Malware Analysis Report

2025-01-23 15:08

Sample ID 240829-rkbdrsxgkj
Target https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000
Tags
discovery evasion antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

Threat Level: Likely benign

The file https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000 was found to be: Likely benign.

Malicious Activity Summary

discovery evasion antivm

Drops file in Windows directory

Reads CPU attributes

Changes its process name

Checks CPU configuration

Resource Forking

Enumerates kernel/hardware configuration

Writes file to tmp directory

System Location Discovery: System Language Discovery

Reads runtime system information

Browser Information Discovery

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-29 14:14

Signatures

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:30

Platform

debian12-mipsel-20240221-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:30

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

win11-20240802-en

Max time kernel

1780s

Max time network

1789s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1656 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 1600 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1656 wrote to memory of 3932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff956e73cb8,0x7ff956e73cc8,0x7ff956e73cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4876 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,4057478719374099781,6517212102117757583,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 webminer.pages.dev udp
US 172.66.47.98:443 webminer.pages.dev tcp
US 172.66.47.98:443 webminer.pages.dev tcp
US 8.8.8.8:53 98.47.66.172.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 172.67.24.44:443 smiling-tilda-mono.koyeb.app tcp
US 8.8.8.8:53 44.24.67.172.in-addr.arpa udp
GB 2.16.170.58:80 apps.identrust.com tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
N/A 224.0.0.251:5353 udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 8.8.8.8:53 190.78.22.104.in-addr.arpa udp
US 8.8.8.8:53 retired-jorey-malphite-node.koyeb.app udp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.79.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4bf4b59c3deb1688a480f8e56aab059d
SHA1 612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256 867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA512 2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

\??\pipe\LOCAL\crashpad_1656_DTBWLPJQKXNVCIBB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4ae6009e2df12ce252d03722e8f4288
SHA1 44de96f65d69cbae416767040f887f68f8035928
SHA256 7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512 bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 62c3f2129d2b2e2e3fcd26a454476d82
SHA1 91990c0130563696816b5309c12e0b507ccad7af
SHA256 66704ed513ac87656bf0df6d509dde18da2000c076448f0482afe8b3c43bb76d
SHA512 58e767cbcbd268378aee45706dd94878ab6f93eefcc530e86e585ed6a48f6fa28bdebb4684fb703f1fd4f7a0058f3b68410946f10b5fb341d1b4712be0cb4aa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a010b5a3f01d05469af0362c4b1ec32
SHA1 7aa31aad50be1aafb1a4e66ce815d5c861f94a86
SHA256 d0489954b0d41c8edfed68fe40bf706f0c6e84db2166b63a5a8c675e71efbbb9
SHA512 08bb8db537e8fe2ad18d348fa62643340db3bd647c753558ae48cc4d90dcb5e4d346e077f03d53af70534a64494d9399ffa19c418e5f4fd4208607dbd554c60e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9c4e40aa24a0a00fbb2437cf8679932c
SHA1 9d2b03504d7eeb8be2002aadc4daceff59afec66
SHA256 ff252d079e22409a4679513beaf189be17650b6e9171d1302a13b6732b1fe9f0
SHA512 3fc539a7f9b78f9629a431fd579c2565cac175770e5ca93076ef2b9d834c0a5cde71d64a7849d06fa5a48a8dfaaa874bec89c9a423ba3e70ef92dd996e88ad1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 af67002f498130017b2332ce6e278638
SHA1 76331305ee97c595230984ce5da5659fdede66db
SHA256 7be251ed90e0c97969f7029a28fef75284c9eb1ea91c706812d7e97b2fadf085
SHA512 42672c7a39dff4ea081aeaa906e612e2320d5f37be40602609dbcb061b42f65ff2d037a97cae78c252ebf240ebc53e87e4d9f2a6c5ee500ff3cd8ec5fde62cab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 804e67768d36a07d57bb16a489497781
SHA1 62bddab544b154a67369c15d71cd4cd19b3909e5
SHA256 947abf989e5317532d84bd1589d95ddc4f3d8610c3c89c2f8240f922b6889cb5
SHA512 025578b0dae6d97cd818285edac9a08b5085e6f857e776ec4817ad225ea926b3134fc7f72dd0ed65c037d868c751747fa5358e5dc0a0e7e6e1e1e4fc85176d6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9c794b0e03f5e41edb38691175dd42cd
SHA1 941b389a1df6dc8cf6c5ef158ea9216b618aecd8
SHA256 cd584f081d7b62dce70a325de83be02d2836740184e834788891541dbc1d3601
SHA512 43a3fcedcb3e4beef3d2a2b03adc8701c1f5efc4cd9d862829c1a6f1319b9ca34c0fda4c79f6411c999d4dcafc7d78355ab07ced3650c7ee2f3522e1dc559a82

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

win10-20240404-en

Max time kernel

1799s

Max time network

1587s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "431755310" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "431723319" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9d780ad11ffada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b18b1dd11ffada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b500f0eb1ffada01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 6096ee030a1cdb01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 webminer.pages.dev udp
US 188.114.97.0:443 webminer.pages.dev tcp
US 188.114.97.0:443 webminer.pages.dev tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 188.114.97.0:443 webminer.pages.dev tcp
US 188.114.97.0:443 webminer.pages.dev tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.178.3:80 c.pki.goog tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.122.92.56:443 www.bing.com tcp
GB 92.122.92.56:443 www.bing.com tcp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 244.73.46.23.in-addr.arpa udp
US 8.8.8.8:53 56.92.122.92.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

memory/2340-16-0x00000255DC920000-0x00000255DC930000-memory.dmp

memory/2340-0-0x00000255DC820000-0x00000255DC830000-memory.dmp

memory/2340-35-0x00000255DBAF0000-0x00000255DBAF2000-memory.dmp

memory/3160-65-0x0000017F45780000-0x0000017F45782000-memory.dmp

memory/3160-72-0x0000017F457F0000-0x0000017F457F2000-memory.dmp

memory/3160-70-0x0000017F457D0000-0x0000017F457D2000-memory.dmp

memory/3160-68-0x0000017F457B0000-0x0000017F457B2000-memory.dmp

memory/2340-92-0x00000255E3760000-0x00000255E3761000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4RJHRD2W\favicon[1].ico

MD5 1ba2ae710d927f13d483fd5d1e548c9b
SHA1 c0605efed936ee2600284e6480521d06fa64f872
SHA256 db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445
SHA512 f933cd352eaba92f509b3863353ddfefadfada26a4152ecdc4727d450bbf35e7b10fb3038fe8db340d5c63d74e608c1560ec84d0f6ffc8ccd940c9e0d7533544

memory/2340-91-0x00000255E3750000-0x00000255E3751000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\JQCL54OC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

macos-20240711.1-en

Max time kernel

350s

Max time network

1801s

Command Line

[xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer N/A N/A
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck N/A N/A

Processes

/usr/libexec/xpcproxy

[xpcproxy com.apple.loginwindow.LWWeeklyMessageTracer]

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/libexec/xpcproxy

[xpcproxy com.oracle.java.Java-Updater]

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged

[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]

/usr/libexec/pkreporter

[/usr/libexec/pkreporter]

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd

[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer

[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/libexec/xpcproxy

[xpcproxy com.apple.audio.AudioComponentRegistrar]

