
/usr/libexec/xpcproxy
[xpcproxy com.apple.GameController.gamecontrollerd]
/usr/libexec/gamecontrollerd
[/usr/libexec/gamecontrollerd]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/chrome_crashpad_handler --monitor-self-annotation=ptype=crashpad-handler --database=/var/root/Library/Application Support/Google/Chrome/Crashpad --metrics-dir=/var/root/Library/Application Support/Google/Chrome --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=OS X --annotation=prod=Chrome_Mac --annotation=ver=101.0.4951.54 --handshake-fd=5]
/usr/libexec/xpcproxy
[xpcproxy com.apple.siri.context.service]
/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService
[/System/Library/PrivateFrameworks/ContextKit.framework/Versions/A/XPCServices/ContextService.xpc/Contents/MacOS/ContextService]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Helpers/ksinstall --install=/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/developer_id_certificate_reauthorize com.google.Chrome]
/usr/bin/tar
[/usr/bin/tar -Oxjf /Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Frameworks/KeystoneRegistration.framework/Resources/Keystone.tbz GoogleSoftwareUpdate.bundle/Contents/Info.plist]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (GPU).app/Contents/MacOS/Google Chrome Helper (GPU) --type=gpu-process --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --gpu-preferences=UAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJgEAAAAAAAAmAQAAAAAAACIAQAAMAAAAIABAAAAAAAAiAEAAAAAAACQAQAAAAAAAJgBAAAAAAAAoAEAAAAAAACoAQAAAAAAALABAAAAAAAAuAEAAAAAAADAAQAAAAAAAMgBAAAAAAAA0AEAAAAAAADYAQAAAAAAAOABAAAAAAAA6AEAAAAAAADwAQAAAAAAAPgBAAAAAAAAAAIAAAAAAAAIAgAAAAAAABACAAAAAAAAGAIAAAAAAAAgAgAAAAAAACgCAAAAAAAAMAIAAAAAAAA4AgAAAAAAAEACAAAAAAAASAIAAAAAAABQAgAAAAAAAFgCAAAAAAAAYAIAAAAAAABoAgAAAAAAAHACAAAAAAAAeAIAAAAAAACAAgAAAAAAAIgCAAAAAAAAkAIAAAAAAACYAgAAAAAAAKACAAAAAAAAqAIAAAAAAACwAgAAAAAAALgCAAAAAAAAwAIAAAAAAADIAgAAAAAAANACAAAAAAAA2AIAAAAAAADgAgAAAAAAAOgCAAAAAAAA8AIAAAAAAAD4AgAAAAAAABAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAHAAAAEAAAAAAAAAAAAAAACAAAABAAAAAAAAAAAAAAAAkAAAAQAAAAAAAAAAAAAAALAAAAEAAAAAAAAAAAAAAADAAAABAAAAAAAAAAAAAAAA4AAAAQAAAAAAAAAAAAAAAPAAAAEAAAAAAAAAABAAAAAAAAABAAAAAAAAAAAQAAAAcAAAAQAAAAAAAAAAEAAAAIAAAAEAAAAAAAAAABAAAACQAAABAAAAAAAAAAAQAAAAsAAAAQAAAAAAAAAAEAAAAMAAAAEAAAAAAAAAABAAAADgAAABAAAAAAAAAAAQAAAA8AAAAQAAAAAAAAAAQAAAAAAAAAEAAAAAAAAAAEAAAABwAAABAAAAAAAAAABAAAAAgAAAAQAAAAAAAAAAQAAAAJAAAAEAAAAAAAAAAEAAAACwAAABAAAAAAAAAABAAAAAwAAAAQAAAAAAAAAAQAAAAOAAAAEAAAAAAAAAAEAAAADwAAABAAAAAAAAAABwAAAAAAAAAQAAAAAAAAAAcAAAAHAAAAEAAAAAAAAAAHAAAACAAAABAAAAAAAAAABwAAAAkAAAAQAAAAAAAAAAcAAAALAAAAEAAAAAAAAAAHAAAADAAAABAAAAAAAAAABwAAAA4AAAAQAAAAAAAAAAcAAAAPAAAAEAAAAAAAAAAIAAAAAAAAABAAAAAAAAAACAAAAAcAAAAQAAAAAAAAAAgAAAAIAAAAEAAAAAAAAAAIAAAACQAAABAAAAAAAAAACAAAAAsAAAAQAAAAAAAAAAgAAAAMAAAAEAAAAAAAAAAIAAAADgAAABAAAAAAAAAACAAAAA8AAAAQAAAAAAAAAAoAAAAAAAAAEAAAAAAAAAAKAAAABwAAABAAAAAAAAAACgAAAAgAAAAQAAAAAAAAAAoAAAAJAAAAEAAAAAAAAAAKAAAACwAAABAAAAAAAAAACgAAAAwAAAAQAAAAAAAAAAoAAAAOAAAAEAAAAAAAAAAKAAAADwAAAAgAAAAAAAAACAAAAAAAAAA= --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=21]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=network --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=21]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreLocationAgent]
/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent
[/System/Library/CoreServices/CoreLocationAgent.app/Contents/MacOS/CoreLocationAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=28]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Alerts).app/Contents/MacOS/Google Chrome Helper (Alerts) --type=utility --utility-sub-type=mac_notifications.mojom.MacNotificationProvider --lang=en-GB --service-sandbox-type=none --message-loop-type-ui --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=7 --launch-time-ticks=292259368 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=61]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=6 --launch-time-ticks=292315051 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=61]
