Resubmissions
23-04-2024 10:15
240423-maftaafd86 723-04-2024 10:13
240423-l9k2lsfd75 423-04-2024 09:34
240423-ljtwtsfb98 722-04-2024 04:36
240422-e8rpfafe95 422-04-2024 04:36
240422-e8epwafg7w 422-04-2024 04:35
240422-e71kysfe85 722-04-2024 04:31
240422-e5nhlsfe48 722-04-2024 03:44
240422-eajk6sfa85 422-04-2024 03:43
240422-d94vqafd2z 722-04-2024 03:42
240422-d9vl2sfd2t 4Analysis
-
max time kernel
3s -
max time network
14s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
16-04-2024 06:18
Static task
static1
URLScan task
urlscan1
Malware Config
Signatures
-
Changes its process name 64 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 1606 Process not Found Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 1606 Process not Found Changes the process name, possibly in an attempt to hide itself IPC I/O Parent 1606 Process not Found Changes the process name, possibly in an attempt to hide itself glean.dispatche 1605 Process not Found Changes the process name, possibly in an attempt to hide itself Socket Thread 1609 Process not Found Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 1611 Process not Found Changes the process name, possibly in an attempt to hide itself IPDL Background 1610 Process not Found Changes the process name, possibly in an attempt to hide itself Socket Thread 1609 Process not Found Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 1611 Process not Found Changes the process name, possibly in an attempt to hide itself IPDL Background 1610 Process not Found Changes the process name, possibly in an attempt to hide itself Netlink Monitor 1608 Process not Found Changes the process name, possibly in an attempt to hide itself Netlink Monitor 1608 Process not Found Changes the process name, possibly in an attempt to hide itself HTML5 Parser 1612 Process not Found Changes the process name, possibly in an attempt to hide itself Timer 1607 Process not Found Changes the process name, possibly in an attempt to hide itself HTML5 Parser 1612 Process not Found Changes the process name, possibly in an attempt to hide itself Timer 1607 Process not Found Changes the process name, possibly in an attempt to hide itself JS Watchdog 1614 Process not Found Changes the process name, possibly in an attempt to hide itself JS Watchdog 1614 Process not Found Changes the process name, possibly in an attempt to hide itself BGReadURLs 1616 Process not Found Changes the process name, possibly in an attempt to hide itself BGReadURLs 1616 Process not Found Changes the process name, possibly in an attempt to hide itself Cache2 I/O 1617 Process not Found Changes the process name, possibly in an attempt to hide itself Cookie 1618 Process not Found Changes the process name, possibly in an attempt to hide itself Cookie 1618 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #1 1619 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #1 1619 Process not Found Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 1621 Process not Found Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 1620 Process not Found Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 1622 Process not Found Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 1622 Process not Found Changes the process name, possibly in an attempt to hide itself QuotaManager IO 1623 Process not Found Changes the process name, possibly in an attempt to hide itself QuotaManager IO 1623 Process not Found Changes the process name, possibly in an attempt to hide itself IndexedDB #1 1624 Process not Found Changes the process name, possibly in an attempt to hide itself IndexedDB #1 1624 Process not Found Changes the process name, possibly in an attempt to hide itself IPC Launch 1627 Process not Found Changes the process name, possibly in an attempt to hide itself IPC Launch 1627 Process not Found Changes the process name, possibly in an attempt to hide itself SandboxReporter 1626 Process not Found Changes the process name, possibly in an attempt to hide itself SandboxReporter 1626 Process not Found Changes the process name, possibly in an attempt to hide itself Breakpad Server 1625 Process not Found Changes the process name, possibly in an attempt to hide itself DOM Worker 1629 Process not Found Changes the process name, possibly in an attempt to hide itself DOM Worker 1629 Process not Found Changes the process name, possibly in an attempt to hide itself Sandbox Forked 1628 Process not Found Changes the process name, possibly in an attempt to hide itself Chroot Helper 1630 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #5 1634 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #5 1634 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #4 1633 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #4 1633 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #3 1632 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #3 1632 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #2 1631 Process not Found Changes the process name, possibly in an attempt to hide itself StreamTrans #2 1631 Process not Found Changes the process name, possibly in an attempt to hide itself MainThread 1628 firefox Changes the process name, possibly in an attempt to hide itself IPC I/O Child 1636 Process not Found Changes the process name, possibly in an attempt to hide itself IPC I/O Child 1636 Process not Found Changes the process name, possibly in an attempt to hide itself IPC I/O Child 1636 Process not Found Changes the process name, possibly in an attempt to hide itself Socket Process 1628 firefox Changes the process name, possibly in an attempt to hide itself Socket Thread 1638 Process not Found Changes the process name, possibly in an attempt to hide itself Socket Thread 1638 Process not Found Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 1637 Process not Found Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 1637 Process not Found Changes the process name, possibly in an attempt to hide itself Timer 1639 Process not Found Changes the process name, possibly in an attempt to hide itself Timer 1639 Process not Found Changes the process name, possibly in an attempt to hide itself Worker Launcher 1640 Process not Found Changes the process name, possibly in an attempt to hide itself Worker Launcher 1640 Process not Found Changes the process name, possibly in an attempt to hide itself gmain 1641 Process not Found -
Reads user data of web browsers 64 IoCs
Reads stored browser data which can include saved credentials.
description ioc Process File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/key4.db firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/ClientAuthRememberList.txt Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/user.js firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cookies.sqlite-journal firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/pkcs11.txt firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore-backups/previous.js Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/addonStartup.json.lz4 firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/permissions.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/permissions.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/extension-preferences.json Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/times.json Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/handlers.json firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/prefs.js firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cookies.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionCheckpoints.json Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/extensions firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/system-extensions firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cookies.sqlite firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/content-prefs.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/xulstore.json firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/content-prefs.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/extensions.json Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/AlternateServices.txt Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore-backups/previous.jsonlz4 Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore-backups/recovery.js Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/key4.db Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/SiteSecurityServiceState.txt Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore-backups/recovery.baklz4 Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/key4.db-journal firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/shield-preference-experiments.json Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/addons.json Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore-backups/recovery.jsonlz4 Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore.js Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cert9.db Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/search.json.mozlz4 Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cert_override.txt firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore-backups/recovery.bak Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cert9.db-journal firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cert9.db-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cookies.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/ls-archive.sqlite Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/storage/ls-archive.sqlite-journal Process not Found File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/cert9.db firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/compatibility.ini firefox File opened for reading /root/.mozilla/firefox/vb0uel90.default-release/sessionstore.jsonlz4 Process not Found -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc File opened for reading /proc/cpuinfo -
Reads CPU attributes 1 TTPs 11 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online Process not Found File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size Process not Found File opened for reading /sys/devices/system/cpu/present Process not Found File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/present firefox File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq Process not Found File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size Process not Found File opened for reading /sys/devices/system/cpu/present firefox -
Enumerates kernel/hardware configuration 1 TTPs 60 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/bus/pci/devices/0000:00:04.0/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor Process not Found File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq Process not Found File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq Process not Found File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent Process not Found File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource Process not Found File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource Process not Found File opened for reading /sys/kernel/security/apparmor/features/dbus/mask dbus-daemon File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource Process not Found File opened for reading /sys/bus/pci/devices/0000:00:03.0/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:02.0/class Process not Found File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.3/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq Process not Found File opened for reading /sys/bus/pci/devices Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:00.0/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:06.0/class Process not Found File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:04.0/class Process not Found File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource Process not Found File opened for reading /sys/bus/pci/devices/0000:00:03.0/class Process not Found File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.3/class Process not Found File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq Process not Found File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us firefox File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq Process not Found File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.1/class Process not Found File opened for reading /sys/bus/pci/devices/0000:00:06.0/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:05.0/class Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.0/class Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor Process not Found File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource Process not Found File opened for reading /sys/bus/pci/devices/0000:00:00.0/class Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource Process not Found File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor Process not Found File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/devices/system/cpu Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.1/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:02.0/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:05.0/device Process not Found File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor Process not Found File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/devices/system/cpu firefox File opened for reading /sys/bus/pci/devices/0000:00:01.0/device Process not Found File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq Process not Found File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq Process not Found -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1650/cmdline Process not Found File opened for reading /proc/1669/cmdline Process not Found File opened for reading /proc/self/cgroup firefox File opened for reading /proc/self/fd/35 firefox File opened for reading /proc/filesystems firefox File opened for reading /proc/mounts dbus-daemon File opened for reading /proc/self/mountinfo firefox File opened for reading /proc/self/fd/49 firefox File opened for reading /proc/1592/cmdline Process not Found File opened for reading /proc/self/fd/44 firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/filesystems xdg-desktop-portal File opened for reading /proc/filesystems xdg-permission-store File opened for reading /proc/self/stat Process not Found File opened for reading /proc/self/fd/41 firefox File opened for reading /proc/filesystems gvfsd-fuse File opened for reading /proc/self/task/1783/stat Process not Found File opened for reading /proc/self/fd/37 firefox File opened for reading /proc/filesystems gvfsd File opened for reading /proc/self/fd/6 firefox File opened for reading /proc/self/task/1719/stat Process not Found File opened for reading /proc/filesystems dbus-daemon File opened for reading /proc/self/mountinfo Process not Found File opened for reading /proc/self/task/1742/stat Process not Found File opened for reading /proc/self/task/1594/stat Process not Found File opened for reading /proc/self/fd/31 firefox File opened for reading /proc/self/fd/39 firefox File opened for reading /proc/1713/smaps Process not Found File opened for reading /proc/1604/status Process not Found File opened for reading /proc/self/task/1635/stat Process not Found File opened for reading /proc/filesystems firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/fd/96 firefox File opened for reading /proc/self/fd/75 firefox File opened for reading /proc/self/fd/38 firefox File opened for reading /proc/self/fd/40 firefox File opened for reading /proc/self/fd/47 firefox File opened for reading /proc/self/fd/48 firefox File opened for reading /proc/filesystems firefox File opened for reading /proc/self/fd/50 firefox File opened for reading /proc/1665/cmdline Process not Found File opened for reading /proc/self/fd/76 firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/sys/kernel/cap_last_cap Process not Found File opened for reading /proc/self/fd/29 firefox File opened for reading /proc/self/fd/46 firefox File opened for reading /proc/self/fd/43 firefox File opened for reading /proc/1645/cmdline Process not Found File opened for reading /proc/1713/statm Process not Found File opened for reading /proc/self/fd/36 firefox File opened for reading /proc/self/fd/45 firefox File opened for reading /proc/filesystems firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/maps firefox File opened for reading /proc/self/task/1765/stat Process not Found File opened for reading /proc/self/fd Process not Found File opened for reading /proc/1604/attr/current Process not Found File opened for reading /proc/filesystems xdg-desktop-portal-gtk File opened for reading /proc/filesystems firefox File opened for reading /proc/self/fd/34 firefox File opened for reading /proc/1674/cmdline Process not Found File opened for reading /proc/self/fd/51 firefox File opened for reading /proc/filesystems xdg-document-portal -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/firefox/.parentlock firefox
Processes
-
/usr/bin/firefoxfirefox -new-tab https://www.google.com1⤵PID:1592
-
/usr/bin/whichwhich /usr/bin/firefox2⤵PID:1593
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -new-tab https://www.google.com1⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1592 -
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr2⤵PID:1600
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵PID:1642
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵PID:1642
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵PID:1642
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr2⤵PID:1642
-
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1602
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc1⤵PID:1615
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{24f3cff0-2297-44ec-b8ae-7ab391c5c2cf}" 1592 true socket1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1628
-
/usr/libexec/xdg-desktop-portal/usr/libexec/xdg-desktop-portal1⤵
- Reads runtime system information
PID:1645
-
/usr/libexec/xdg-document-portal/usr/libexec/xdg-document-portal1⤵
- Reads runtime system information
PID:1650
-
/usr/libexec/xdg-permission-store/usr/libexec/xdg-permission-store1⤵
- Reads runtime system information
PID:1654
-
/usr/libexec/xdg-desktop-portal-gtk/usr/libexec/xdg-desktop-portal-gtk1⤵
- Reads runtime system information
PID:1665
-
/usr/lib/gvfs/gvfsd/usr/lib/gvfs/gvfsd1⤵
- Reads runtime system information
PID:1669
-
/usr/lib/gvfs/gvfsd-fuse/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes1⤵
- Reads runtime system information
PID:1674
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{6523c4cd-9913-4616-85a6-dac620448e28}" 1592 true tab1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1713
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21418 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{3d633a3f-f2b9-44d4-92b2-56eeedeb42c4}" 1592 true tab1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1735
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{ca7abbce-e066-42ba-aea2-d3873fb1031a}" 1592 true tab1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1762
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{6cfd759d-4a56-4148-95c3-14c9d262ced1}" 1592 true tab1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1779
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5c4103f122d27677c9db144cae1394a66
SHA11489f923c4dca729178b3e3233458550d8dddf29
SHA25696a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA5125ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54
-
/root/.cache/mozilla/firefox/vb0uel90.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize13KB
MD5107213a85909a2cc704555603e482a94
SHA19498803080362ec04eadbb81d4d647b8fb810990
SHA2569965ad137ded023f99e72da31ac99d80c8a57461fe37e733b9dca57a9dbe304b