/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar

[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

Network

Country Destination Domain Proto
GB 184.85.51.234:443 tcp
US 8.8.8.8:53 49-courier.push.apple.com udp
US 8.8.8.8:53 27-courier.push.apple.com udp
GB 2.18.109.84:443 tcp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 courier-ab-vs.push.apple.com udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6-courier.push.apple.com udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44-courier.push.apple.com udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13-courier.push.apple.com udp
US 8.8.8.8:53 3-courier.push.apple.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29-courier.push.apple.com udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12-courier.push.apple.com udp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26-courier.push.apple.com udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 courier-ab-vs.push.apple.com udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24-courier.push.apple.com udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23-courier.push.apple.com udp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0-courier.push.apple.com udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 42-courier.push.apple.com udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31-courier.push.apple.com udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30-courier.push.apple.com udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

win7-20240708-en

Max time kernel

1563s

Max time network

1564s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D2B3D21-6613-11EF-BD41-DEC97E11E4FF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431103617" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20cffde41ffada01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000062d7b733c5325dccd7c6dfebda02cdf8c7b30ceb50c96d391f1f65bf738ab18b000000000e8000000002000020000000997b44907e0abddf7fd08027d0b8969f2f04c091a261ca7f94d0983b25d8001120000000c8813a1fba61fccf00d2c423551d6292303bec7853f87271b5d8faeb82590f6a40000000c56deb6c3a1ba0fd1091f420124bcdc07332e76323129c366a91fb662738ec078bfcccbcf9399c4d43f6090112b78c773adebb4dcbf3920eda6f64adec779d5b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000000a3f06b62292c56ead506dc74af11cdf9b1f114941f1781edb94f9c02476029c000000000e80000000020000200000001c4cc3c858e1ce6acfec73bf76891a1be238279678221235d637686ab0693cd29000000089b322ff9c96b0e9ae61e28f6ba437a0cf0a1f23344bcfd20c40b11a92b153eb8852c811ca40e14cb00860869ddb3be73c3e8303536709865983b0136854235ff916d471dd47c85730727b9834d574ec4271c13ad05b14f42a7cd10411d719f8a798551d11aadfdbd8b1287fdcbfd529bd4fecf5f73b16a3cf6455f8721093ccfcce4ee27b7643a473760a077b2e219540000000fc2af90011698317acb310f02281193617fb61beb92ca3fb01f722e4164016f5bfa9ea2f14e70e35b8b8c4ceaabb66e0437b14b993efb5e85f0234ae69076081 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 webminer.pages.dev udp
US 172.66.44.158:443 webminer.pages.dev tcp
US 172.66.44.158:443 webminer.pages.dev tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.178.3:80 c.pki.goog tcp
GB 142.250.178.3:80 c.pki.goog tcp
US 172.66.44.158:443 webminer.pages.dev tcp
US 172.66.44.158:443 webminer.pages.dev tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\favicon[1].ico

MD5 1ba2ae710d927f13d483fd5d1e548c9b
SHA1 c0605efed936ee2600284e6480521d06fa64f872
SHA256 db74ab0b78338c1f778f8398c45f4103c99aea0e845a3118a7750b4eeafd3445
SHA512 f933cd352eaba92f509b3863353ddfefadfada26a4152ecdc4727d450bbf35e7b10fb3038fe8db340d5c63d74e608c1560ec84d0f6ffc8ccd940c9e0d7533544

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0qn8gcy\imagestore.dat

MD5 f092ceca607351799337524415992796
SHA1 2e347589f1f8107822a4d6b0f5bfa45611a61103
SHA256 6fb7e545cbd0bb42b13619b8f5b7608814a503e1e48191c0b7999805851ce4d2
SHA512 7e75a4098c3ba7cb3fc31bd5c4a460783659d44cbaa8eae2f67708400362181067f1b464dda28aadbf9385f66451904e58d864ce563abd3e75662db7dddcbccb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 313da1d3fd9bdd9291f621bf0f761f06
SHA1 727d36d2cb22599708b988cc90b284d11fb06dff
SHA256 50feee4a2b0d1561103ccd4325508cf60832e9ef4aa6845c45d49c2bf2f5c4be
SHA512 4728a2d389d1625bdc53ed6317c1d9f26aa70b18aae4217c8243f8fe24b1292f2c11e85867fc92cb0aeffe9ac735fc87842d87cb7d106fa0624322f02dd4445b

C:\Users\Admin\AppData\Local\Temp\Cab849D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar849E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78ec6e4da85ab348af0571d25f7bcab0
SHA1 4774701439c922fbaba97e0d2f1bcb066db10c3c
SHA256 bd1e294f0e72bb2357c8279432e789af49c77b9991f5a6c56bde79bd3b0c909a
SHA512 2eafcd92a9251396bd4f8241d1a34b24cd925730df63bd52b57da4bffbd0cf7ff3db2b8c2c2120fe2743be2a01e6d5646dba3d20cca1ad0c5ae0dd3dd88c818c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0377784b8317201671cbe7744606f750
SHA1 359abf4743bd26d2d79dfe8115a467b500bd5a74
SHA256 8d1760ccc2fda939624e31e0758346c5ecc849a760000541f2fa8f16da0b58af
SHA512 5611c35f38387c3394ca38291ebebbc7188622d343f67b3a317bb10bc99ce3267233d45b160bf11fb2903775d367b56eb083b7f31f4712eeaca6ffdd54d2fe39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2662247c9a982cdf0f748e922296591
SHA1 35e427d53c7fa0e676ec1ac5f78c0bcb22017387
SHA256 83559b7471475b63d8156b932299bc094580f89794966a1b5613f38dc9f17a2b
SHA512 7befe91880ed41c315bb29182049176d997845096929fae4df213e7decdec128acc163b83267c9f451e18a6dff7602dce308bbf6172affe9c24ab0dcc4b0fe51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efd6919c121e54702c271499b0b8ef4b
SHA1 e5ea9c729b0b33d7b71ebe5657c0353e290f8184
SHA256 e23983efa06e217fc9972cbb99cce7a4da22e4ee9e375b3fe799b7b55d1491b1
SHA512 762f05774e2b3dc080989f0d577d2224e0e04d4994ff866ee8c9e3d55717b1d1953d941075ea62957bdeaa309d0a118328eb7dc2ceb51cdf770b6d135bf80de1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ffaa99b67ecca4e0dfa93ef7c7d5156
SHA1 944fee2f8959d6fff688fc8f94edce08aa5bc560
SHA256 e2d27eff45142ed15ea57820faedaadbaa859effdb5bbd52e38d393ef8189861
SHA512 53dbdb3d97b40f69e7da79e3e9bbaa656e91a254f116a00cf78b3964cd8fd718b6e2f98b2f2d9b705da0402c52c99532b93117ecf22efbcebc9de57f8228ad4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dbf6ea4d9a84c3825264fb866ff1b1d
SHA1 9e84ffa6319f803c6ffe6752044b5df81ba198ac
SHA256 ed976c493dbf001ca0d14aec741f2d4022e8610f770ca560fb65b5d89eef5625
SHA512 f868be83a7eeb64d20cd03f584b49807866c8a773d11599a2582f607803df3b1d0af0ad9a4516272512a7652a76070001bdd4631339f3a0e9ef081ad52033a03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f47ced351d937b416794dd3fe80b869f
SHA1 784b312b6490e71afd5a3d81b6f67ef421055856
SHA256 f5a6bf1096b9570a28eb81637aa3cbb568cc31495d893f2e1540f5f9b089daaa
SHA512 b52c968167851e4f4d7420f51612be2a6737aa27f0dd7789dd05137ccc8820715a4aa1cdd57dddd022ad45d5d9f8dc2784cf0e4027ac82d33298c18ffb585dc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9475cf4dc77adaf68fdfc7f56d50930
SHA1 3082b9b2cb43f59dd2ac1f77338199d92569acf9
SHA256 599cf59190082d2a0a10616a4e6068e2a10c0d1f296f4d07876f93b332a488b0
SHA512 2e52937e6584103b329f5ae8984110fb0968eb456881a89d744fe93bfc6e02ef214e10715beda68a06206c0305fe6985e82c498523cf39c6c34bbc95daa5b51c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff9af86a60fa7a9d2ff52896e4a3d827
SHA1 5815386e2b06bcbcefef98f6466b046772a53acf
SHA256 c3fa1a95ab8dcc0d54fc83589e0476d888b70205eee8a8cda85e758d0e9dbd15
SHA512 87f7218f297f8a1144c5bb96f6327b490f16da6829501c688309b5131d76f224d937a48e525b91a8dadf9fd19208df20ea7fe79752ab9c91ea0ce067b14f7c90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e801cd4a9d146e53abab0a522e96544c
SHA1 fbbfe66d4eee8284ede1d42dae7bfa4f2472ee6c
SHA256 0a1756b5ba6d5eb6f0da1eff3843cb5b79afc9a4ba39c76bac202191ff675650
SHA512 481ef00ea6ca43b774df181cf37700743e41d2694ee5f98bd77596a3f3fbc09080b26165b93b34a9ee2e2c358416c7d6f6a33c47d60cd78ae1a92fe8764a68d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61620f55af0c7418e8e274fcc2e1a276
SHA1 b2d5b179988ccb1746ae5a62d4cc378b29debc61
SHA256 c42f04a8b6a063d716477e303517b82ba53435b7c04940c86c54f08036027581
SHA512 660981425f9a632034f49eeca491a06519cde996519824ec7784be9078f5603adbdbafed9423754891ceb14d59be51134f56207bb1c37c15061297d73a0a07db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 824ce3de38a37f907c59f3606ac9988f
SHA1 8bb4190c0179f1eee04db1d1cce99be5b0db19ac
SHA256 2271ebeb323d1345c6fe311e103dd4d27e9c08aa63d8e22795807ee3b2afff87
SHA512 1d8567118210be4f9c18854e98aa48281756fbd4b6d873018acc1d4460d2bdcd7f2c2eff20478dbf23ef51920d4a55eed52771be7b372d097874c88f21e7f757

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59ced829d781b81096d914a608f5b47d
SHA1 b1594ac0619d3fb142926abc6e3cb2ffe5d1934d
SHA256 4823cc261aff9213b89969850f5e3fc714ffe4c53e4ea1e22d0d2caddf067161
SHA512 83a1aed4ddad58fa39373fa20786ee9b16d9a5123dc0e75632ac6a110941a5a8aed28d50ddb04721fbf1c08930d8b99549cf96860b3437428e1d65ccf0c941e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24aa7df41ec7d2414e15ceaefdacd48a
SHA1 9b377ae068ebf792d592c136a857c58487ffc1f9
SHA256 a603aa51ce8d0b9846881995ce7ff38798c46cc4c6b15f89f09fbbbab3931ea1
SHA512 1c14a52319acedf7560e7a2c93f2e87e8504b41ed760b05f5aca8a5a818121c4436b6868d90f28d0db021532029af16bb8fd58b82e47c4deff0997d47d453716

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5cece3156e0eb4dbfe4a407cd3bd7ed
SHA1 b560ae52b7957d9ba137ab1d3f3050071cbac85a
SHA256 cf8a26f0db8b294492da05b9a3b2215aabe2022c66a43abdbef55a3eb4b670ba
SHA512 611d1c2d97672d4d18399e86e2051f3df428dd7a9bec8fb64b93f126f6f904e854ea3ac0c4f1cf00b89c52f247996c8062bf69f865e89e6816f07971eaccd130

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b88cfc1c27afe0b4098e8831ea73452
SHA1 b16bf8d8e10c7c636928f575359f8243e1300913
SHA256 807d1772ebdaf00edd76ee4b8f6d135ad9f1d5069f3fe93a9c2493408183efe3
SHA512 3a3ad8e081221e1ac289b3e13b5509700c8c37b946a49c59107f67ec61affe265379efa7fc8a424b095fec3e62763a21d40b37c30f6db565a4029f97f15eea6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 773d96408281909ff89993b3add00588
SHA1 4fd3adae88536ce13631e871e54a691b8da5d8dd
SHA256 9004b074a03114fa30017e8518fd8ac63c4bbdac0dec24b793b820100553f6bb
SHA512 5c535150af675d014ea1d17ee3b4051b0210376bce4430fcd1ef2f021c58ffb56a6ea9a2b580db4f148c9cb706c311968ff08c87b442dde4ecc1966ae3ab2ca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1e39463c42952610494a26bcdb40961
SHA1 c448806ae7c08e065ffe82f306d660a85979aa64
SHA256 a2c64f3a81c671c32675e4a6441f2e96c0b1dbbae083e01c946c0b1037c29b08
SHA512 79b2078789fab799a7de2242dde953b1a3db9e04d7760d79104e6a4b5b56b3a77bbfd6526284b6bc320cf604ed96b75679e6a2cb73394df93dbebe14618a3966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f70519cdb81edd3c5d4a8791b532c35c
SHA1 29bc8235f55c991c99696681a0d4d7700f5ab0c5
SHA256 815456107725fbc063d8e839eb8bb6a024183e267f37d3764bfe29f828b4e13f
SHA512 57329a12fd2e86fea5b8c9fc2a50a09068c244895802d851ed9dbd99d7b99f93904e9c0e60f0b42c4a0ff24600ff5d58b5f0afffcddd0c6d2398e09e719ffc7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15148c4dd5697a10f7e93e078d47bb09
SHA1 c20c9708634d854fb864e99d5425c2624b6f76b6
SHA256 33cc0cd01ddab7a0a14e400e5786828064b2305e941507b9abd7b1bf708ced1e
SHA512 c491e9d2d099c73ee5e521eb93ebb80ee89a2e52327a68410e1a173052ae7f78754ea4b004adf2cf986fb76f6d82902edb84f8e8aa3449e9080c98f09470aa8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dae5ab5cb55261a8e336d35b01daeff
SHA1 1e1b0e211c733a0f772a8362423b126d1610d6c2
SHA256 d334bcb90ec51636628dca8de6557ff5783e111b4e6a91779eaef6c59285e7b1
SHA512 0465784bf4763d0471a4b7406c40683ba090caadbb92f6b7c1d77e072bb3ad2b1d9394e05ad1659ed67a376e6d121e4f34a03bb1e03e7bdf54166c24e7034691

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

ubuntu2404-amd64-20240523-en

Max time kernel

726s

Max time network

897s

Command Line

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself pool-spawner N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself dconf worker N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-spawner N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself dconf worker N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/kernel/security/apparmor/features/signal /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/domain /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/ipc /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/namespaces /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/domain /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/ipc /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/query /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/ptrace /snap/bin/firefox N/A
File opened for reading /sys/module/apparmor/parameters/enabled /usr/bin/dbus-daemon N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/ptrace /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/caps /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/policy /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/signal /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/network_v8 /snap/bin/firefox N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/rlimit /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/mount /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/namespaces /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/policy /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/io_uring /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/network_v8 /snap/bin/firefox N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/caps /snap/bin/firefox N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/lib/snapd/snap-seccomp N/A
File opened for reading /sys/kernel/security/apparmor/features/file /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/query /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/file /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/rlimit /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/network /snap/bin/firefox N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /usr/lib/snapd/snap-seccomp N/A
File opened for reading /sys/kernel/security/apparmor/features/io_uring /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/network /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/mount /snap/bin/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/self/mounts /snap/bin/firefox N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/3714/cgroup /snap/bin/firefox N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/3639/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/3716/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/3645/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/3726/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/random/uuid /snap/bin/firefox N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/4823/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/dbus-daemon N/A
File opened for reading /proc/sys/kernel/seccomp/actions_avail /snap/bin/firefox N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/mountinfo /snap/bin/firefox N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/seccomp/actions_avail /snap/bin/firefox N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A

Processes

/usr/bin/xdg-open

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep -l x-scheme-handler/https; /.local/share/applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/https; /usr/local/share//applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/https; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]

/usr/bin/grep

[grep -q %s]

/usr/bin/x-www-browser

[x-www-browser https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/xdg-settings

[xdg-settings get default-web-browser]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep -l x-scheme-handler/http; /.local/share/applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/local/share//applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]

/usr/bin/gsettings

[gsettings get org.gnome.shell favorite-apps]

/usr/bin/grep

[grep -q 'firefox.desktop']

/usr/bin/gsettings

[gsettings get com.canonical.Unity.Launcher favorites]

/usr/bin/grep

[grep -q 'application://firefox.desktop']

/usr/bin/gsettings

[gsettings get org.mate.panel object-id-list]

/usr/bin/which

[which qdbus]

/snap/bin/firefox

[/snap/bin/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/lib/snapd/snap-seccomp

[/usr/lib/snapd/snap-seccomp version-info]

/usr/lib/snapd/snap-confine

[/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/grep

[grep -q %s]

/usr/bin/firefox

[firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/xdg-settings

[xdg-settings get default-web-browser]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep -l x-scheme-handler/http; /.local/share/applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/local/share//applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]

/usr/bin/gsettings

[gsettings get org.gnome.shell favorite-apps]

/usr/bin/grep

[grep -q 'firefox.desktop']

/usr/bin/gsettings

[gsettings get com.canonical.Unity.Launcher favorites]

/usr/bin/grep

[grep -q 'application://firefox.desktop']

/usr/bin/gsettings

[gsettings get org.mate.panel object-id-list]

/usr/bin/which

[which qdbus]

/snap/bin/firefox

[/snap/bin/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/lib/snapd/snap-seccomp

[/usr/lib/snapd/snap-seccomp version-info]

/usr/lib/snapd/snap-confine

[/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

/usr/bin/grep

[grep -q %s]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.16.170.50:80 r10.o.lencr.org tcp
GB 2.16.170.50:80 r10.o.lencr.org tcp
US 8.8.8.8:53 webminer.pages.dev udp
US 8.8.8.8:53 webminer.pages.dev udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 188.114.97.0:443 webminer.pages.dev tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozilla.org udp
US 8.8.8.8:53 www.mozorg.moz.works udp
GB 143.204.72.186:443 www.mozilla.org tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 188.114.97.0:443 webminer.pages.dev udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.16.170.42:80 r11.o.lencr.org tcp
GB 2.16.170.42:80 r11.o.lencr.org tcp
GB 2.16.170.42:80 r11.o.lencr.org tcp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy.cdn.mozilla.net udp
US 8.8.8.8:53 normandy-cdn.services.mozilla.com udp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 classify-client.services.mozilla.com udp
US 8.8.8.8:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 smiling-tilda-mono.koyeb.app udp
US 8.8.8.8:53 smiling-tilda-mono.koyeb.app udp
US 8.8.8.8:53 retired-jorey-malphite-node.koyeb.app udp
US 8.8.8.8:53 retired-jorey-malphite-node.koyeb.app udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 www.amazon.co.uk udp
US 8.8.8.8:53 uk.hotels.com udp
US 8.8.8.8:53 uk.hotels.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.wikipedia.org udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 r11.o.lencr.org udp
US 1.1.1.1:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 o.pki.goog udp
US 1.1.1.1:53 o.pki.goog udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
GB 142.250.200.3:80 o.pki.goog tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 smiling-tilda-mono.koyeb.app udp
US 1.1.1.1:53 smiling-tilda-mono.koyeb.app udp
US 104.22.78.190:443 smiling-tilda-mono.koyeb.app tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.180.10:443 safebrowsing.googleapis.com tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.180.10:443 safebrowsing.googleapis.com udp
US 1.1.1.1:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.55:443 api.snapcraft.io tcp
GB 185.125.188.55:443 api.snapcraft.io tcp
GB 185.125.188.55:443 api.snapcraft.io tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 1.1.1.1:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 1.1.1.1:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 8.8.8.8:53 canonical-lgw01.cdn.snapcraftcontent.com udp
US 8.8.8.8:53 canonical-lgw01.cdn.snapcraftcontent.com udp
GB 185.125.190.28:443 canonical-lgw01.cdn.snapcraftcontent.com tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 webminer.pages.dev udp
US 8.8.8.8:53 webminer.pages.dev udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 8.8.8.8:53 r10.o.lencr.org udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 2.16.170.42:80 r10.o.lencr.org tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
GB 2.16.170.50:80 r10.o.lencr.org tcp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
GB 2.16.170.50:80 r11.o.lencr.org tcp
GB 2.16.170.50:80 r11.o.lencr.org tcp
US 1.1.1.1:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 1.1.1.1:53 webminer.pages.dev udp
US 1.1.1.1:53 webminer.pages.dev udp
US 172.66.44.158:443 webminer.pages.dev tcp
US 172.66.44.158:443 webminer.pages.dev udp
US 172.66.44.158:443 webminer.pages.dev tcp
US 1.1.1.1:53 www.amazon.co.uk udp
US 1.1.1.1:53 www.amazon.co.uk udp
US 1.1.1.1:53 uk.hotels.com udp
US 1.1.1.1:53 uk.hotels.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 www.wikipedia.org udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 twitter.com udp
US 1.1.1.1:53 reddit.map.fastly.net udp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 1.1.1.1:53 api.snapcraft.io udp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 1.1.1.1:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.10:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 o.pki.goog udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 pki-goog.l.google.com udp
GB 142.250.178.3:80 o.pki.goog tcp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 r11.o.lencr.org udp
US 8.8.8.8:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 8.8.8.8:53 canonical-bos01.cdn.snapcraftcontent.com udp
US 91.189.91.42:443 canonical-bos01.cdn.snapcraftcontent.com tcp
US 8.8.8.8:53 services.addons.mozilla.org udp
US 8.8.8.8:53 services.addons.mozilla.org udp
GB 18.245.162.100:443 services.addons.mozilla.org tcp
US 8.8.8.8:53 api.snapcraft.io udp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
US 8.8.8.8:53 canonical-lgw01.cdn.snapcraftcontent.com udp
US 8.8.8.8:53 canonical-lgw01.cdn.snapcraftcontent.com udp
GB 185.125.190.27:443 canonical-lgw01.cdn.snapcraftcontent.com tcp
US 8.8.8.8:53 _http._tcp.se.archive.ubuntu.com udp
US 8.8.8.8:53 _http._tcp.security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 security.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
US 8.8.8.8:53 se.archive.ubuntu.com udp
GB 185.125.190.82:80 security.ubuntu.com tcp
SE 194.71.11.163:80 se.archive.ubuntu.com tcp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.58:443 api.snapcraft.io tcp
US 8.8.8.8:53 api.snapcraft.io udp
GB 185.125.188.54:443 api.snapcraft.io tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 15:07

Platform

ubuntu2404-amd64-20240729-en

Max time kernel

0s

Max time network

1255s

Command Line

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself pool-spawner N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself dconf worker N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/io_uring /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/ptrace /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/signal /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/mount /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/namespaces /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/network /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/module/apparmor/parameters/enabled /usr/bin/dbus-daemon N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /snap/bin/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/caps /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/domain /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/rlimit /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/policy /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/query /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size /snap/snapd/21759/usr/lib/snapd/snap-seccomp N/A
File opened for reading /sys/kernel/security/apparmor/features /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/file /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/ipc /snap/snapd/current/usr/bin/snap N/A
File opened for reading /sys/kernel/security/apparmor/features/network_v8 /snap/snapd/current/usr/bin/snap N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/2494/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/2578/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/mounts /snap/bin/firefox N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/sys/kernel/random/uuid /snap/snapd/current/usr/bin/snap N/A
File opened for reading /proc/self/fd /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/fd /usr/bin/dbus-launch N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/cgroups /snap/snapd/current/usr/bin/snap N/A
File opened for reading /proc/2494/attr/apparmor/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/cmdline /snap/bin/firefox N/A
File opened for reading /proc/self/mountinfo /snap/snapd/current/usr/bin/snap N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/2510/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/gsettings N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/seccomp/actions_avail /snap/snapd/current/usr/bin/snap N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/2566/cgroup /snap/snapd/current/usr/bin/snap N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/2568/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/dbus-daemon N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/2489/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A

Processes

/usr/bin/xdg-open

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep -l x-scheme-handler/https; /.local/share/applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/https; /usr/local/share//applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/https; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]

/usr/bin/grep

[grep -q %s]

/usr/bin/x-www-browser

[x-www-browser https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/xdg-settings

[xdg-settings get default-web-browser]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/grep

[grep -l x-scheme-handler/http; /.local/share/applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/local/share//applications/*.desktop]

/usr/bin/grep

[grep -l x-scheme-handler/http; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]

/usr/bin/gsettings

[gsettings get org.gnome.shell favorite-apps]

/usr/bin/grep

[grep -q 'firefox.desktop']

/usr/bin/gsettings

[gsettings get com.canonical.Unity.Launcher favorites]

/usr/bin/grep

[grep -q 'application://firefox.desktop']

/usr/bin/gsettings

[gsettings get org.mate.panel object-id-list]

/usr/bin/which

[which qdbus]

/snap/bin/firefox

[/snap/bin/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/snap/snapd/current/usr/bin/snap

[/snap/bin/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/snap/snapd/21759/usr/lib/snapd/snap-seccomp

[/snap/snapd/21759/usr/lib/snapd/snap-seccomp version-info]

/snap/snapd/21759/usr/lib/snapd/snap-confine

[/snap/snapd/21759/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 1.1.1.1:53 r10.o.lencr.org udp
US 1.1.1.1:53 r10.o.lencr.org udp
GB 92.123.143.219:80 r10.o.lencr.org tcp
GB 92.123.143.219:80 r10.o.lencr.org tcp
GB 92.123.143.219:80 r10.o.lencr.org tcp
US 1.1.1.1:53 webminer.pages.dev udp
US 1.1.1.1:53 webminer.pages.dev udp
US 172.66.44.158:443 webminer.pages.dev tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
GB 143.204.72.186:443 www.mozilla.org tcp
US 172.66.44.158:443 webminer.pages.dev tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 172.66.44.158:443 webminer.pages.dev udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 r11.o.lencr.org udp
US 1.1.1.1:53 r11.o.lencr.org udp
GB 104.86.111.144:80 r11.o.lencr.org tcp
US 1.1.1.1:53 o.pki.goog udp
US 1.1.1.1:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 1.1.1.1:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 1.1.1.1:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 tiles-cdn.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
US 34.36.165.17:443 tiles-cdn.prod.ads.prod.webservices.mozgcp.net tcp
GB 104.86.111.144:80 r11.o.lencr.org tcp
GB 104.86.111.144:80 r11.o.lencr.org tcp
US 1.1.1.1:53 img-getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 img-getpocket.cdn.mozilla.net udp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
US 34.120.237.76:443 img-getpocket.cdn.mozilla.net tcp
GB 92.123.143.219:80 r10.o.lencr.org tcp
US 1.1.1.1:53 firefox-api-proxy.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 1.1.1.1:53 normandy-cdn.services.mozilla.com udp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 smiling-tilda-mono.koyeb.app udp
US 1.1.1.1:53 smiling-tilda-mono.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 www.amazon.co.uk udp
US 1.1.1.1:53 www.amazon.co.uk udp
US 1.1.1.1:53 uk.hotels.com udp
US 1.1.1.1:53 uk.hotels.com udp
US 1.1.1.1:53 www.vodafone.co.uk udp
US 1.1.1.1:53 www.vodafone.co.uk udp
US 1.1.1.1:53 www-live.waf.digital-prod.vodafoneaws.co.uk udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.facebook.com udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 www.reddit.com udp
US 1.1.1.1:53 www.bbc.co.uk udp
US 1.1.1.1:53 www.bbc.co.uk udp
US 1.1.1.1:53 www.ebay.co.uk udp
US 1.1.1.1:53 www.ebay.co.uk udp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 getpocket.com udp
US 1.1.1.1:53 getpocket.com udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 1.1.1.1:53 www.themarginalian.org udp
US 1.1.1.1:53 www.themarginalian.org udp
US 1.1.1.1:53 www.bustle.com udp
US 1.1.1.1:53 www.bustle.com udp
US 1.1.1.1:53 forms.bootshearingcare.com udp
US 1.1.1.1:53 forms.bootshearingcare.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.ebay.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.bbc.co.uk udp
US 8.8.8.8:53 www.reddit.com udp
US 8.8.8.8:53 www.nytimes.com udp
US 8.8.8.8:53 www.nytimes.com udp
US 8.8.8.8:53 inews.co.uk udp
US 8.8.8.8:53 inews.co.uk udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 bbc.map.fastly.net udp
US 8.8.8.8:53 e11847.a.akamaiedge.net udp
US 8.8.8.8:53 nytimes.map.fastly.net udp
US 8.8.8.8:53 www.thecut.com udp
US 8.8.8.8:53 www.thecut.com udp
US 8.8.8.8:53 vmtls-np.map.fastly.net udp
US 8.8.8.8:53 play.forgeofempires.com udp
US 8.8.8.8:53 play.forgeofempires.com udp
US 8.8.8.8:53 www.hellofresh.co.uk udp
US 8.8.8.8:53 www.hellofresh.co.uk udp
US 8.8.8.8:53 hbr.org udp
US 8.8.8.8:53 hbr.org udp
US 8.8.8.8:53 www.theparisreview.org udp
US 8.8.8.8:53 www.theparisreview.org udp
US 8.8.8.8:53 www.makeuseof.com udp
US 8.8.8.8:53 www.makeuseof.com udp
US 104.22.78.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 8.8.8.8:53 www.nature.com udp
US 8.8.8.8:53 www.nature.com udp
US 8.8.8.8:53 firefoxsponsoredcontent.ampxdirect.com udp
US 8.8.8.8:53 firefoxsponsoredcontent.ampxdirect.com udp
US 8.8.8.8:53 springer2.map.fastly.net udp
US 8.8.8.8:53 adlanding.admarketplace.net.akadns.net udp
US 8.8.8.8:53 metro.co.uk udp
US 8.8.8.8:53 metro.co.uk udp
US 8.8.8.8:53 www.context.news udp
US 8.8.8.8:53 www.context.news udp
US 8.8.8.8:53 a202215-cont-front-prod-ecs-2009667710.us-east-1.elb.amazonaws.com udp
US 1.1.1.1:53 www.makeuseof.com udp
US 1.1.1.1:53 www.theparisreview.org udp
US 1.1.1.1:53 www.theparisreview.org udp
US 1.1.1.1:53 www.makeuseof.com udp
US 1.1.1.1:53 makeuseof.com udp
US 1.1.1.1:53 news.sky.com udp
US 1.1.1.1:53 news.sky.com udp
US 1.1.1.1:53 www.theguardian.com udp
US 1.1.1.1:53 www.theguardian.com udp
US 1.1.1.1:53 e10653.e12.akamaiedge.net udp
US 1.1.1.1:53 bigthink.com udp
US 1.1.1.1:53 bigthink.com udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 15:00