/usr/libexec/xpcproxy
[xpcproxy com.apple.ViewBridgeAuxiliary]
/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary
[/System/Library/PrivateFrameworks/ViewBridge.framework/Versions/A/XPCServices/ViewBridgeAuxiliary.xpc/Contents/MacOS/ViewBridgeAuxiliary]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.tailspind]
/usr/libexec/tailspind
[/usr/libexec/tailspind]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin --productid com.google.Chrome --print-tickets --store /Library/Google/GoogleSoftwareUpdate/TicketStore/Keystone.ticketstore]
/usr/libexec/xpcproxy
[xpcproxy com.apple.SafariLaunchAgent]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=8 --launch-time-ticks=295869934 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=73]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=12 --launch-time-ticks=296003000 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=62]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=10 --launch-time-ticks=296038278 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=62]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=11 --launch-time-ticks=296404033 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=62]
/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent
[/Library/Apple/System/Library/CoreServices/SafariSupport.bundle/Contents/MacOS/SafariLaunchAgent]
/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher
[/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/Helpers/launcher]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=86]
/usr/sbin/system_profiler
[/usr/sbin/system_profiler SPConfigurationProfileDataType -detailLevel mini -timeout 15 -xml]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=97]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=105]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=68]
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[GoogleUpdater --server --service=update --system]
/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater
[/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --crash-handler --system --database=/Library/Application Support/Google/GoogleUpdater/127.0.6490.0/Crashpad --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 --handshake-fd=5]
/usr/bin/profiles
[/usr/bin/profiles status -type enrollment]
/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin
[/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Helpers/ksadmin -P com.google.Chrome --delete --user-store]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=67]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer)
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper (Renderer).app/Contents/MacOS/Google Chrome Helper (Renderer) --type=renderer --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --extension-process --display-capture-permissions-policy-allowed --lang=en-GB --num-raster-threads=1 --enable-zero-copy --enable-gpu-memory-buffer-compositor-resources --renderer-client-id=19 --launch-time-ticks=311671883 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=67]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper
[/Applications/Google Chrome.app/Contents/Frameworks/Google Chrome Framework.framework/Versions/101.0.4951.54/Helpers/Google Chrome Helper.app/Contents/MacOS/Google Chrome Helper --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --metrics-client-id=c4c0c7dc-66bc-4341-87b4-36b4665ab2e7 --shared-files --field-trial-handle=1718379636,r,7305465701666003669,8234855902314377006,131072 --seatbelt-client=74]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater66017B75/OneDrive.app]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 172.67.154.227:443 | njdsahdn.de | tcp |
| US | 172.67.154.227:443 | njdsahdn.de | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| DE | 142.250.184.228:443 | www.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.212.234:443 | optimizationguide-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| GB | 216.58.212.234:443 | optimizationguide-pa.googleapis.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 172.67.154.227:443 | njdsahdn.de | udp |
