Analysis Overview
Threat Level: Likely benign
The file http://bpwhamburgorchardpark.org was found to be: Likely benign.
Malicious Activity Summary
Changes its process name
Reads CPU attributes
Checks CPU configuration
Writes file to tmp directory
Reads runtime system information
Enumerates kernel/hardware configuration
Checks processor information in registry
Checks memory information
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
Checks CPU information
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Analysis: static1
Detonation Overview
Reported
2024-08-23 13:10
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
win11-20240802-en
Max time kernel
122s
Max time network
153s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bpwhamburgorchardpark.org"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bpwhamburgorchardpark.org
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1856 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {efe9a604-1d2a-467d-81f2-5e1058d0f6f5} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 24520 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ba3d071-7d7d-4632-af28-bf16da8b0e7b} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3428 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 2972 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38789392-11ab-4a17-a6f7-f60f1ba2d2af} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 2788 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d3d33c6-246d-40bf-81de-6e22ea7db55f} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1612 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4388 -prefMapHandle 4348 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8e0ec13-4235-4814-975b-649b2af372f9} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5036 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c36b8391-08d5-4dd9-9b95-406b0deb35e3} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 4 -isForBrowser -prefsHandle 5692 -prefMapHandle 5688 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e9c5c81-1d86-4f6a-97a6-db6adfebad81} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5704 -prefMapHandle 5700 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1320 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da497aa7-ea20-435c-b328-7b043b6acf0a} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49742 | tcp | |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:49750 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| GB | 88.221.134.209:80 | a19.dscg10.akamai.net | tcp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| DE | 173.194.187.41:443 | r4---sn-4g5e6nsd.gvt1.com | tcp |
| DE | 173.194.187.41:443 | r4---sn-4g5e6nsd.gvt1.com | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\e8d55bdf-a05e-4a7a-be4a-2bf08fceab97
| MD5 | 830fa7e69af1c09c31308adb84851b71 |
| SHA1 | 2d50e45c28eb99af33c0336868e46c2a5a38de6e |
| SHA256 | b3c083b1e5b2bdd4f6ed5bc0ce45d233de3b285d98538c990b382671b355bfe4 |
| SHA512 | 84052ea8a96c4da0c056405fa4ed2d6a667763e7c2fc92906af944e3b11ba8844e1c82c51dcf2867a249146ebc4bcb3c4be5e0a977b33ae11678831122281907 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\fa35e29e-0a08-4c72-9320-8e6c38ede42e
| MD5 | e69e5c7e443e130102ad2753d27ea904 |
| SHA1 | bfb8a771f2c342900b42ae3520b7f3a832102e76 |
| SHA256 | b3222c0bbbbf1087b06c3d72628f4274c3afdf2d6b029647d432098e69922179 |
| SHA512 | dd1eda7ff0cc9bbad66c7d995fabfbe29ef7c134e18d429720ad9586c0d1f8d79da2df901ff370ba4042a224523796ab855fb2ae64ff6650c658ba94d9aaa935 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\58730a61-42c9-42d4-a118-e48945a3a9b4
| MD5 | 479136c05df409306985650bdcb89bc6 |
| SHA1 | 26dc1df61e779a2841d9ed30d71856caceb23b4b |
| SHA256 | d89c8da83064876310b965b40079f19a4c989aba23e0d6e827270e74c4f0f390 |
| SHA512 | 12528c234111ec0929acaa3b8e54208a4f885a7b58d239ca6abcb5bce704b263f8ec0d0a2aebedc546314def3ef7bfed98daa90d6eb90ce3047206d6e416998e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 51c676142c9512ff29f00a08d820ef1c |
| SHA1 | 4c931a8712c2b15ad0840c698c0da39e86ba58ff |
| SHA256 | 9aa821f0732ff7d5284b7116512b0e63d9ceecaa26e7dd576ca140f5a1372031 |
| SHA512 | 0c62312c33fd03b466bea36b0ba24bf1283cf7a73d2457a1f6469088b73c8ee4ee19095ad8cf08a18c8af7fb3e29d212074e3664969941f909b4945a29694936 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | cd811f83dd8aee97703565234124697a |
| SHA1 | 08ca915dae28aadc8c56ecd224daeadee9f2ab28 |
| SHA256 | d2ed496833ddc678c22a5af7fdc142915e55461c2b49e3b24491f31da3d7adbc |
| SHA512 | d29890f2bdce64ddc059b05df30dc10e990045a85b236415752bfccebe4d42f3b9119bacb95e71f1eab2a48676ded8e66413fcf28109936f72a840042e5ac73e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs.js
| MD5 | 6000d27e3f1d46f956853535f6b39203 |
| SHA1 | 16db7ab1404aa900c822fb0e3798aa9b857d51f1 |
| SHA256 | c1a6c04c7f37529c474995f0fc4001f32610eb78616d9bf0bd6e98540521705c |
| SHA512 | 7cf8e5c730e6efa59c31586576f95f835d77beee78b2e556ad34e01694b1e75cc4653ac397fd938573a8e1ca94b70596efead460d12773cb26e1ffe30b79b934 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs.js
| MD5 | c24947c19ef1dbbd08af6d033de6e4b8 |
| SHA1 | ec1e498dabf0535d05add5b40c689c16bd8e5a2e |
| SHA256 | 275f078727cb44a02859d6cff42ff0ef9c7e613de772e01e85a07b26db51abd9 |
| SHA512 | acae5a364b3ca5f1212f30a0cf2ea4f00f83c65f551e8ea22289e913a2b67b568664f23786c004dfd5fa3c91d663108dcc159e452108cf69863901cd4d8decbb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 21b3bf59452edc741db1c3b896605d82 |
| SHA1 | 977924b2af02d1eddaf3291b696c0448b841f30a |
| SHA256 | 84eb2d39b54220e475c5e332895c46bb1dd639f9c97ac8ac0dc728aa907cbee7 |
| SHA512 | 19219f25f61647d725eddc2da858473887b7b0a30dc4e3f1111b44c7ec23741347824c694dbac2751136c81c6938b94f5cc5ec4d43a14b9def95b96a70c23109 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js
| MD5 | 05d1b0af170f5451a0cfb9462f48b8e3 |
| SHA1 | 993e32c05f80ef7b27bd2d6040a04e7939711766 |
| SHA256 | 9b9293a8ed35bfeee6927a0e653d2e116ebb66b468112f07a9207620967a2549 |
| SHA512 | 421648656ad30490fee1604f29b83c15562bb42ee1aa86b8e28ae9102580296630407391d986cc3de2eb191f9532ed2db239d9be7f60881542f3bda143f8a3a1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