Platform

ubuntu2004-amd64-20240611-en

Max time kernel

1798s

Max time network

1678s

Command Line

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-firefox N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself glxtest:disk$0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself Softwar~cThread N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself CanvasRenderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself Compositor N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorkerLP#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself WRWorker#0 N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself Renderer N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself ImageIO N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself Permission N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself gdbus N/A N/A
Changes the process name, possibly in an attempt to hide itself pool-/usr/libex N/A N/A
Changes the process name, possibly in an attempt to hide itself gmain N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/lib/firefox/firefox N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online /usr/bin/nautilus N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/class /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/usb/devices /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/class /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent /usr/libexec/gvfs-gphoto2-volume-monitor N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource /usr/lib/firefox/glxtest N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent /usr/lib/firefox/glxtest N/A
File opened for reading /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent /usr/libexec/gvfs-mtp-volume-monitor N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/fd/118 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/113 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/116 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/3057/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1750/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/3056/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/1408/attr/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/2285/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-afc-volume-monitor N/A
File opened for reading /proc/filesystems /usr/lib/firefox/glxtest N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/108 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1726/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/libexec/gvfs-udisks2-volume-monitor N/A
File opened for reading /proc/2290/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/1570/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/1620/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/58 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1403/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1714/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/1629/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/gvfs-mtp-volume-monitor N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1625/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/2295/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/2299/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/1490/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/filesystems /usr/libexec/goa-daemon N/A
File opened for reading /proc/meminfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/3029/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/nautilus N/A
File opened for reading /proc/self/fd/82 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/3058/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/30 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/gvfsd-trash N/A
File opened for reading /proc/self/fd/112 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/goa-identity-service N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/1580/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/83 /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/gnome-keyring-daemon N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A
File opened for modification /tmp/tmpaddon /usr/lib/firefox/firefox N/A
File opened for modification /tmp/tmpaddon-1 /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/lib/firefox/glxtest

[/usr/lib/firefox/glxtest -f 13]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234760 -appDir /usr/lib/firefox/browser {b297cf70-b962-4747-8ec6-5476c378e91c} 1490 true socket]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/libexec/gvfsd

[/usr/libexec/gvfsd]

/usr/libexec/gvfsd-fuse

[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]

/usr/libexec/dconf-service

[/usr/libexec/dconf-service]

/usr/bin/nautilus

[/usr/bin/nautilus --gapplication-service]

/usr/libexec/gvfsd-trash

[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20227 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {fc0dbf17-91d5-4fc9-8e05-5b495319e651} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26935 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {9603294d-59a8-46cc-8bea-22ef8501bb24} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 27546 -prefMapSize 234760 -appDir /usr/lib/firefox/browser {8889b9f5-e62d-435b-ae21-c5671596bb56} 1490 true utility]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25690 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {93c2d2d2-9779-47eb-88bd-10a2b4a8bec6} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 25690 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {6e8797f9-f943-4f56-a9be-c3d9c66416cb} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 25690 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {e8dc42ff-473f-46bd-b29f-4e7df2fafa1a} 1490 true tab]

/usr/bin/gnome-keyring-daemon

[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]

/usr/libexec/gvfs-udisks2-volume-monitor

[/usr/libexec/gvfs-udisks2-volume-monitor]

/usr/libexec/gvfs-afc-volume-monitor

[/usr/libexec/gvfs-afc-volume-monitor]

/usr/libexec/gvfs-mtp-volume-monitor

[/usr/libexec/gvfs-mtp-volume-monitor]

/usr/libexec/gvfs-gphoto2-volume-monitor

[/usr/libexec/gvfs-gphoto2-volume-monitor]

/usr/libexec/gvfs-goa-volume-monitor

[/usr/libexec/gvfs-goa-volume-monitor]

/usr/libexec/goa-daemon

[/usr/libexec/goa-daemon]

/usr/libexec/goa-identity-service

[/usr/libexec/goa-identity-service]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 29251 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {8cfe3d4b-3aff-4b03-a517-a959885615c5} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 29251 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {563f0018-c4bf-4340-97a0-b1da0444a6f8} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 9 -isForBrowser -prefsLen 29251 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {0ec5c955-9a99-4e1e-be3d-12ce7cec0055} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 8 -isForBrowser -prefsLen 29251 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {96c40431-d3a8-46b9-90b2-cadd94a5ab63} 1490 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 10 -isForBrowser -prefsLen 29251 -prefMapSize 234760 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {c64016d5-e7ad-410a-92d1-f05def5f77a8} 1490 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 webminer.pages.dev udp
US 1.1.1.1:53 webminer.pages.dev udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 172.66.44.158:443 webminer.pages.dev tcp
US 1.1.1.1:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 172.66.44.158:443 webminer.pages.dev udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 a19.dscg10.akamai.net udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.48:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 1.1.1.1:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 webminer.pages.dev udp
US 1.1.1.1:53 webminer.pages.dev udp
US 172.66.47.98:443 webminer.pages.dev tcp
US 1.1.1.1:53 smiling-tilda-mono.koyeb.app udp
US 1.1.1.1:53 prod-glb.koyeb.app.cdn.cloudflare.net udp
US 172.67.24.44:443 smiling-tilda-mono.koyeb.app tcp
US 172.67.24.44:443 smiling-tilda-mono.koyeb.app tcp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.96:80 connectivity-check.ubuntu.com tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.96:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.17:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.49:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.48:80 connectivity-check.ubuntu.com tcp

Files

/tmp/tmpaddon

MD5 30082ae40dc48af6343db2fd22cfc645
SHA1 3eb577555ee638e8beb01173e8f29e172747a728
SHA256 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76
SHA512 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c

Analysis: behavioral16

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 15:01

Platform

ubuntu2204-amd64-20240611-en

Max time kernel

0s

Max time network

900s

Command Line

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/module/apparmor/parameters/enabled /usr/bin/dbus-daemon N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1599/status /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/1599/attr/apparmor/current /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/sys/kernel/cap_last_cap /usr/bin/dbus-daemon N/A
File opened for reading /proc/1594/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A
File opened for reading /proc/self/maps /usr/bin/grep N/A
File opened for reading /proc/1615/cmdline /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/bin/sed N/A