| US | 172.67.130.224:443 | oncept671.center | tcp |
| DE | 142.250.186.42:443 | content-autofill.googleapis.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| GB | 104.166.160.226:443 | b.yzcdn.cn | tcp |
| US | 8.8.8.8:53 | ocsp.sectigochina.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.18.38.66:80 | ocsp.sectigochina.com | tcp |
| US | 172.67.154.227:443 | njdsahdn.de | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.6:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| GB | 17.253.77.201:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | a1366.dscapi6.akamai.net | udp |
| GB | 104.91.71.16:443 | tcp | |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| NL | 23.209.125.6:443 | a1366.dscapi6.akamai.net | tcp |
Files
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 05aca3583b5fff005632ed5acfab8aa8 |
| SHA1 | 706c3585786c565d1e297ed1257fc2286c77c371 |
| SHA256 | 0cc25458cc795b6cbdbad3d2ff8d02127bbd69a986b4019d13ca9a52794976a9 |
| SHA512 | 86339a87afbcca8a9eadf8f25a5eed0b443c439258dfab3f1f9ae517177ef0962a5c6fa0eea55f1bb7beb87882a13b76bee7bc9799ceaa6506d90bb431244f61 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 916defdaa9402fb5c88b19bfa96d49da |
| SHA1 | 33bd63d92bf0d8852f2419d0b4032734d85f232d |
| SHA256 | 8545fb641cc09bdbe5b25484e66df61ffa02ebdf52345dbb2cee6dc23564d8d0 |
| SHA512 | 3998b85f66098a2d876b9fee9b0b55928a86047b253a0e9eca5d86ecd294d22a897857005d707b100f79ad7e9b81fb1e0d070a1c4a4d38157ad9b75aa94a5375 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 8376a8bd0e38a5ad9e9f8e1248427735 |
| SHA1 | 52788e4bc268b80fc5f4fdf99e80ed33c114c8d6 |
| SHA256 | bfb5084a14afab6cca76bde9292216ec0ec5c6589f22a6c27fed384511006d17 |
| SHA512 | 86f2ddfe0fddc093d49b97b5d4214891b8d6b09783a908b533b03d261d2b2a991f31317cda741dca3425c421792357a0fa64f3192ca7f093ccd1490cd1b9e875 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | e6d3b13e1be068a00e3355b13c0977c1 |
| SHA1 | 8b0817cb0085a86740ea92d58c4c4b0dedfe0ed7 |
| SHA256 | 272b3c69d042f41fee58273fe47b816107285bc80132594a33362119a15367f2 |
| SHA512 | 25082075d7c217f0e2cedfc34119d0d99e2620f1b1bab9ec662a9ef31016f0384b4f1e4c419620f78d6b006dbe9c063f8708023b788469537157bd1298f05cc4 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 6dfe6f90eeff067ae67ddf414ef0ecd5 |
| SHA1 | fdc7556ce766a531980803077f5d6bce51af9100 |
| SHA256 | 77a2cd2d33e67604a7089eac422f893bfa7c8bfbfa3fe93b28198f41a1793bb3 |
| SHA512 | 7623ecdf158307c3cfad51fd9e83b102bdbe89221b044e64206048cfc489a2c2a5bdd9a44529ab80a744a13b650a62928ed44bf9fa4a192aa7f353a58afbca26 |
/var/root/Library/Application Support/Google/Chrome/Crashpad/settings.dat
| MD5 | c6db1caaee0095f017c09113d53ed054 |
| SHA1 | cc37e2b3948325a0eeb51080f45b17ebf52a7035 |
| SHA256 | ca3252b297284a87de2ee1688585f7c37d26b98c05d7ed04bd7d6df10c0d1476 |
| SHA512 | 3013340ee4157dfef7dcacd690b840f12b876e8241d4e8bc419016d5336810ab77023cdbbeaa896544e4c29f386d21296649542ef2b0fc6b58c49e2ad0337d85 |
/Users/run/Library/Keychains/login.keychain-db
| MD5 | 90f62b0c7eb461256eceed130eb89bfb |
| SHA1 | 800832ad13dcab732995717fc781ef2063637927 |
| SHA256 | 7b6b0684f17bb88f040cc0316156ccc1d8772808731cfbd5cf4f409588616df1 |
| SHA512 | dd4375043f8c23aa0c7da644897c4028154f2d39fbc65394ea4948b93d84384ca24da954e10ac187da0d5e197cab60137220b8c1e1863daea42c4bfe8044b033 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/var/root/Library/Application Support/Google/Chrome/Default/Site Characteristics Database/000003.ldb
| MD5 | 5c4e7ade5753ab7de2c42c04111fa42e |
| SHA1 | fb577b8c07d9617f507a3f2950df0a6dcfebe4e2 |
| SHA256 | d3979fd2d9ecfdb05498d79d1f24998c38cfd107e321f6810d8b7f9f12affd82 |
| SHA512 | 7a7452bcd22e66190e36ff0036f21d854fa57bdcbaebf637aa3a6d932a385a7c90525ede0c124853c218445d583c0edcf45d12159ca452732f31d16c3901929b |
/var/root/Library/Application Support/Google/Chrome/Default/Sync Data/LevelDB/000003.ldb
| MD5 | fe382e791274914bee5950777e4f1fd3 |
| SHA1 | 53b523b5fc87e66f2520a0b5f9ea080072668f4d |