| MD5 | c4c0fea7135907175c059bb37a60738f |
| SHA1 | 4eb24fbbe79e98d49be6576a4a48b3ddd9a62983 |
| SHA256 | 632e9a6dfc75e4f1eee2a47678ce61530743b7b77bd3e5bef8b85ba318525dab |
| SHA512 | 3870fef80793a3cb1aabc692ba61a63f4532ec65b5ce5973c00f2790a0e1b9fcda33c095278801c7baed1b0ce73663079aa8c2285bed7ab0a195e82d70572efd |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin
| MD5 | ede7184bfeda6af437a11a76ab54c024 |
| SHA1 | 13455f9c7aa989eb6bae024095ed4cdc6377bcdc |
| SHA256 | 0861ef235b9a04d53538d60cb9dae8050def62410daa7ad1ef1dd094cc376b6a |
| SHA512 | 4bce09d7a98c9aba49b1108408101b653ef77e7e38ac0dca236ae91825f946345aafca64393fb4743563b42fd85bfade0bb3c81b18deb3365c5a8ac36cccf44c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | c16c73127b11630c8eed2e197b5c44ba |
| SHA1 | 8748af75a3cfeaff23515318aa8539e42d00ce9e |
| SHA256 | acdd8eecea5bfd69c0ddc9fedc7652d5ed5183ca45ca530c39fb256c20d7b636 |
| SHA512 | 665dd44dfad993e0f1bb4b1de198da97d449b12bebdd82c2083493f5c0c5983eab008a04aeafb0a1d34758d3aed3883ce94f28e45cf8260b06193cba95f190f0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 53ae975e76ff841ec66b674a1cb1cd96 |
| SHA1 | 15a375b588c766218e1f89765146d7d57b1b7404 |
| SHA256 | d2d1094ff5b6f144bec85f331be5c41321c3b216e3c6feb21254c764e0770b58 |
| SHA512 | 25343d2b18eece3a68c77e9cd2c69f02603a804dcb6961e36ef59f05dfed6844960e8d5ab223d27120e3b921d66e22a3c69f609bceaf150c96bd13c2a1639ad7 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 124cd6bc5ccfca320d8d571fd7f88eae |
| SHA1 | 74d6b0851375cd09e9400f26649311eb99f25259 |
| SHA256 | 8926ab597b37b5d007f9386c955998d810cc3006188bf427bd07998bd081c6aa |
| SHA512 | 4dbfe65d65c2a52eb8bb4be8289e86cf8ca8c04b21fc3c6d94a36015122d048d5db602771e3a67f1613dc73c74019c1810af00a21dc6f3a2538b09213cbf314e |
Analysis: behavioral13
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:10
Platform
debian9-mipsel-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
ubuntu2204-amd64-20240611-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Processes
/usr/bin/firefox
[firefox -new-tab http://bpwhamburgorchardpark.org]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
0s
Max time network
152s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | pool-spawner | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | dconf worker | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/security/apparmor/features/ipc | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/query | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/signal | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/namespaces | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/policy | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/rlimit | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/file | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/io_uring | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/mount | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/network | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/caps | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/domain | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/ptrace | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /usr/lib/snapd/snap-seccomp | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/network_v8 | /snap/bin/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/cgroups | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /snap/bin/firefox | N/A |
| File opened for reading | /proc/sys/kernel/seccomp/actions_avail | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/cmdline | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/4066/cgroup | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/mounts | /snap/bin/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/sys/kernel/random/uuid | /snap/bin/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab http://bpwhamburgorchardpark.org]
/usr/bin/xdg-settings
[xdg-settings get default-web-browser]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep -l x-scheme-handler/http; /.local/share/applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/http; /usr/local/share//applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/http; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]
/usr/bin/gsettings
[gsettings get org.gnome.shell favorite-apps]
/usr/bin/grep
[grep -q 'firefox.desktop']
/usr/bin/gsettings
[gsettings get com.canonical.Unity.Launcher favorites]
/usr/bin/grep
[grep -q 'application://firefox.desktop']
/usr/bin/gsettings
[gsettings get org.mate.panel object-id-list]
/usr/bin/which
[which qdbus]
/snap/bin/firefox
[/snap/bin/firefox -new-tab http://bpwhamburgorchardpark.org]
/usr/lib/snapd/snap-seccomp
[/usr/lib/snapd/snap-seccomp version-info]
/usr/lib/snapd/snap-confine
[/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox -new-tab http://bpwhamburgorchardpark.org]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 2.18.190.80:80 | r10.o.lencr.org | tcp |
| GB | 2.18.190.80:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | inews.co.uk | udp |
| US | 8.8.8.8:53 | inews.co.uk | udp |
| US | 8.8.8.8:53 | www.parents.com | udp |
| US | 8.8.8.8:53 | www.parents.com | udp |
| US | 8.8.8.8:53 | k.sni.global.fastly.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| GB | 2.18.190.73:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.context.news | udp |
| US | 8.8.8.8:53 | www.context.news | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | a202215-cont-front-prod-ecs-2009667710.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 8.8.8.8:53 | theconversation.com | udp |
| US | 8.8.8.8:53 | theconversation.com | udp |
| US | 8.8.8.8:53 | e11847.a.akamaiedge.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | qz.com | udp |
| US | 8.8.8.8:53 | qz.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 1.1.1.1:53 | r11.o.lencr.org | udp |
| US | 1.1.1.1:53 | r11.o.lencr.org | udp |
| US | 1.1.1.1:53 | hbr.org | udp |
| US | 1.1.1.1:53 | hbr.org | udp |
| US | 1.1.1.1:53 | www.vogue.co.uk | udp |
| US | 1.1.1.1:53 | www.vogue.co.uk | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | r10.o.lencr.org | udp |
| US | 1.1.1.1:53 | r10.o.lencr.org | udp |
| US | 1.1.1.1:53 | www.nytimes.com | udp |
| US | 1.1.1.1:53 | www.nytimes.com | udp |
| US | 1.1.1.1:53 | www.nme.com | udp |
| US | 1.1.1.1:53 | nytimes.map.fastly.net | udp |
| US | 1.1.1.1:53 | www.nme.com | udp |
| US | 1.1.1.1:53 | www.theguardian.com | udp |
| US | 1.1.1.1:53 | www.theguardian.com | udp |
| US | 1.1.1.1:53 | qz.com | udp |
| US | 1.1.1.1:53 | qz.com | udp |
| US | 1.1.1.1:53 | www.popsci.com | udp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | popsci.go-vip.net | udp |
| US | 1.1.1.1:53 | discover-prod-1777428142.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | www.today.com | udp |
| US | 8.8.8.8:53 | www.today.com | udp |
| US | 8.8.8.8:53 | theweek.com | udp |
| US | 8.8.8.8:53 | theweek.com | udp |
| US | 8.8.8.8:53 | e2644.g.akamaiedge.net | udp |
| US | 8.8.8.8:53 | www.bbc.com | udp |
| US | 8.8.8.8:53 | www.bbc.com | udp |
| US | 8.8.8.8:53 | www.newyorker.com | udp |
| US | 8.8.8.8:53 | www.newyorker.com | udp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.rollingstone.com | udp |
| US | 8.8.8.8:53 | www.rollingstone.com | udp |
| US | 8.8.8.8:53 | www.telegraph.co.uk | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | www.gq.com | udp |
| US | 1.1.1.1:53 | www.gq.com | udp |
| US | 1.1.1.1:53 | www.scotsman.com | udp |
| US | 1.1.1.1:53 | www.scotsman.com | udp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | www.telegraph.co.uk | udp |
| US | 1.1.1.1:53 | www.rollingstone.com | udp |
| US | 1.1.1.1:53 | www.rollingstone.com | udp |
| US | 1.1.1.1:53 | e8153.a.akamaiedge.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | www.newyorker.com | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.100:443 | services.addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 8.8.8.8:53 | www.rollingstone.com | udp |
| US | 8.8.8.8:53 | www.rollingstone.com | udp |
| US | 8.8.8.8:53 | rollingstone.com | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | www.newyorker.com | udp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | tcp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| US | 8.8.8.8:53 | addons.mozilla.org | udp |
| GB | 13.224.132.52:443 | addons.mozilla.org | tcp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| US | 8.8.8.8:53 | safebrowsing.googleapis.com | udp |
| FR | 172.217.20.202:443 | safebrowsing.googleapis.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | pki-goog.l.google.com | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| FR | 172.217.20.202:443 | safebrowsing.googleapis.com | udp |
| FR | 216.58.214.163:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | prod.detectportal.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
win10v2004-20240802-en
Max time kernel
135s
Max time network
149s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bpwhamburgorchardpark.org"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bpwhamburgorchardpark.org
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {591dee8c-7671-45b1-8335-7f5fea98816f} 392 "\\.\pipe\gecko-crash-server-pipe.392" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a99f8be-803a-4f82-816c-c476f869ae2f} 392 "\\.\pipe\gecko-crash-server-pipe.392" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3124 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8339570b-1fa3-40f1-a51a-c60cc13ea65b} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 2856 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d74d628f-4709-42d2-b389-fc512e4a2693} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 3664 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57f22aed-ff5f-4801-8834-1d645efa4f33} 392 "\\.\pipe\gecko-crash-server-pipe.392" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d19a04f6-fa7f-4e29-9f94-e11c586466cb} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78f6dc98-1821-4596-a5ee-f72271a371fc} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5664 -prefMapHandle 5668 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b5eb6b5-732d-45d6-af7f-626c3078607f} 392 "\\.\pipe\gecko-crash-server-pipe.392" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 127.0.0.1:56021 | tcp | |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.108.68.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.28.115.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww1.bpwhamburgorchardpark.org | udp |
| N/A | 127.0.0.1:56030 | tcp | |
| US | 208.91.196.145:80 | ww1.bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | 9145.searchmagnified.com | udp |
| US | 8.8.8.8:53 | 9145.searchmagnified.com | udp |
| US | 208.91.196.145:80 | 9145.searchmagnified.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-4g5e6nsd.gvt1.com | udp |
| DE | 173.194.187.41:443 | r4---sn-4g5e6nsd.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-4g5e6nsd.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-4g5e6nsd.gvt1.com | udp |
| DE | 173.194.187.41:443 | r4.sn-4g5e6nsd.gvt1.com | udp |
| US | 8.8.8.8:53 | 41.187.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\dd16903d-a389-4db1-8baa-da73bc35fb46
| MD5 | 7fef9895d872910b1ea7b697bd74ed2d |
| SHA1 | e18afb6803975e3c05c2e09234a02f02c96e83d2 |
| SHA256 | b0ff7c751fe2c3a8d9bd95dfc12774e84c0c9fbb63e2e3743a638bd2505212fd |
| SHA512 | 18b7e7abc27bb6a4cdd3101b35e208a881d8219eb0bb6de8569de2405fcc1a944a7fc64db45df5a69d41249130f5a5ca61a04f4814857b073f6c2edb7376826f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\5c09a761-6bcc-44fc-b7f6-2cb7a8623dca
| MD5 | 32d08346802407f8026a79a76cc4cf39 |
| SHA1 | b5e4f8fb81ed6a9ddce62708eef7b93fd9eac420 |
| SHA256 | b7be33b2521c9ef7f3b0b81705884ab74ea9fceef0af713a7e21df541bebb6f7 |
| SHA512 | 29a9bcbf081028b44f4e529e86600eb15e73cc33a22246cc8e8f9fb1916aeb433d72e82e4fbd5a0b1ed6aa126e203423cbd30f0fe6478d8fdd1d5f5386bd3afb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\284708c2-47b5-42d7-bc5a-7bef0314cf48
| MD5 | 3930d70ce1fe7bfcf29ef1b32501d34c |
| SHA1 | 67f4d7f8cf9f82eec769472c90f4a6e44e5ea49b |
| SHA256 | 20966cf177106e2b5fab59abb3a3acc0d3588f427ff648d1f8bea3004a1355f3 |
| SHA512 | 91b9f51f3d29233b620d43d2d26b970a6cd6b7cce327103c00109ee1cfe7738d350559a9dc25043982800634ba4618463d0a1f032b6885aecde12ab0458ad505 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | dbd8207899c2258f0346133c77e43b9b |
| SHA1 | dcae1017b6c87b265a73347fbb5e02a39bf8a4b0 |
| SHA256 | dd708ed1d4ba282879689a5c51bc97be33e9c74be2093e7f814bddbddb68d229 |
| SHA512 | f36571303dd1e1f2c08b8b7c2b705825f9a00da7e54dfab9fe2f24ef8387077f9d6371ebf965600c87a37d43814d0be3636c749af93451f2c68a379a8ebcce62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json
| MD5 | 32d6657e2271160ac0821805631493c5 |
| SHA1 | 75016f2c1e7e7f64c42e4423981a15d49773b436 |
| SHA256 | 49751a006bbde9f65c049fa5fb0a15558964d6ba0123da5046c3ac60921f1b5d |
| SHA512 | 706edc50cbb860411676c8cfe8727807bed5d5175e128789ef0d847627dd8fbd60ddd218b0d0928aea39c17c5a2bd630a7a0d61b145438bce7206c500e07a01d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js
| MD5 | 1c2c324da992245af106bf761a855edf |
| SHA1 | 37e5796ed02a41a9815ea17bee2e9585d8e6546c |
| SHA256 | d055e09d3e677766d727ac057991ecd25b7eeb417b418b3945ec32fd7bf883f3 |
| SHA512 | 870e468a7ce5fef23df4a4434afd0e3ef84ba6fcc100922c96b6bb38399fce48c54f493d8188ec3f4de30acdfcbc9a1675ac5852aa1f58c1141015a3a2e37863 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js
| MD5 | 4cb45e3c7eb668eef7c56b95c6640874 |
| SHA1 | 5c65aef8241d77a8a9b3e517e1237059990ba5a6 |
| SHA256 | 154255a8b1b6f77849690864fe93dec014521435e3676ab6d07f130a70974aa7 |
| SHA512 | 5f43837b72658fa19eb0747af55353bafe34949f7059d38ad77261e2a977b27c2ce05eb91a84bfd02e44a4cb73bc10cc4676381aae1b345f3900ce97a089ea11 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c4204c872a1a4c114aa49024f593d426 |
| SHA1 | 8065dc9209001243f86bdfeadccc7c39ea9daeed |
| SHA256 | 2c69132bc6dbb6ae46d17c8bf7bb1edb737b047a32547de95550d6d9f910616c |
| SHA512 | 457fde3fe57056348db9c883b72fbabae920d297c8c15e70615449640ef71194ada5a325cab57b638241f6c05e7be67dd052401b76672ad8f6aef2439496498b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 81cf7daec3c943df1ac348e2dc3eff58 |
| SHA1 | 233f51b75bf84dce6206017d0f9a53dc5e21a6e3 |
| SHA256 | e771bff0d9e41fc9ae7eb410f61eeeb8d1efe6a35d3f72b48a0c9436a4b4ee77 |
| SHA512 | 675c072092b3b8a7eb87659403184878793f68d9065963ffd3cc160c13fc33fff9657d8b3196080672897eaf0cf6520272d92d89ebe5a8ce982478c0b5043e17 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js
| MD5 | 948896715de5805a9a8d67db0062022e |
| SHA1 | c393cb7a3d3c1c084b8f992a1a51a4c1f6008360 |
| SHA256 | 1d3953cd66fcb0c7a63ea82e008666b965f5f4dc9d34644a1f086bc1c04d0e6c |
| SHA512 | 722a1545d0393ca0cbb99aa3125229b35ce7bbefb9ed3af29fdd49b651d252198b7abe46ffe1e66c321b1474b7bae382e1d0178f06746e868baea9bb7b4c1da6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
| MD5 | 6a1e1aec80af5c1abe74c24662d5e81a |
| SHA1 | 75a3d4e50dc172cee20475514659b2666f753ea9 |
| SHA256 | 5f7dc1f78a847baead5e7bd7a4a9c0968b55561da79d88696c544f74874df9f6 |
| SHA512 | ce2b15135d8ec096df40a863f4b75dc778e4ae89f5b2d5dc8ca849eb0f523198baaf606e6e607da829d3fd82f612c35f8f1aa115dbf5f16e9f417a0de310cf26 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 3cf1a003318a85a949134c12815deea8 |
| SHA1 | 19465b440fafedb84c022faeea18b6fc56b1863f |
| SHA256 | 33d8ebad544327e9c5f5e64b347ecdb218fee265c99d75c9cb19b772ab31da88 |
| SHA512 | 2fc5aa0f5db675ecdcdba50838ed0f63629c5fd45c49520799289a31dedfac2f9bf32c0c262bab3e3fdf3ec0b86ab004c1e03ad7818593a0ecbdfa9cdd31769b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ec359aac2db00a6dcd40b2ce4c0a9b25 |
| SHA1 | 1d9ed51d98dc60cd92c3292c5adf9386cfcb0f29 |
| SHA256 | 295d34ad1d227c5403b2b2d7a68fbc1256e9080c2a2da5aa6ce9983b8588bf77 |
| SHA512 | e7b49d0b4fdf2028a73018a4b2a11179d89bddc533e46d19d110c854a5a661eb90456c4a11f7d8c22d575e5ceb2e6ad1fd4212dc43da1edd3edc2df536ab1c77 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin
| MD5 | 1607bcccc2c5edef581a1618327e4cb0 |
| SHA1 | de98182e9709d416fab419f7714734b5e1e6d245 |
| SHA256 | 1274fe2081f3b94430edf8c56be616be8f12628641d82ce34d627681aedbafe3 |
| SHA512 | f8df2caae6ceb1ced07d13a3b40780fdfd01d3ffc15120babc23f9b0e1e95b3e26b5f01e9fc030bf17b626dc9588bf1f2097d3833d910d2769c73147a13a4bd9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js
| MD5 | 2a869e6c0a3d307e49981d097e44d555 |
| SHA1 | 22d62eeb334b75bbb13c0cd9fd2d279a2cc0cdcc |
| SHA256 | 57bb1736738f5b0b6776adb10ac7d8126af6bd23c40428b72d08c2f5638f0013 |
| SHA512 | 680311adefbbac899746cafbeddc8104ae7e8fdf9462b9507c461b8f2015692308e031c997b8683bc77d6dff3dc5e56a73eadbd86bd50d86db7e1bd5a1d09c7a |
Analysis: behavioral5
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
android-x64-20240624-en
Max time kernel
117s
Max time network
158s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.195:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| GB | 142.250.179.234:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
files/dom-0.html
| MD5 | cc75d1348fcbc94113706fe3b6211023 |
| SHA1 | 7e4f79641ae7e10d7864f64f3d2c2b166d78d33a |
| SHA256 | 12aad32c997fa3d3a3afc21fee146d1acfce7d01d510320b6d42cd20b760bd55 |
| SHA512 | de910539932e348f2ebbae689c6b0b5a0a22423fb82fc7ec0bb78ebac618bfb8bd9475fe9e24cb2f78877529b3721e73a2187e62c695c02dea86880409b62017 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
android-x64-arm64-20240624-en
Max time kernel
176s
Max time network
182s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| GB | 173.194.76.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.3:443 | update.googleapis.com | tcp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 172.217.169.67:443 | update.googleapis.com | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
android-33-x64-arm64-20240624-en
Max time kernel
172s
Max time network
179s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.228:443 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | udp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 216.58.213.10:443 | tcp | |
| US | 162.159.61.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 142.250.187.234:443 | remoteprovisioning.googleapis.com | tcp |
| US | 1.1.1.1:53 | gmscompliance-pa.googleapis.com | udp |
| GB | 172.217.16.234:443 | gmscompliance-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | chrome.cloudflare-dns.com | udp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 172.64.41.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| US | 1.1.1.1:53 | rcs-acs-tmo-us.jibe.google.com | udp |
| US | 216.239.36.155:443 | rcs-acs-tmo-us.jibe.google.com | tcp |
| GB | 142.250.187.228:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.187.228:443 | tcp | |
| GB | 216.58.204.67:443 | tcp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| GB | 142.250.178.3:443 | udp | |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| US | 162.159.61.3:443 | chrome.cloudflare-dns.com | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
android-x86-arm-20240624-en
Max time kernel
164s
Max time network
160s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.212.195:443 | update.googleapis.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.213.14:443 | android.apis.google.com | tcp |
| GB | 216.58.201.106:443 | tcp | |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:10
Platform
debian12-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/cmdline | /usr/libexec/dconf-service | N/A |
| File opened for reading | /proc/self/task/1664/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/dconf-service | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1491/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/nautilus | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1695/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/1445/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1445/attr/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/123 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/self/fd/30 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1397/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1496/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1515/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/self/fd/78 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/1712/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1399/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1600/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/111 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/116 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/122 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1397/root | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/1538/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1627/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/1743/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/task/1498/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/119 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/libexec/gvfsd-trash | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /proc/1719/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/77 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1571/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/105 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1636/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/121 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /proc/1723/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1543/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab http://bpwhamburgorchardpark.org]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab http://bpwhamburgorchardpark.org]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 21691 -prefMapSize 235269 -appDir /usr/lib/firefox/browser {e8e6a87c-64de-4f1c-a71f-fdd106dcab3c} 1397 true socket]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20430 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {65ea5b8b-1853-4b22-b243-d37c5c10d1f3} 1397 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26745 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {c7ad7ffb-4b0c-4bf4-85aa-9698556840c8} 1397 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 27302 -prefMapSize 235269 -appDir /usr/lib/firefox/browser {4ada5a13-7cab-461c-a4fc-23e83092911d} 1397 true utility]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25395 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {ddeb824d-ded6-4d03-9a56-64fedec87fee} 1397 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25395 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {8e7b0e6a-cf8c-4f9f-a2e1-c7e8366ca515} 1397 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25395 -prefMapSize 235269 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {6a76e62a-7800-4ddb-8f62-c53aa3dd28eb} 1397 true tab]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| US | 1.1.1.1:53 | bpwhamburgorchardpark.org | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
win10-20240404-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bpwhamburgorchardpark.org"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bpwhamburgorchardpark.org
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.0.1675559271\1335323246" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9593cbd8-6702-4347-8f14-03c10b36d229} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 1828 2cf110ba058 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.1.1262167155\721989697" -parentBuildID 20221007134813 -prefsHandle 2192 -prefMapHandle 2188 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b77014a-b06a-4f3f-826a-fe77273f5631} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 2204 2cf10ffc258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.2.1881875855\1064894549" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {838552e2-d305-49c1-b8c1-0adf8b4c9643} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 2940 2cf15306858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.3.111559608\1152449843" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 3516 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00817b3f-2387-4611-b08e-f499830df637} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 3532 2cf78b60d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.4.241249257\736987454" -childID 3 -isForBrowser -prefsHandle 4844 -prefMapHandle 4848 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a28085b3-952d-48ea-8478-32bc7e0fc3fc} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 4856 2cf17713958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.5.495837155\2033217042" -childID 4 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {532cac45-a249-4ebe-b5de-809225297a35} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 4988 2cf179c0b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3676.6.1042162605\1526820059" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1252 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4147fa15-dab4-46c3-a7f3-0dcbf7babc32} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" 5188 2cf179be158 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49764 | tcp | |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.28.115.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.54.240.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49770 | tcp | |
| US | 8.8.8.8:53 | ww1.bpwhamburgorchardpark.org | udp |
| US | 208.91.196.145:80 | ww1.bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | 9145.searchmagnified.com | udp |
| US | 8.8.8.8:53 | 9145.searchmagnified.com | udp |
| US | 208.91.196.145:80 | 9145.searchmagnified.com | tcp |
| US | 208.91.196.145:80 | 9145.searchmagnified.com | tcp |
| US | 8.8.8.8:53 | 145.196.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1.sn-4g5ednds.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.162.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\b5bc3b69-3438-465f-9b2e-9caecfb764af
| MD5 | 08d0d2c2ac0e6935ada02eef1795c828 |
| SHA1 | 3d21331eae7756530506b1d4b223bad90944d77b |
| SHA256 | 9f8583ca7a21d7def5282a98e9a91ef58aa7ace5090da5ad8c88398ec09e04f3 |
| SHA512 | 1fb62a30138c8e816078d4c4b1f5af54db988dc75e04c24acd104b38b28395387c9260ba93280f4af5410825ea98d9eea2227e2c5d42159b6e0fe95bddca73e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\7a24c3f6-8492-4020-abbb-1169f5384415
| MD5 | 7f0386afe54fbce2badc86f0bd7b38c5 |
| SHA1 | 92a81a7d3afc2839ec65c1e57be54f160d507422 |
| SHA256 | ac8b30ea8e0fb9f02a71f8da67f44147e03c8abff12f577066f8dadabcf8ec9f |
| SHA512 | 42ec27b377a44c90e62ebb6f4162ed6e750652d93eaee946847e3d09a151bb947addaa91649df7eeeafe7530f5102d558b46d4cf9f1eb125256d0defe3fd5c9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin
| MD5 | dbb36d6f2dcdd95dd3387e5d38098233 |
| SHA1 | e7bef2994316a761e9b1c4a60ad61594be8975a7 |
| SHA256 | 1e13f58c3281307d88e8dca42a4031f29b8edbdba0db1edc9fa68e1cb916b18c |
| SHA512 | fd7128c6ddefe91646f940e87a4e873f4e97843623976550d82683396030dd41329cb3f080659b78d6cf934ec4115bb7e5683cf8a6d3dffa33a16578c8e6f602 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | f72c2c8a738f1bdd4a5e24326ff248df |
| SHA1 | d60277881f6b36509d709948fcf7ed3ec3da74a6 |
| SHA256 | 06575a0a693c9e0f265fcf03ee5b6ced4dd922ac999f5d767a9a7d92fb199082 |
| SHA512 | 7fa2cc3e4f6e6f9c77fc12e188a0ef4e5dfd9079e1ddd2d689669513bd2e512136ac4485b34aa0ed8587c8cd519572d31eb2496b4091e229b6c339bf25c27d6a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 24c97722573293af4830ace6fdcb2a6d |
| SHA1 | 935f025d49148369ebf9df4759bb786a15887c07 |
| SHA256 | 1d28a1374d625b872f8f87937850a56a61cbb77447c23ac071c9f35b65e35fa2 |
| SHA512 | 0286da5df2bad65fa0e0a071f9e8bb93417138e83bde61dd85cd58c19cf13a39a55a7849a186ee486c9dfef69c8d9b878a36ecfa3ef531f8f38351f44476245d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | a409e817efe107cd43c886d5481bfc2a |
| SHA1 | 31a3590e499150cb6442eb8578f9ecdf292d5036 |
| SHA256 | f761f85c904b9330aff9c5a88ba00b835d9863ba0f6e86693a16deee0ff16e67 |
| SHA512 | f67b1fcc8919085daf41a5461986202ad2b0f216dfe71aca38b1b2b4ee884c1c25df1c55fb698f3ba8bf52fed6c4e2c3fb82ed23b1aab78d96ff7233d2584873 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F
| MD5 | 736f4e49d9ace40340548d3d571194cd |
| SHA1 | e805df62479ebf056eece493c86f8db54b2a93a2 |
| SHA256 | 5124de7b8c958e7d7c5f48e247038e22babe3fec137cd42467ea53305dd0758d |
| SHA512 | 16fd44ad52a2d03a9102996aa346c14b1a5b094074e89fdf0e2c9a7de1dad5ecf32a5d06ed7802320528765b85cfda2996e7f6d87e69510bb3c53d46d6f81f45 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js
| MD5 | 94b939855201fc242db1535cfded0ba4 |
| SHA1 | c87aed3c767d041fb6a26cf5cd653251e3c7acfd |
| SHA256 | f2b578d9c21551e797af7cda460857776263d91cd984e0e6db17dfe3cad323b6 |
| SHA512 | 552e3d89ad90f8a1521dd8f220645f948ad5e8d6a0d8cf08bd36a268ce1378d1c64fff4487f662f7900fe8cae449c5cd5c8865acaf5f7e23094dc8ba46f774c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 86c9796c15717cd812b42c7245c3f6a3 |
| SHA1 | 82438f2d9a3ce679b82a6af5e52a282df0938fdb |
| SHA256 | b5907040e9cd16318a4d4950adb75ac0178925674e0daf3a041b23d76bbc6288 |
| SHA512 | 767e1e2e59602be2990dffe321148dbc8ea6bba14abe42bbc784cee0a45bed63b6d535aa3e902dfddaec494ce54ae97ed527b3a3c7aa3940712b8e068822255e |
Analysis: behavioral11
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:10
Platform
debian9-armhf-20240729-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:10
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
0s
Max time network
128s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/task/1528/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab http://bpwhamburgorchardpark.org]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab http://bpwhamburgorchardpark.org]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 84.17.50.8:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:13
Platform
win7-20240729-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bpwhamburgorchardpark.org"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bpwhamburgorchardpark.org