Processes

/usr/bin/xdg-open

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/grep

[grep -q ^file://]

/usr/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]

/usr/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/usr/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/usr/bin/grep

[grep -q ^Enlightenment]

/usr/bin/uname

[uname]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/head

[head -n 1]

/usr/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/sed

[sed s/:/ /g]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

/root/.dbus/session-bus/f2de92a803c744e586bd87567a26b68a-0

MD5 56f17cc958b0752f4e0476c768bc7937
SHA1 efb1256767dae0a28d181ddc76543b9c01a9b980
SHA256 56a28df38989b8edfe7e1d4a0d8989555eb94e036cb084e42165637e36653968
SHA512 6ac1b547dc3a20f11403fa898c7361d55a9b73213765acd082451665a8d8c91af356712d4c176cee7b04f4739152853d87a4c6a4e7973c359f4ef5ac88d90855

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

macos-20240711.1-en

Max time kernel

347s

Max time network

1798s

Command Line

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000"]

Signatures

Resource Forking

evasion
Description Indicator Process Target
N/A /System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer N/A N/A
N/A "/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater" -bgcheck N/A N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000"]

/usr/bin/sudo

[sudo /bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd

[/System/Library/PrivateFrameworks/SpeechObjects.framework/Versions/A/SpeechDataInstallerd.app/Contents/MacOS/SpeechDataInstallerd]

/usr/libexec/pkreporter

[/usr/libexec/pkreporter]

/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer

[/System/Library/CoreServices/loginwindow.app/Contents/Resources/LWWeeklyMessageTracer]

/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged

[/System/Library/CoreServices/Applications/Feedback Assistant.app/Contents/Library/LaunchServices/seedusaged]

/bin/zsh

[/bin/zsh -c /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --simulate-outdated-no-au='Tue, 31 Dec 2099' --new-window https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater

[/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

/usr/libexec/xpcproxy

[xpcproxy com.apple.newsyslog]

/usr/sbin/newsyslog

[/usr/sbin/newsyslog]

/usr/libexec/xpcproxy

[xpcproxy com.apple.spindump]

/usr/sbin/spindump

[/usr/sbin/spindump]

/usr/libexec/xpcproxy

[xpcproxy com.apple.diagnosticd]

/usr/libexec/diagnosticd

[/usr/libexec/diagnosticd]

Network

Country Destination Domain Proto
US 8.8.8.8:53 46-courier.push.apple.com udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 cds.apple.com udp
GB 23.214.156.72:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
GB 184.26.189.174:443 help.apple.com tcp
GB 184.26.189.174:443 help.apple.com tcp
US 8.8.8.8:53 16-courier.push.apple.com udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21-courier.push.apple.com udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5-courier.push.apple.com udp
US 8.8.8.8:53 33-courier.push.apple.com udp
US 8.8.8.8:53 10-courier.push.apple.com udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 39-courier.push.apple.com udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41-courier.push.apple.com udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28-courier.push.apple.com udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 8-courier.push.apple.com udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34-courier.push.apple.com udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 lb._dns-sd._udp.0.0.127.10.in-addr.arpa udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18-courier.push.apple.com udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50-courier.push.apple.com udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25-courier.push.apple.com udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 36.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 37.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 34.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45-courier.push.apple.com udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 24.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 35.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14-courier.push.apple.com udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 45.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 11.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 46.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 10.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 19-courier.push.apple.com udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 42.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 22-courier.push.apple.com udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 gb-courier-4.push-apple.com.akadns.net udp
US 8.8.8.8:53 38.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 18.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 21.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 29.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 48.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 5.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 1.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 30.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 27.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 12.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 13.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 20.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 32.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 31.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 23.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 15.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 40.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 50.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 7.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 49.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 14.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 16.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 47.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 8.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 44.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 39.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 3.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 9.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 33.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 25.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 28.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 26.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 0.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 4.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 41.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 6.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 43.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 17.courier-push-apple.com.akadns.net udp
US 8.8.8.8:53 2.courier-push-apple.com.akadns.net udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:29

Platform

debian12-armhf-20240221-en

Max time network

9s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:30

Platform

debian9-armhf-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

win10v2004-20240802-en

Max time kernel

1352s

Max time network

1145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2524 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 3208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 560 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2524 wrote to memory of 4244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3f7f46f8,0x7ffa3f7f4708,0x7ffa3f7f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1631024260339849964,2980111238765737719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3208 -s 744

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 webminer.pages.dev udp
US 188.114.97.0:443 webminer.pages.dev tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 retired-jorey-malphite-node.koyeb.app udp
US 104.22.79.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 190.79.22.104.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
GB 2.16.170.58:80 apps.identrust.com tcp
US 104.22.79.190:443 retired-jorey-malphite-node.koyeb.app tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 58.170.16.2.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 24.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0446fcdd21b016db1f468971fb82a488
SHA1 726b91562bb75f80981f381e3c69d7d832c87c9d
SHA256 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA512 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9b008261dda31857d68792b46af6dd6d
SHA1 e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA256 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA512 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 25680e89f289dcf4d21f1f70dda76ef2
SHA1 8b6bf81c407a0f44b9610a2bbff395ed67a65c40
SHA256 c87c4e9ae975412b20aa3b52f5b844a40e4a863f45012f01ff250418e64c050c
SHA512 cca4b0dc71cdfda6fb989cd1f96b1b0bfbaf987bc6d391532a905030e4042ff639b5dfde077935b0adcbf227ea62133ed7a575b19c4fc67aae1f54f015d16b8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 464d94d3384bb9d85031ece3622b4ccd
SHA1 84312c290ed655902661fe8fb90ab9842edd219c
SHA256 7138cd67c42f9ac54f623b09e1fcbf3f4b688ef6c64e64282fe66d4cdccd13dd
SHA512 22cd7272b85f30aa645c6c6cf4f57be0074a3303f64fff9638c132d33b49605e085f50bea99329ac32f2a3502b57494a5c8d1cafde92a61bc26a615f88a88d49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ad5dd2443166adba3eb8c857709ebe86
SHA1 859285d0b6a5af726c724545d367ae18dc8c17bc
SHA256 758b64abf30b49189fbfe8db9e23a8b5489715cfdffe922c46a384453d26bd65
SHA512 a9f0ad2ceeefe96419344ca8a258171eb115186e0ebf19dd36ce816d281aa673c3fc42be87005482d789914d265d32d4d77313c1a0f333a6169574329d0cee9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 15d8f845da6a5f7ad2fcd7d8e94075e1
SHA1 0fe330cb7049c18c1c1ae6a745b84e324e611467
SHA256 462cff28e553b7742b21d6271831508b291b94ef0b46f3b08389099fd8c73abd
SHA512 109b5eaa7d0ac5cf75fc52753acd2f1fcf3d3746012bd3ad1a61348f99678608061b8c62318df515ee70e0632ae3ffbf00a75ea2abd4852f867b1fe8120e4697

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:59

Platform

win11-20240802-en

Max time kernel

1680s

Max time network

1686s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

Signatures

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2368 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 3172 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1968 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 4856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2368 wrote to memory of 1940 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9d2c3cb8,0x7ffe9d2c3cc8,0x7ffe9d2c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,4392236918594197548,3166637875152287971,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5264 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 webminer.pages.dev udp
US 172.66.47.98:443 webminer.pages.dev tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
GB 2.16.170.112:80 apps.identrust.com tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
N/A 224.0.0.251:5353 udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 52.111.227.13:443 tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c4a10f6df4922438ca68ada540730100
SHA1 4c7bfbe3e2358a28bf5b024c4be485fa6773629e
SHA256 f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02
SHA512 b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