| SHA256 | 935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132 |
| SHA512 | a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
/var/root/Library/Application Support/Google/Chrome/Default/Extension Scripts/MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
/var/root/Library/Application Support/Google/Chrome/Default/Session Storage/000003.ldb
| MD5 | 38fc535a8f11d7e955ef58cc63158eff |
| SHA1 | c45ad3ee106dbfb65dce7c09b53140f34454cd0e |
| SHA256 | 085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8 |
| SHA512 | 26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505 |
/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/.com.google.Chrome.Jwq3am
| MD5 | 541f52e24fe1ef9f8e12377a6ccae0c0 |
| SHA1 | 189898bb2dcae7d5a6057bc2d98b8b450afaebb6 |
| SHA256 | 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82 |
| SHA512 | d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/metadata/000003.ldb
| MD5 | 17a2dc5826aeb539547f00f52eccccd5 |
| SHA1 | fd36ad6db84312792cffac0267f6329b21727d66 |
| SHA256 | 746da9cf33c3e4d29907dfdf1065f06ae16dcb5c2e9a34cfb5dd0dae9130f151 |
| SHA512 | 6bca3e308d0446211570021c1f1dc6d8e9704a2a68a90c5c8daf26b20cb2702bccfae8ddfeb6f16c8bfea83e1b648810054a25a7967bb9539feb241f2950ea73 |
/var/root/Library/Application Support/Google/Chrome/Default/shared_proto_db/000003.ldb
| MD5 | ea517aa120c972c602673d331dfa35bc |
| SHA1 | 7ff539eec544cf306b80137bc182fb544e58aad5 |
| SHA256 | 0c53b2ef8ec9bd6c3b81955b45cd9fc69705e7b435ad747b50c150c7e341f8da |
| SHA512 | e2bc6f26b0db61af3b7f1648e890be2b748aa886ff3ab51e207a915432c6d9a426b188fe9c979b443e8fe8aad248442b20b2e6cd38f494264cb7cdbcaa88eecd |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirky5HG7/CRX_INSTALL/manifest.json
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirky5HG7/CRX_INSTALL/images/icon_128.png
| MD5 | 30899b6c4e4a757b8ec6dd2208acdfb4 |
| SHA1 | f2c5880a724c6d75cce1b5191e0d82c3bc7de768 |
| SHA256 | 4f17efbd974a41d88cb36567aab6bf4586579e78780f00b1826676819e14bff4 |
| SHA512 | 58539e3f0ad7fef30792efcdbbd955599e11e4261c9946e7c3dff6267e01747354ea3b901c46fc8329f81c68afbeb2d05fe3fcb266bc5948de8befa5b8d040ee |
/private/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/scoped_dirky5HG7/CRX_INSTALL/images/icon_16.png
| MD5 | 344554d96e418120bd80ef5de5194697 |
| SHA1 | 23e141c3a6ce368acc1c299f062ab85914bcb17e |
| SHA256 | 0a4bd08db6422f8e7a8a218ef39c1b99a5a675f12697f26be88f9afc2e1f9378 |
| SHA512 | 7ae38853e5acca479d7fd81d48bb88c671cf4dce63342209bcff045ac581a04b7b0ed48f6c58253db950935c0522caaa4fbc6cf5a25151a8960ba56fc804569e |
/private/var/root/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda/1.0.0.6_1/craw_background.js
| MD5 | 6eebed29e6a6301e92a9b8b347807f5f |
| SHA1 | 65dfb69b650560551110b33dcba50b25e5b876de |
| SHA256 | 04cd9494b0ed83924dad12202630b20d053d9e2819c8e826a386c814cc0a1697 |
| SHA512 | fede6db31f2ad242e7bc7b52a8859ba7f466a0b920a8dadcb32dcfb5b2a2742e98b767ff22e0c5bc5c11fec021240aa9e458486c9039eb4ebe5cf6af7be97bf2 |
/var/root/Library/Application Support/Google/Chrome/Default/Download Service/Files/d3da9b64-d325-4cbe-8add-2302c503eb60
| MD5 | 5adf364735dcbe6bf26ebe3f705c9dbc |
| SHA1 | a891521fea2f61a2fd16ea9f0a3fc3c2c5fb3a46 |
| SHA256 | 8d21fe1bd251856bfaeaedd6a72ab78f153a047b6042e0fc614f57a32b56d340 |
| SHA512 | 5f77f8923ab3800ab754f4c60095077b529c5f5f230c6a0b6803dc28597f42ed682921267ed344e190d0f08e0a23eceace7bccbc9d22432029a3e6f4838420e0 |
/var/root/Library/Application Support/Google/Chrome/OptimizationGuidePredictionModels/ed5384c6-7bbb-46fc-b500-de1b55b720d2/model.tflite
| MD5 | 6d7c2f9e94664539dec99b3233301b01 |
| SHA1 | 85812b004742cc1c211c92911131ce270f8ba769 |
| SHA256 | a0956386dc64fd9f4883c8741f950cd60a56859616b159c9e4251c9eb0ac5534 |
| SHA512 | 4d06917f30651c3bf13c509aae79793b3f1ec93de12179464b18fd9fd16c7bf466884b1c70e425d7e937adde341cf24bd08f19a132bbb9683e804f29b4ed0c33 |
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-17 14:42
Reported
2024-06-17 14:43
Platform
ubuntu2204-amd64-20240522.1-en
Max time network
0s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |