Malware Analysis Report

2024-11-30 02:45

Sample ID 240407-vy6zdahg3x
Target https://discord.gg/BqAvxWhc
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://discord.gg/BqAvxWhc was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

Reads runtime system information

Writes file to tmp directory

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 17:24

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-07 17:24

Reported

2024-04-07 17:28

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 17:24

Reported

2024-04-07 17:37

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

9s

Max time network

13s

Command Line

[xdg-open https://discord.gg/BqAvxWhc]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1646 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1646 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/previous.js N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/33 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/1543/cmdline N/A N/A
File opened for reading /proc/self/task/1611/stat N/A N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/74 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1670/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1689/cmdline N/A N/A
File opened for reading /proc/self/fd/78 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1751/smaps N/A N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1729/statm N/A N/A
File opened for reading /proc/1751/statm N/A N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1758/stat N/A N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1527/attr/current N/A N/A
File opened for reading /proc/1522/cmdline N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1685/cmdline N/A N/A
File opened for reading /proc/self/task/1782/stat N/A N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/1609/cmdline N/A N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1527/status N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1665/cmdline N/A N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/93 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/task/1735/stat N/A N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1729/smaps N/A N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/1674/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/1694/cmdline N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open https://discord.gg/BqAvxWhc]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/grep

[grep -q ^file://]

/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/https]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/sed

[sed s/:/ /g]

/usr/bin/head

[head -n 1]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/bin/sed

[sed s/:/ /g]

/bin/sed

[sed -e s|-|/|]

/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox https://discord.gg/BqAvxWhc]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox https://discord.gg/BqAvxWhc]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {9f9a5145-549d-4476-971a-46870218c02b} 1609 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {45d29e57-c060-4dfd-80dc-c8489cb76981} 1609 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {c252920d-22f5-4390-963b-70d172541f1b} 1609 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {1f5e2498-3912-4f31-a288-193d34d38036} 1609 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.130.49:443 cdn.fwupd.org tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 185.125.188.62:443 tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
GB 18.245.162.100:443 services.addons.mozilla.org tcp
GB 18.245.162.100:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.24.13.216:443 location.services.mozilla.com tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.8:443 1527653184.rsc.cdn77.org tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp

Files

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 55361600ba9eb9dc70d0a8eaeca58bb5
SHA1 d45f4be36182a5075de0b1e18a80c1c2d6d3e7e9
SHA256 c93272b2732b86e1e8ede44384abd50ff0d7cbfd54fdb32ff8ebd93273c26b0d
SHA512 dda86ed0fee8b17269cb47531d5bb1e3e181d9b931852c868466ce434efb3748f3319012f50a8793789b14a33c207f2221624a4c4e65915f58dfe86076f537c3

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 8088247f353990b1f6036f433b36e949
SHA1 9d7b56b5b9e1358bbbea1a9a703781e0d21b233d
SHA256 4a20bcd0e074ddbaf35f598de042ba4d684125d5c687d08f014032bfe2907e83
SHA512 c061dbb6c2ce9df9af633d5610f339a52d01dba4fa80fb50076e65c726d17a4fca28a72e722da7fcdd703ce00c380b01328d3c6cc6b12f7b5f986c8c5e245235

/root/.mozilla/firefox/goxtdmy2.default-release/times.json

MD5 594fcdfb8e62aefc8d7026340a6d9cca
SHA1 7ca1ac6c2d35ca0fb790506ca5fd069275205d4a
SHA256 cd8099f74ae1bd288bcff55c61d91bc26a5a8e6d9ea41a3abe9a35f1d7ca8ade
SHA512 34854d8ee6ae5ee7c073ca17e9b0b1a288b901d25352f34b3025846de9058cb82dd4feaff2fe9ef7048268a8add59003d4290bb34810164b0bcb783c2d701b2c

/root/.mozilla/firefox/urpq5pv5.default/times.json

MD5 1f2d19150f41f945862765621608ca18
SHA1 82cf559ff94644193966281f00338f8c1b80d202
SHA256 d807150264d5872d5c33c475e3fbb06196c30659a5026988641955f17e84b992
SHA512 e3f19f29e260195cb9cb8e4385c09d129846644f0fb6d1d4084f6486c6f0a63b03e6bf10ee956ca406ae983958a7067bd66baae5243aa8bfab611d97400dc3f3

/root/.mozilla/firefox/installs.ini

MD5 950b9352ea98886a6102046d0c3bf0f8
SHA1 f14c4734bbe6834b3f009b54323d49081c901f04
SHA256 7bdbadc33b77cb8188baff7f2668d83bb300556715953738622cc0f7da9db027
SHA512 ae91bca3e671e3c7b335aa9587015b31426f7d475218cbfbdbcdb0b339f29268898350b31710640fd4d1816c6d0f00a27ddb1874ef00dfcdd05acbf9b4b76722

/root/.mozilla/firefox/profiles.ini

MD5 f59b5b185bda66e84231e46f3e07a3ca
SHA1 8fa922708ea923c866f98a293cc461d614d9877f
SHA256 3189def7b044ac173de7d2518a1fe2fd5befc3e08dc0f11fba7cf6d83e63e2ce
SHA512 606d2371ae59e681d2de8c682b3163d5fc1479667b065db0333191b123105a897c2179370af7c54ddd49cdeb2894a6f678cb39b814aaad2944dd012cef029d43

/root/.mozilla/firefox/goxtdmy2.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/goxtdmy2.default-release/prefs.js

MD5 d72552a42815c2b16386af65b996b9e6
SHA1 7a697a6be2735afeef6cb0c034dda8e99e5165ee
SHA256 4ed6e362d7c4b06d663f263850169b8683bc204489ff11c6964b311c8c970ff3
SHA512 e5886347730a47d9a6d038794ee92cd218665ae73a934dc1037b234909a09aeb8e5480350cd9f2cf583a16aad3bc2c3b612c71ffe6ffbeecff5db7f6bf13c423

/root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 0e3b67fce4817ae66a12ec5454395756
SHA1 12e2427d03f2af112e9297b7945b16bddfc88a0a
SHA256 9032064a76488d2cc55cb884d683db0907a4e63af2d3f31035378a801b6199c0
SHA512 c6aa453e3e8fe6e1be11dad7435adee2ca62993076e1d04fe36faeeea68906fcd3bcf90af39c53c6362dc19edca9eb61b3bb51bcd71b8d453cbdfaa30f470025

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 b778ef5cc5af5ffa9529adff78b18852
SHA1 730146146ff5e62fc8ee3e4da4f7bf3e5b64fcb9
SHA256 618b9d3344dcd45b016ef7af64e703eee557a165a0ef408ef29bbc4095f9c726
SHA512 53f8f094f6db94a29ddf7d12cb26b2f867141865cb744228f6817b0eb2f2aa59cd3ee8b5caf6eb88bdb6786e9017abb19541eea88089fcee8a39bcc0272fd693

/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js

MD5 650f51ef71947bcc6afed5926df19680
SHA1 9d3b6bfcb94ae48d0e6b19fd41edc2bb2e63f23f
SHA256 a78089cc28a3ac68e464240b849695b09cb75799918f661583f53a7505dc9cbb
SHA512 57ea0064bb5ce53f9e2d01f4eaec3bd2cfa895374ca87135d1dba2750a3f855501641acdbe80960ca98fb93a5b1854c4f921e3a61bd50b5d04f62c44c557528b

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 f6bcd66193185b5332bd3e8e7f68fb96
SHA1 a54114520ee2382981c4d2f7c9c8efd3ded871d3
SHA256 12e8c9c47c3386025e00c4374b41fbae4173eede584ffe5b73ac284872dc34c2
SHA512 21efe4b2831a1cc3366f3b84a59524817fe6c04960b11ff1f8595229dfbaef4a9ab232d602705dd85cec576e30c3f386223b66fe8b95f2d9a4a59ff5a4f2c1d2

/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js

MD5 3d01d98de6f0a04dea2cf6e5077d45a8
SHA1 50e34ae2d03521921b6f72f3aff463b038f2261e
SHA256 92bfd09e0df1c6f002215e03ef643a4979e2cc5d95089daad4b4aec5cda21d8b
SHA512 91cc25d3f8067179657b6bbbf714fa2ea42dba6cc3692a9081d7b187d9b0e45339d57dce5ecbede3581349b7d50affc5ee2c43ca6562da7714934d2f62134f5e

/root/.cache/dconf/user

MD5 c4103f122d27677c9db144cae1394a66
SHA1 1489f923c4dca729178b3e3233458550d8dddf29
SHA256 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA512 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

/root/.mozilla/firefox/goxtdmy2.default-release/permissions.sqlite

MD5 232fbc22dd03a8ec41edde02bdbea61c
SHA1 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256 d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js

MD5 dca5ba5733ac8b8f0c255869b150de55
SHA1 48a3f94e0ba854d5715c917bcdcbb88735ccf2e7
SHA256 f76fb8e23ba65e03bf8fd814d7877fe5279c25b199146a8b4586bd63e1b30a2f
SHA512 eaf5884449dfccb38cd1d0074868e92aec70799908a389b5e033f88ea9c323b9efb923c1739b3084b2981dc794e88d3c5f28f21e3f10947801d4cdca2f7640d8