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.0.482288622\135111133" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63ee88e1-914a-4d5e-95b1-f70c03f85517} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 1304 105bd458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.1.329367118\871753652" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9703f520-9091-41fc-a265-44062ae5289b} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 1504 e6f858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.2.2012884264\1286119195" -childID 1 -isForBrowser -prefsHandle 2100 -prefMapHandle 2096 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a7aa841-96ea-4e43-9781-124971a7ff88} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 2112 1abbb958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.3.1276503460\85877959" -childID 2 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dec679b-1da6-4cab-a541-05bba0aa3e5c} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 2920 1dd53858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.4.1240719850\1819358349" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3676 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84ab9e20-9556-48e7-a539-40afb42d273a} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 3772 105bda58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.5.1874887421\1175503963" -childID 4 -isForBrowser -prefsHandle 3880 -prefMapHandle 3884 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aa7ef31-f9ba-4b15-9a42-d50c0a472bbf} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 3868 1f40eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.6.20148636\1499220899" -childID 5 -isForBrowser -prefsHandle 4056 -prefMapHandle 4060 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {007e8eda-b8ca-4579-a7d8-0ade72bd4eff} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 4044 21045e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.7.2023966773\1079961072" -childID 6 -isForBrowser -prefsHandle 2184 -prefMapHandle 2120 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {785f8551-c1f3-42e9-b06e-22850e7ee507} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 2180 1f40d958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.8.2033388780\404609665" -parentBuildID 20221007134813 -prefsHandle 4204 -prefMapHandle 2236 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {266ec8bb-81dc-4bf9-9eb2-904a6e66eaeb} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 4212 219dcd58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.9.2141598767\871967835" -childID 7 -isForBrowser -prefsHandle 3900 -prefMapHandle 4308 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90e61fd6-2313-48cc-b0ae-eafc70efdc5c} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 3832 219de558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.10.1575327659\923770449" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4492 -prefMapHandle 4496 -prefsLen 26531 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22a7a1e5-79f7-4855-9fcc-5b5eaac4263f} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 4472 22797b58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2672.11.292044033\1271316506" -childID 8 -isForBrowser -prefsHandle 4628 -prefMapHandle 4624 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 688 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84c7b159-1ffe-4bee-a7b8-52cd0fc0a570} 2672 "\\.\pipe\gecko-crash-server-pipe.2672" 4640 21697558 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49204 | tcp | |
| N/A | 127.0.0.1:49210 | tcp | |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | bpwhamburgorchardpark.org | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| LT | 93.115.28.104:80 | bpwhamburgorchardpark.org | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | click-v4.expdirclk.com | udp |
| US | 198.134.116.17:80 | click-v4.expdirclk.com | tcp |
| US | 8.8.8.8:53 | explorads.xml-v4.ak-is2.net | udp |
| US | 8.8.8.8:53 | explorads.xml-v4.ak-is2.net | udp |
| US | 8.8.8.8:53 | impactserving.com | udp |
| US | 104.16.79.217:443 | impactserving.com | tcp |
| US | 8.8.8.8:53 | impactserving.com | udp |
| US | 8.8.8.8:53 | impactserving.com | udp |
| US | 104.16.79.217:443 | impactserving.com | tcp |
| US | 104.16.79.217:443 | impactserving.com | udp |
| US | 8.8.8.8:53 | go.krkstrk.com | udp |
| US | 104.18.40.50:443 | go.krkstrk.com | tcp |
| US | 8.8.8.8:53 | wl.hpyrdr.com | udp |
| US | 8.8.8.8:53 | wl.hpyrdr.com | udp |
| US | 104.18.40.50:443 | wl.hpyrdr.com | udp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| NL | 88.208.20.10:443 | cambaddies.com | tcp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| NL | 88.208.20.10:443 | cambaddies.com | udp |
| US | 8.8.8.8:53 | assets.strpst.com | udp |
| US | 104.17.10.106:443 | assets.strpst.com | tcp |
| US | 104.17.10.106:443 | assets.strpst.com | tcp |
| US | 104.17.10.106:443 | assets.strpst.com | tcp |
| US | 104.17.10.106:443 | assets.strpst.com | tcp |
| US | 104.17.10.106:443 | assets.strpst.com | tcp |
| US | 104.17.10.106:443 | assets.strpst.com | tcp |
| US | 8.8.8.8:53 | assets.stripst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 8.8.8.8:53 | assets.stripst.com | udp |
| US | 8.8.8.8:53 | img.stripst.com | udp |
| US | 8.8.8.8:53 | img.stripst.com | udp |
| US | 104.17.10.106:443 | img.stripst.com | udp |
| US | 104.17.10.106:443 | img.stripst.com | tcp |
| US | 104.17.10.106:443 | img.stripst.com | tcp |
| US | 104.17.10.106:443 | img.stripst.com | tcp |
| US | 104.17.10.106:443 | img.stripst.com | tcp |
| US | 104.17.10.106:443 | img.stripst.com | tcp |
| US | 104.17.10.106:443 | img.stripst.com | tcp |
| US | 104.17.11.106:443 | img.stripst.com | tcp |
| US | 104.17.11.106:443 | img.stripst.com | tcp |
| US | 104.17.11.106:443 | img.stripst.com | udp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | creative.xxxivjmp.com | udp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 172.64.147.206:443 | creative.xxxivjmp.com | tcp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 172.64.147.206:443 | creative.xxxivjmp.com | udp |
| US | 104.18.40.50:443 | creative.xxxivjmp.com | tcp |
| US | 104.18.40.50:443 | creative.xxxivjmp.com | udp |
| US | 8.8.8.8:53 | go.cambaddies.com | udp |
| NL | 88.208.20.10:443 | go.cambaddies.com | tcp |
| US | 8.8.8.8:53 | scashwl.com | udp |
| US | 8.8.8.8:53 | scashwl.com | udp |