\??\pipe\LOCAL\crashpad_2368_WBXPADGQHZSKKVVS

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4c3889d3f0d2246f800c495aec7c3f7c
SHA1 dd38e6bf74617bfcf9d6cceff2f746a094114220
SHA256 0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4
SHA512 2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aabfa7241ea2bc12625daf1f3dbfcde9
SHA1 90f1e90dbd1c3d14b6f8e73647da602a1d009cd5
SHA256 aab4c5a27f3e7e0340535407c9271d923553f556ed0b92b5cff34ac02d87c002
SHA512 ff5274149ae3787df71d7971cd7d7a9e7bf20c21d7fe6fb7c6278ef9be524e332d5bbf9c12d0251b4554a875889086f3bf0d76430c952a920bf7c325aec4e021

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 613bb387e691d98f75ef172962805334
SHA1 e686f5bab16c52edb591a510884751f177a14bf8
SHA256 591d24d3fd093941d6a3cadeb7c208949b6553d7f439c85de10325b14442b553
SHA512 d96ac1c686ee20904a56a7af88c055ab17aa7abf60130b934c39a0b4fc0b575567be562e6c3ca598ee96bd6e716fe3350368a52f1bb2fb2735588557c6772dfc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d492875ff7c1081232fc04c6adb4002
SHA1 c165773fda14055193304a210a21812d4147e672
SHA256 34856f0cb61bd3e99439abd75f63fb6e05fdff0171529d722dba18ef45e0dc94
SHA512 49b4b5bd60e1df3b749ada8998e6cb1f58eeae969f2e66ddfc415aebfcc627eea0aa69621b9b994fe281f5e8c749186eade69f9c8de535ccb1fa72e7d33c5b7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bcef366a47a11e1f4cf5fafaac070502
SHA1 0ba604c5f6bae9fedece5b10d5900302be84f1f2
SHA256 9c279da4bb0ae71a31862e8b5b97b75a14aa05aa1386e6fdf6965ef591b26364
SHA512 8758c56f0c2400e6b2a6acdd028d8bcceee00531cd95e66733b36230f96d0a8d315501a37b564f182b5a97a1a191f4c4397ef207d28dc9c88b8e98de62dfd3d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 804e67768d36a07d57bb16a489497781
SHA1 62bddab544b154a67369c15d71cd4cd19b3909e5
SHA256 947abf989e5317532d84bd1589d95ddc4f3d8610c3c89c2f8240f922b6889cb5
SHA512 025578b0dae6d97cd818285edac9a08b5085e6f857e776ec4817ad225ea926b3134fc7f72dd0ed65c037d868c751747fa5358e5dc0a0e7e6e1e1e4fc85176d6b

Analysis: behavioral13

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 14:30

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-08-29 14:14

Reported

2024-08-29 15:00

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

0s

Max time network

1679s

Command Line

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

Signatures

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device /usr/lib/firefox/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1622/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1609/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/fd /usr/bin/dbus-send N/A
File opened for reading /proc/self/task/1596/stat /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/grep

[grep -q ^file://]

/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/bin/sed

[sed s/:/ /g]

/bin/sed

[sed -e s|-|/|]

/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/bin/grep

[grep -q %s]

/usr/bin/x-www-browser

[x-www-browser https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/which

[which /usr/bin/x-www-browser]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/bin/grep

[grep -q %s]

/usr/bin/firefox

[firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://webminer.pages.dev?algorithm=yespowerurx&host=yespowerURX.sea.mine.zpool.ca&port=6236&worker=DSvLZDmch7n5X3RwfgXs6pncT2BEToPQxv&password=c%3DDOGE%2Czap%3DURX&workers=1000]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

/bin/grep

[grep -q %s]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 1.1.1.1:53 archive.mozilla.org udp
US 1.1.1.1:53 archive.mozilla.org udp
US 34.117.35.28:443 archive.mozilla.org tcp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 34.117.35.28:443 archive.mozilla.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 ctxt.io udp
US 1.1.1.1:53 ctxt.io udp
US 216.239.34.21:80 ctxt.io tcp
US 216.239.38.21:443 ctxt.io tcp
US 1.1.1.1:53 www.quora.com udp
US 1.1.1.1:53 www.quora.com udp
US 1.1.1.1:53 www.quora.com.cdn.cloudflare.net udp
US 162.159.153.247:443 www.quora.com tcp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 142.250.187.196:443 www.google.com udp
US 1.1.1.1:53 www.google.co.uk udp
US 1.1.1.1:53 www.google.co.uk udp
GB 216.58.201.99:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 216.58.201.99:443 www.google.co.uk udp
US 162.159.153.247:443 www.quora.com udp
US 1.1.1.1:53 webminer.pages.dev udp
US 1.1.1.1:53 webminer.pages.dev udp
US 172.66.44.158:443 webminer.pages.dev tcp
US 172.66.44.158:443 webminer.pages.dev udp
US 1.1.1.1:53 smiling-tilda-mono.koyeb.app udp
US 1.1.1.1:53 smiling-tilda-mono.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 1.1.1.1:53 retired-jorey-malphite-node.koyeb.app udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app udp
US 216.239.38.21:443 ctxt.io tcp
US 162.159.153.247:443 www.quora.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 216.58.201.99:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.google-analytics.com udp
GB 216.58.201.99:443 www.google.co.uk udp
US 1.1.1.1:53 www.youtube.com udp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
GB 142.250.200.46:443 www.youtube.com udp
US 1.1.1.1:53 i.ytimg.com udp
US 1.1.1.1:53 i.ytimg.com udp
GB 142.250.179.246:443 i.ytimg.com tcp
GB 142.250.179.246:443 i.ytimg.com udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 64.233.184.84:443 accounts.google.com tcp
BE 64.233.184.84:443 accounts.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 play.google.com udp
US 1.1.1.1:53 play.google.com udp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com tcp
GB 216.58.212.238:443 play.google.com udp
US 91.189.91.96:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
US 1.1.1.1:53 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com tcp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
GB 142.250.179.234:443 jnn-pa.googleapis.com udp
US 1.1.1.1:53 youtube.com udp
US 1.1.1.1:53 youtube.com udp
GB 172.217.169.46:443 youtube.com tcp
GB 172.217.169.46:443 youtube.com udp
US 1.1.1.1:53 ctxt.io udp
US 1.1.1.1:53 ctxt.io udp
US 1.1.1.1:53 googleads.g.doubleclick.net udp
GB 142.250.200.2:443 googleads.g.doubleclick.net udp
US 1.1.1.1:53 region1.google-analytics.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 www.google.co.uk udp
GB 216.58.201.99:443 www.google.co.uk udp
US 162.159.153.247:443 www.quora.com udp
US 172.66.47.98:443 webminer.pages.dev tcp
US 172.66.47.98:443 webminer.pages.dev udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app udp
US 172.67.24.44:443 retired-jorey-malphite-node.koyeb.app tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.49:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.49:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
GB 185.125.190.97:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.96:80 connectivity-check.ubuntu.com tcp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 1.1.1.1:53 connectivity-check.ubuntu.com udp
US 91.189.91.97:80 connectivity-check.ubuntu.com tcp

Files

N/A