/root/.mozilla/firefox/goxtdmy2.default-release/times.json

MD5 6c2c799210ba7d7b23ddfd3440613665
SHA1 7b8375b34474138ba484eec6005de8b6a794763d
SHA256 d17f060a05d5b8541c92d51fdfb99e7a5d420ab61618d3bb47b75e38fda8243f
SHA512 cfc4ef9737c2335b8dde8ea1a4d19922e6608ee3234d86bb27834a1609f268c99b148fe0b9eade4293bf5568f35d6cb08eeef4ed9fbf4732747eb0f9768ef9b3

/root/.mozilla/firefox/goxtdmy2.default-release/cert9.db

MD5 97a7d36b26de4b4bdfb4cfce94fbf73c
SHA1 78db1eec8e86fdb82fdba9c2903f7152540d3aa1
SHA256 6f95f1bdba4b0688a9af6fa580002055bc290c39a4bf1503fc32167ec2160ff9
SHA512 f7d3fe1bfe764cb24ae4b7163b7134f722bf12751798a44528392e0096a0625e8fe286e27b221f95b8b50fdae0a9ce1a94b460b29dce5cae69a660186a28b8be

/root/.mozilla/firefox/goxtdmy2.default-release/key4.db

MD5 891f3ad6c231995318cf7f5fce28b76c
SHA1 aa374d87073af495854283a60cc738188eee5f9d
SHA256 16008aee1632035bb0d97ac81f2ec4a43ed109637354db0009f252512bdc257d
SHA512 b88ef2a8141bcab45170b7b5c6ce4017035ff7c53d133ed3d96e7253b0ef4c459c78a3c3676522136291355ac3c7e0346af157f2686dde5874d8c61830eb44ba

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 3fe3fc7be949e332eb1443fde04a489f
SHA1 aa8cd22117b71b5723fb817d59cbc53b3521321e
SHA256 f7d9d560c93f384aa4a374dc0f14ba021e93abe131906207d20965966ca272e1
SHA512 f9514af0bcb3c484e394beb5d49575108318941e04c3441ef8371bdbf51c416aafe219a12720426c0e0886edb858c62ff0d4f0f96cfcc49be0a3e08d41c1a1da

/root/.cache/mozilla/firefox/goxtdmy2.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 08f4744a46d7522efff0bffe75db3939
SHA1 852ee7145ef16d193569304bc77475c5597917ea
SHA256 1bda3565e510eb5b52c0b16801efd2f24c6163a34f5a1a9702b6c2574b7a925e
SHA512 24720db8667aec36ee27438fc4122795f7353a082286b085fb97f8bae27cdfd6d9eb27e2585a906841a560bef3d7a634f406184869a63cac23db5a1ad838045d

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js

MD5 c2e4c3f50a390092f18b7cd7c404d707
SHA1 95f0565c86d488df1fcae8a11794422c148489e1
SHA256 51ff840c2e879f9d3886bd81321b2f15f3cfe812ff8565540bbedc456b99ce2c
SHA512 958cb7e036a9180f5676dcc3b1e1cd9422e1229e22c92495d492a6a8fc39fcf3b37f669a9346d4fd64f882a2f24c161450363f2d33c296c44b1c3144b92cd89b

/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js

MD5 d6ee6a795e059a80970de65404c969f9
SHA1 b8b02aa4688dffc9fb6cd7318612bb941e88a4d1
SHA256 77ac3f14b61f84e8eef286754d229f0e01bb5564f4ad70e563b4c98f50171295
SHA512 ffe8c4611b1baa2af7a0e6392d1ac865b6ae8ef1fb7e97b9e99d9ab813569bb6621377d53ebcd0163ad04d648f2aa8240cbf67342f5fb5e7e562fd81f44fc85f

/root/.mozilla/firefox/goxtdmy2.default-release/cert9.db

MD5 596020eb10af3278bc93d989b0e01754
SHA1 2df1ea2ce63a4a117bdb69b84442e8cbf75097ed
SHA256 9997a7e2a3fbcbcd02a16a0c2e3d2ef47f58ec1ec1b93271ca0cd46d925a48e6
SHA512 50e08e20a305adb509f323fe4fa743f831263cac7dc41b281b88f94cd44faf9806a9f4050db80691aedf05a30c5ec8d2f4638a3b9a8fc31a0e2341f91e70c684

/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 9cb02f829fcf94d46bdc1a5942399a23
SHA1 789c540a4a4cd4a009729a63e390902c863dfb7e
SHA256 210a534ba237dd19d7735859734b5ef330710d2ae7268bcafd6749358a2e6734
SHA512 dd48592a1b60d22702acd6a273d04a39efa79659a259177da7d68dfeabaf2070aab81dee0f4b401b5dc292deca7a9a7d9636bd35ed01f5b312ac4a43d1313a8b

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 17:24

Reported

2024-04-07 17:28

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-07 17:24

Reported

2024-04-07 17:28

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A