| NL | 88.208.20.10:443 | scashwl.com | udp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| US | 8.8.8.8:53 | cambaddies.com | udp |
| US | 8.8.8.8:53 | stquality.org | udp |
| US | 104.21.8.107:443 | stquality.org | tcp |
| US | 104.21.8.107:443 | stquality.org | tcp |
| US | 8.8.8.8:53 | stquality.org | udp |
| US | 8.8.8.8:53 | stquality.org | udp |
| US | 104.21.8.107:443 | stquality.org | udp |
| US | 8.8.8.8:53 | websocket.sc-apps.com | udp |
| US | 8.8.8.8:53 | websocket.sc-apps.com | udp |
| US | 172.64.151.29:443 | websocket.sc-apps.com | tcp |
| US | 8.8.8.8:53 | websocket.sc-apps.com | udp |
| US | 8.8.8.8:53 | websocket.sc-apps.com | udp |
| US | 8.8.8.8:53 | websocket.sc-apps.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1---sn-4g5ednds.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-4g5ednds.gvt1.com | udp |
| DE | 74.125.162.198:443 | r1.sn-4g5ednds.gvt1.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| NL | 88.208.20.10:443 | cambaddies.com | udp |
| US | 104.17.11.106:443 | img.stripst.com | udp |
| US | 104.17.10.106:443 | img.stripst.com | udp |
| NL | 88.208.20.10:443 | cambaddies.com | udp |
| US | 104.17.10.106:443 | img.stripst.com | udp |
| US | 104.17.11.106:443 | img.stripst.com | udp |
| US | 8.8.8.8:53 | static-cdn.strpst.com | udp |
| US | 104.17.10.106:443 | static-cdn.strpst.com | tcp |
| US | 8.8.8.8:53 | static-cdn.stripst.com | udp |
| US | 8.8.8.8:53 | static-cdn.stripst.com | udp |
| US | 104.17.10.106:443 | static-cdn.stripst.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 2c64e6e7dade2e63be8f1592ee58d6f1 |
| SHA1 | 480fd0975843f32d896d7443015d1cc551912dcc |
| SHA256 | 7dff7cfec3ec25655dd04148ddc6aeff707a43ad23051fd455a91c6fdae1bd7b |
| SHA512 | 69203b0f169ef21c6919b555da3038da367f7f3bfc5c88cdc80497c9942a06df5d85b07714a8c3fee712049a2822949e8bb33e4dc1f80d50e542e1b6778efbd9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\fa401b32-c144-48a1-9610-db23c92cdf9f
| MD5 | 45792481bdb11240dc9da3b2fcdd1e82 |
| SHA1 | 023407f695e4baf68537f0d70cb785a01e4c01f7 |
| SHA256 | 7114506ecc5b84eab932a3c547396c760dfb7b27a7467b70654e0ab52e979b04 |
| SHA512 | e7b856e6295829dd04e7cd23cc60c082ec4773acfa7af44af10a45bcdcc6e940d2d8962af399a7c5ce8911cf71fb6deaeb7f6497b369f316e8bf83325439a654 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\6f28034c-5aa4-440a-9f34-8587056080ab
| MD5 | b0ba4827e8badb4e0f2a5ffa97991b11 |
| SHA1 | d82a1d2569ffaf63b95b775b30e5bdee6ca2350a |
| SHA256 | 05b079456fc7bb520c5066418fae9a10d173b6e9130a6dd99556e86cfc2d3363 |
| SHA512 | a85245c96ff9baf205b572354b1865e24491c91589e9efa789299d7ab263b69f6072814cdb5068e98138e1e32025ef842f22823b60817a639541a8b162de3968 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 892c45ca2b4820092c169e4b142c35e9 |
| SHA1 | e1aaab87bfe65fb95b44ef687d050bd9d0df870b |
| SHA256 | f3044110617bf057ffd2f5c0e80d5c596c566e36a603436c057dbdad37f797dc |
| SHA512 | 2927c0302c3f735cab33ecd42befb39484bd462d89f8fcbe3c7ebcaa815e74d9d9ba3c29911847cb2c9dc01f40279440bbfd6ed6e582f19b9546c40d25c65515 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | c460716b62456449360b23cf5663f275 |
| SHA1 | 06573a83d88286153066bae7062cc9300e567d92 |
| SHA256 | 0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0 |
| SHA512 | 476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6f5f231518bd5ea7da85bd67a8bfcf7a |
| SHA1 | 1546a74230643fe5ff6b54e2be901b4cb0221cff |
| SHA256 | f0f2a146ecf7b758673770057215c41f3faaeec7d9f7536637ac34ad5ef29298 |
| SHA512 | 178499f9303b2b399f5fffcf26f5b1e3de89b761ae4ea7bbf505fa6fa1078974e200b748fe35ac11aa6297781ee6a57f2fc0a479271692867580a12cc53b8eb2 |
\??\PIPE\samr
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\default\https+++cambaddies.com\cache\morgue\6\{46edc479-be0f-4d37-87b8-ebb956739006}.final
| MD5 | b1072bbe32733dc0e67a9cbbbddb8d06 |
| SHA1 | 2752d955e0c47ecc99fc661c9256c480c0cbe897 |
| SHA256 | f57537a23cadbdf0dfa38e7b9d0d0eb6f993e70b50bf3f8d6bf54b609342a0f3 |
| SHA512 | 4c0ff29edea9d9bd41795c6f914d105ac714b24d82d803f903a6cb46b27c6cd63ca722920b1c640b7efbcf361f1f155fd26739bce6180522203dcf2c173f5c18 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a7273783b3ffb1163fbdf64e8d6f2aa8 |
| SHA1 | 5c234dbe46f318ac4ba7039f5f2e70ead053b19c |
| SHA256 | 186073cc68324cac75573a19204f6a955ca6ce39eaaefb13539fef443572e232 |
| SHA512 | 9bd848e03889ca7ea967f74fe7730af9ddb0ef4f42842f19e0b400d95cd1898d6252693fd0f5147ee5d7bb90dd7ff0ddd832c942d6167f5b94b03ed7d6b960c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js
| MD5 | 8a211929bfca1d2411327bbb2ad0a03a |
| SHA1 | a8aaa15936a7c67bb7b445f40e3a2abf20e0b49f |
| SHA256 | adaf8d38959cdd4d3b3cb19e39f25b187701e60f5ed4b3b294e60edcc5e9f8e9 |
| SHA512 | c8c09a9ef08c334afcab71940500e6469dcc97a361dc6009f8c41993f16a07468f21ff851b07afa42b0d7905f3a2e3be4846a2acf6e4acbad77cfb08c41d0a5d |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js
| MD5 | 71088062bbb4f46ce8c3e385c6891aca |
| SHA1 | e4b6c23b8392f28132c461959dcf8e6554db7a15 |
| SHA256 | d4f0a6b0e9bfff4a85ff8493e9744900556e8c1901e627865ed9ad77e08892ca |
| SHA512 | ad6d63609fefab5b6b07d0f2d0f3487c34f6bb529aa8b74c36bfdd74a19dedc24364a7ce58247249ba9bfbc4d45bf0b00d89e45bb10a90e72bd070be0eae510f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\default\https+++cambaddies.com\ls\usage
| MD5 | 206c2e706dcb7565c1d60f242960870f |
| SHA1 | 54a1a9d9e9156414ae150aa40299d1e948af9b46 |
| SHA256 | 5c178045c65dd8a5977976f3e8b542d294f7c5cf49cc730ddb6bfa048feffd70 |
| SHA512 | 10743b5317896a5af63b0d2e0624efb20e8efcee0c01550305d8e78f1395094f89e56d3c3b435ed1035aab818b32fd80ff783cfe66c0a0d5ea33250eba2eb459 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\doomed\5975
| MD5 | bbdae289db1f579e18a77663e97817fd |
| SHA1 | 7564150803e0d5a3a0c57afa58ea862a6f333b68 |
| SHA256 | cacdc29ddc56b52efcf9be3dc18ab9f4037c5801d688ef672df7e3aa0e6e208a |
| SHA512 | f77c41407c76f9269c878bd0fde4693083a7f09aba23ccdfa9da8886b511b640a29e44791bf80d1e46bf41962f8e8d264caee2e62c4949e2da11bf36ffb9fd80 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-08-23 13:10
Reported
2024-08-23 13:10
Platform
debian12-armhf-20240221-en
Max time network
3s