Analysis Overview
Threat Level: Shows suspicious behavior
The file https://discord.gg/BqAvxWhc was found to be: Shows suspicious behavior.
Malicious Activity Summary
Changes its process name
Reads user data of web browsers
Checks CPU configuration
Reads CPU attributes
Reads runtime system information
Writes file to tmp directory
Enumerates kernel/hardware configuration
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-07 17:24
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-07 17:24
Reported
2024-04-07 17:28
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-07 17:24
Reported
2024-04-07 17:37
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
9s
Max time network
13s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1646 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1646 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/pkcs11.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/times.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/AlternateServices.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/ClientAuthRememberList.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/permissions.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/key4.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/SiteSecurityServiceState.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionCheckpoints.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/key4.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/handlers.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/shield-preference-experiments.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/xulstore.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/addons.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/previous.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/key4.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.bak | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cert9.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cert_override.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/recovery.baklz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/search.json.mozlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/goxtdmy2.default-release/sessionstore-backups/previous.js | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/33 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/1543/cmdline | N/A | N/A |
| File opened for reading | /proc/self/task/1611/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/74 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/51 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1670/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd | N/A |
| File opened for reading | /proc/self/fd/76 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1689/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/78 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1751/smaps | N/A | N/A |
| File opened for reading | /proc/self/fd/37 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1729/statm | N/A | N/A |
| File opened for reading | /proc/1751/statm | N/A | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1758/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/6 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1527/attr/current | N/A | N/A |
| File opened for reading | /proc/1522/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1685/cmdline | N/A | N/A |
| File opened for reading | /proc/self/task/1782/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1609/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1527/status | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1665/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/42 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/93 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/task/1735/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1729/smaps | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/1674/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/1694/cmdline | N/A | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://discord.gg/BqAvxWhc]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://discord.gg/BqAvxWhc]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://discord.gg/BqAvxWhc]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {9f9a5145-549d-4476-971a-46870218c02b} 1609 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {45d29e57-c060-4dfd-80dc-c8489cb76981} 1609 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {c252920d-22f5-4390-963b-70d172541f1b} 1609 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {1f5e2498-3912-4f31-a288-193d34d38036} 1609 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.194.49:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.130.49:443 | cdn.fwupd.org | tcp |
| GB | 195.181.164.14:443 | tcp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 185.125.188.62:443 | tcp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 18.245.162.100:443 | services.addons.mozilla.org | tcp |
| GB | 18.245.162.100:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.24.13.216:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.8:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
Files
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | 55361600ba9eb9dc70d0a8eaeca58bb5 |
| SHA1 | d45f4be36182a5075de0b1e18a80c1c2d6d3e7e9 |
| SHA256 | c93272b2732b86e1e8ede44384abd50ff0d7cbfd54fdb32ff8ebd93273c26b0d |
| SHA512 | dda86ed0fee8b17269cb47531d5bb1e3e181d9b931852c868466ce434efb3748f3319012f50a8793789b14a33c207f2221624a4c4e65915f58dfe86076f537c3 |
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | 8088247f353990b1f6036f433b36e949 |
| SHA1 | 9d7b56b5b9e1358bbbea1a9a703781e0d21b233d |
| SHA256 | 4a20bcd0e074ddbaf35f598de042ba4d684125d5c687d08f014032bfe2907e83 |
| SHA512 | c061dbb6c2ce9df9af633d5610f339a52d01dba4fa80fb50076e65c726d17a4fca28a72e722da7fcdd703ce00c380b01328d3c6cc6b12f7b5f986c8c5e245235 |
/root/.mozilla/firefox/goxtdmy2.default-release/times.json
| MD5 | 594fcdfb8e62aefc8d7026340a6d9cca |
| SHA1 | 7ca1ac6c2d35ca0fb790506ca5fd069275205d4a |
| SHA256 | cd8099f74ae1bd288bcff55c61d91bc26a5a8e6d9ea41a3abe9a35f1d7ca8ade |
| SHA512 | 34854d8ee6ae5ee7c073ca17e9b0b1a288b901d25352f34b3025846de9058cb82dd4feaff2fe9ef7048268a8add59003d4290bb34810164b0bcb783c2d701b2c |
/root/.mozilla/firefox/urpq5pv5.default/times.json
| MD5 | 1f2d19150f41f945862765621608ca18 |
| SHA1 | 82cf559ff94644193966281f00338f8c1b80d202 |
| SHA256 | d807150264d5872d5c33c475e3fbb06196c30659a5026988641955f17e84b992 |
| SHA512 | e3f19f29e260195cb9cb8e4385c09d129846644f0fb6d1d4084f6486c6f0a63b03e6bf10ee956ca406ae983958a7067bd66baae5243aa8bfab611d97400dc3f3 |
/root/.mozilla/firefox/installs.ini
| MD5 | 950b9352ea98886a6102046d0c3bf0f8 |
| SHA1 | f14c4734bbe6834b3f009b54323d49081c901f04 |
| SHA256 | 7bdbadc33b77cb8188baff7f2668d83bb300556715953738622cc0f7da9db027 |
| SHA512 | ae91bca3e671e3c7b335aa9587015b31426f7d475218cbfbdbcdb0b339f29268898350b31710640fd4d1816c6d0f00a27ddb1874ef00dfcdd05acbf9b4b76722 |
/root/.mozilla/firefox/profiles.ini
| MD5 | f59b5b185bda66e84231e46f3e07a3ca |
| SHA1 | 8fa922708ea923c866f98a293cc461d614d9877f |
| SHA256 | 3189def7b044ac173de7d2518a1fe2fd5befc3e08dc0f11fba7cf6d83e63e2ce |
| SHA512 | 606d2371ae59e681d2de8c682b3163d5fc1479667b065db0333191b123105a897c2179370af7c54ddd49cdeb2894a6f678cb39b814aaad2944dd012cef029d43 |
/root/.mozilla/firefox/goxtdmy2.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/goxtdmy2.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/goxtdmy2.default-release/prefs.js
| MD5 | d72552a42815c2b16386af65b996b9e6 |
| SHA1 | 7a697a6be2735afeef6cb0c034dda8e99e5165ee |
| SHA256 | 4ed6e362d7c4b06d663f263850169b8683bc204489ff11c6964b311c8c970ff3 |
| SHA512 | e5886347730a47d9a6d038794ee92cd218665ae73a934dc1037b234909a09aeb8e5480350cd9f2cf583a16aad3bc2c3b612c71ffe6ffbeecff5db7f6bf13c423 |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | 0e3b67fce4817ae66a12ec5454395756 |
| SHA1 | 12e2427d03f2af112e9297b7945b16bddfc88a0a |
| SHA256 | 9032064a76488d2cc55cb884d683db0907a4e63af2d3f31035378a801b6199c0 |
| SHA512 | c6aa453e3e8fe6e1be11dad7435adee2ca62993076e1d04fe36faeeea68906fcd3bcf90af39c53c6362dc19edca9eb61b3bb51bcd71b8d453cbdfaa30f470025 |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | b778ef5cc5af5ffa9529adff78b18852 |
| SHA1 | 730146146ff5e62fc8ee3e4da4f7bf3e5b64fcb9 |
| SHA256 | 618b9d3344dcd45b016ef7af64e703eee557a165a0ef408ef29bbc4095f9c726 |
| SHA512 | 53f8f094f6db94a29ddf7d12cb26b2f867141865cb744228f6817b0eb2f2aa59cd3ee8b5caf6eb88bdb6786e9017abb19541eea88089fcee8a39bcc0272fd693 |
/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js
| MD5 | 650f51ef71947bcc6afed5926df19680 |
| SHA1 | 9d3b6bfcb94ae48d0e6b19fd41edc2bb2e63f23f |
| SHA256 | a78089cc28a3ac68e464240b849695b09cb75799918f661583f53a7505dc9cbb |
| SHA512 | 57ea0064bb5ce53f9e2d01f4eaec3bd2cfa895374ca87135d1dba2750a3f855501641acdbe80960ca98fb93a5b1854c4f921e3a61bd50b5d04f62c44c557528b |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | f6bcd66193185b5332bd3e8e7f68fb96 |
| SHA1 | a54114520ee2382981c4d2f7c9c8efd3ded871d3 |
| SHA256 | 12e8c9c47c3386025e00c4374b41fbae4173eede584ffe5b73ac284872dc34c2 |
| SHA512 | 21efe4b2831a1cc3366f3b84a59524817fe6c04960b11ff1f8595229dfbaef4a9ab232d602705dd85cec576e30c3f386223b66fe8b95f2d9a4a59ff5a4f2c1d2 |
/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js
| MD5 | 3d01d98de6f0a04dea2cf6e5077d45a8 |
| SHA1 | 50e34ae2d03521921b6f72f3aff463b038f2261e |
| SHA256 | 92bfd09e0df1c6f002215e03ef643a4979e2cc5d95089daad4b4aec5cda21d8b |
| SHA512 | 91cc25d3f8067179657b6bbbf714fa2ea42dba6cc3692a9081d7b187d9b0e45339d57dce5ecbede3581349b7d50affc5ee2c43ca6562da7714934d2f62134f5e |
/root/.cache/dconf/user
| MD5 | c4103f122d27677c9db144cae1394a66 |
| SHA1 | 1489f923c4dca729178b3e3233458550d8dddf29 |
| SHA256 | 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 |
| SHA512 | 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54 |
/root/.mozilla/firefox/goxtdmy2.default-release/permissions.sqlite
| MD5 | 232fbc22dd03a8ec41edde02bdbea61c |
| SHA1 | 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6 |
| SHA256 | d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0 |
| SHA512 | 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892 |
/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js
| MD5 | dca5ba5733ac8b8f0c255869b150de55 |
| SHA1 | 48a3f94e0ba854d5715c917bcdcbb88735ccf2e7 |
| SHA256 | f76fb8e23ba65e03bf8fd814d7877fe5279c25b199146a8b4586bd63e1b30a2f |
| SHA512 | eaf5884449dfccb38cd1d0074868e92aec70799908a389b5e033f88ea9c323b9efb923c1739b3084b2981dc794e88d3c5f28f21e3f10947801d4cdca2f7640d8 |
/root/.mozilla/firefox/goxtdmy2.default-release/times.json
| MD5 | 6c2c799210ba7d7b23ddfd3440613665 |
| SHA1 | 7b8375b34474138ba484eec6005de8b6a794763d |
| SHA256 | d17f060a05d5b8541c92d51fdfb99e7a5d420ab61618d3bb47b75e38fda8243f |
| SHA512 | cfc4ef9737c2335b8dde8ea1a4d19922e6608ee3234d86bb27834a1609f268c99b148fe0b9eade4293bf5568f35d6cb08eeef4ed9fbf4732747eb0f9768ef9b3 |
/root/.mozilla/firefox/goxtdmy2.default-release/cert9.db
| MD5 | 97a7d36b26de4b4bdfb4cfce94fbf73c |
| SHA1 | 78db1eec8e86fdb82fdba9c2903f7152540d3aa1 |
| SHA256 | 6f95f1bdba4b0688a9af6fa580002055bc290c39a4bf1503fc32167ec2160ff9 |
| SHA512 | f7d3fe1bfe764cb24ae4b7163b7134f722bf12751798a44528392e0096a0625e8fe286e27b221f95b8b50fdae0a9ce1a94b460b29dce5cae69a660186a28b8be |
/root/.mozilla/firefox/goxtdmy2.default-release/key4.db
| MD5 | 891f3ad6c231995318cf7f5fce28b76c |
| SHA1 | aa374d87073af495854283a60cc738188eee5f9d |
| SHA256 | 16008aee1632035bb0d97ac81f2ec4a43ed109637354db0009f252512bdc257d |
| SHA512 | b88ef2a8141bcab45170b7b5c6ce4017035ff7c53d133ed3d96e7253b0ef4c459c78a3c3676522136291355ac3c7e0346af157f2686dde5874d8c61830eb44ba |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 759544297aaa61f5fef8ee42d0ae4393 |
| SHA1 | fc2d66f6e60409e3e8d38623ce5f817fc7f571e0 |
| SHA256 | 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5 |
| SHA512 | 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 3fe3fc7be949e332eb1443fde04a489f |
| SHA1 | aa8cd22117b71b5723fb817d59cbc53b3521321e |
| SHA256 | f7d9d560c93f384aa4a374dc0f14ba021e93abe131906207d20965966ca272e1 |
| SHA512 | f9514af0bcb3c484e394beb5d49575108318941e04c3441ef8371bdbf51c416aafe219a12720426c0e0886edb858c62ff0d4f0f96cfcc49be0a3e08d41c1a1da |
/root/.cache/mozilla/firefox/goxtdmy2.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | 08f4744a46d7522efff0bffe75db3939 |
| SHA1 | 852ee7145ef16d193569304bc77475c5597917ea |
| SHA256 | 1bda3565e510eb5b52c0b16801efd2f24c6163a34f5a1a9702b6c2574b7a925e |
| SHA512 | 24720db8667aec36ee27438fc4122795f7353a082286b085fb97f8bae27cdfd6d9eb27e2585a906841a560bef3d7a634f406184869a63cac23db5a1ad838045d |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | dd3f6ba37c670af5953593535e435d04 |
| SHA1 | ecfe4e650a050bce77e8ff7468de04c1b8acc9a4 |
| SHA256 | 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561 |
| SHA512 | 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3 |
/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js
| MD5 | c2e4c3f50a390092f18b7cd7c404d707 |
| SHA1 | 95f0565c86d488df1fcae8a11794422c148489e1 |
| SHA256 | 51ff840c2e879f9d3886bd81321b2f15f3cfe812ff8565540bbedc456b99ce2c |
| SHA512 | 958cb7e036a9180f5676dcc3b1e1cd9422e1229e22c92495d492a6a8fc39fcf3b37f669a9346d4fd64f882a2f24c161450363f2d33c296c44b1c3144b92cd89b |
/root/.mozilla/firefox/goxtdmy2.default-release/prefs-1.js
| MD5 | d6ee6a795e059a80970de65404c969f9 |
| SHA1 | b8b02aa4688dffc9fb6cd7318612bb941e88a4d1 |
| SHA256 | 77ac3f14b61f84e8eef286754d229f0e01bb5564f4ad70e563b4c98f50171295 |
| SHA512 | ffe8c4611b1baa2af7a0e6392d1ac865b6ae8ef1fb7e97b9e99d9ab813569bb6621377d53ebcd0163ad04d648f2aa8240cbf67342f5fb5e7e562fd81f44fc85f |
/root/.mozilla/firefox/goxtdmy2.default-release/cert9.db
| MD5 | 596020eb10af3278bc93d989b0e01754 |
| SHA1 | 2df1ea2ce63a4a117bdb69b84442e8cbf75097ed |
| SHA256 | 9997a7e2a3fbcbcd02a16a0c2e3d2ef47f58ec1ec1b93271ca0cd46d925a48e6 |
| SHA512 | 50e08e20a305adb509f323fe4fa743f831263cac7dc41b281b88f94cd44faf9806a9f4050db80691aedf05a30c5ec8d2f4638a3b9a8fc31a0e2341f91e70c684 |
/root/.mozilla/firefox/goxtdmy2.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 9cb02f829fcf94d46bdc1a5942399a23 |
| SHA1 | 789c540a4a4cd4a009729a63e390902c863dfb7e |
| SHA256 | 210a534ba237dd19d7735859734b5ef330710d2ae7268bcafd6749358a2e6734 |
| SHA512 | dd48592a1b60d22702acd6a273d04a39efa79659a259177da7d68dfeabaf2070aab81dee0f4b401b5dc292deca7a9a7d9636bd35ed01f5b312ac4a43d1313a8b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-07 17:24
Reported
2024-04-07 17:28
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-07 17:24
Reported
2024-04-07 17:28
Platform
debian9-mipsbe-20240226-en