SHA5125bd1e4f7663ad6dab27219e3826d2ea68f6e545fb0a6da012b1bb0143103030dbc4b6ec19279cecbbeaf6edc15e2d62218f0a3cd9e928dd6edc9e1d03b9a367d
-
Filesize
466B
MD5d58491c43be290dd91b3a4640a0168d3
SHA1b4be23fca863559a940b75916c6c6cba51e41e49
SHA2567aaf196db2981a1300685065bc4f3f12966566bc53a3fb4abe56c2f5c10cfb66
SHA5127a740a64d37589f0a0132c8bd259d5a6fa4b91ee9cbdffba8221e42c8e75a4db0b8e33e507c69eb442337b59926b80a0db0bff430e4a1307db5bf2d1e6c30a9e
-
Filesize
10B
MD54e89717de18507273fb787a016602150
SHA10ad7d9c6f69bb7f5f8eda3c6ff1152115faa0b70
SHA2568abc7facab66507ce39c29b9461eea9ef3e0abd3e92a6f13bf8ed04eab131f39
SHA512f0571ca6239de631b4e6aeadf0049b23846961c3039be6dbd000531aa3c3fe7fd358e77f2c851201f71a3906fd927bc565da2dab24531bb6a8e71dc846e65453
-
Filesize
62B
MD55d1f5d41ff329a36710cfd04e8a3b517
SHA16cd9821380d3da2579b64cc028862ba08d2f2e65
SHA256346c0cad587a9e5e3e40be2ed7727298da738e99bd484163ffc9a867838c459d
SHA5128efe2ab40c5e87be732d6e2c836f4b0a6691d5c00807171edf016dae76cea3c363be0ffd156554116b45d8b80143c99e656be31a2db329fde67a908a03b75db4
-
Filesize
259B
MD565922bcc9ba7f1c4ffb655fc5eb74b2f
SHA1df0c3ff3d7586a3998a38937f23864ae9db21b4b
SHA2568ff2b99b1d182825803c36cb9eff155fd6da3c557e495ffeb52e101940efcade
SHA5128f1a5eb7b84514912d0f564faa48834ea2191aa1de1393acd40bd2f234abb431b3c764e26f412822917bc15563016fb289f589394911ec5f4f04bb3a22ce7573
-
Filesize
224KB
MD57d424ab56eb43374cfd8e660cee886bd
SHA17f6b08dead6b178f5cb51e51ef05a039f2ba1e98
SHA25613dd64215ae7ba6da4a487dd327d68bf390842364f5c22941a56f9d54d1ddb89
SHA5126bbeca1643f34a40348c1cee2d95b8491dbcb90107d52f19faa9b7abc5b92a76f228572e2146151ea2b2c5c4110c0011444719140dc0ddee9f2995319fbadcc1
-
Filesize
224KB
MD5a9586ace6f59b77aaa5af449b83a751a
SHA15a40397dc13ce1bae3dfbd8d3514059c817bcb4f
SHA2566c040cf2a2a68822a0c020c44da2aec6aaa549a1da9ed70df9842a6355e1e876
SHA512fd0775b004e7dcf1bd9cc7e9ca252e22ce05e48f70a968c0dd437a920a3cb9d4cb221923866e21b968b47a7616a3229534b29877287722c445ba3372777ceeac
-
Filesize
224KB
MD5e56927cafaea85561914706b51523004
SHA169b44d1e1096026d0929eda2f9c6b28556898c6c
SHA25691a94321d20b88679ca70082930c8097131daf27c031925eeb19279ba53df6ee
SHA5121c456ff6cda6436014148efc88587cc60389d35e06679fee70b7d1eae278fe51b42724e643846b6fef3457ae7d89226705eb13a08a84adbc6bdd1f4f671dabc1
-
Filesize
163B
MD5fe452b7294d5928a9a5863b89ee0a6bd
SHA1a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e
-
Filesize
96KB
MD59535f5fe817accc769c2c1d3354db39f
SHA16af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837
-
Filesize
96KB
MD55caa766855d5613a999f71b7812d6451
SHA1ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA2563a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA51217bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba
-
Filesize
288KB
MD509a22a625d58028e019802bb4bb02417
SHA1603285bce270c1d4f4bde539d011b246aae0e7ff
SHA256775ae4631ce068c1ccdb24b2f7a1187d2f0559f0a691f921adafb0eb87ba4a17
SHA5123d41ac511932a17e756c6ffc43ec89ca206189461a7f31af0de88dfbecd9dd1b3b8ff3f035cfc13d0ea4bb1d52c077f6cc1ed3aebfd5b2653915a36b34632226
-
Filesize
96KB
MD53609a756dc78ba6df254da0155a97deb
SHA119ed4605adbae95adbc4127009d2fd1b93f1f7fe
SHA2565951f7faf9ef207fe195fbb316ab25e2652209fcffc677a7582222268833a7a3
SHA512adb06659b4175a7b68d455db32521d7ece6f0f963f75990766c430615d1e4425d3478d840efc398c289e1883a154a6aa25c7921ed604dfecdd8937733a1db908
-
Filesize
2KB
MD5d44709c7e3c35d900726ad73e96b9b13
SHA10123beee0bfea3a65bb682ccda44a74f568eca4f
SHA2567267c8a47fd92f76dfe99dad9ea5533e12eee74252d16ea7f6851d116331d47e
SHA51260eddb02b93e712d06b7e0ea8e77a14b3549b2beab12bf817a7d26eec419199a4ebda1f0de92123a12b0ff08a8146be043040a21c9e47fc735ae8bf967b98527
-
Filesize
2KB
MD5090e126c7052d9f06ccd08b26b64a5fb
SHA1bcb2ca3e19702fcade9899fd7e75d9da2c500a48
SHA256d5540b53721d7f06fd5d29c6660d2369d6911cded72c0a8957062c6b028b9d31
SHA512817b512d6de61f6a9936b9f5d6d6e3723494415802d1a943197c774a0b4b910f2b366cfdd0cb6ae4ccb91708ffec637cbf95e841c9f342bbd38adf07a232dee2
-
Filesize
3KB
MD5432d5b1d66e7f5858fbdee10090da44a
SHA12bc29df178c4bd9dd99e501971c09a310239f7e4
SHA256f8ba754542a9d55d2c2b4b0596850a9e2266182f95aa37d3dc2204edbfe3b6e4
SHA512ff90a1fa5fd28b6d095e32db5f2a347d469a2e795ec6d0970df1b4112d279c82a75e1659934c3dbb2471ec38a6263d57bb1e6343405c3a781ed0ed908579c64c
-
Filesize
4KB
MD5f3a0050925ea7abb8fdff3c146963b78
SHA165360dc4e2d67e9e9a45b20f20fe42a9ef393758
SHA25657e05c6488ded88177b664829ab66fc2e332c70b53d9eeeacb9158f88669797f
SHA5129b5e11c66f350e5237d7a26fc9062f628130836f240207682533a38f7e7c80ba4c23eb882b96e2e5e200a5481af4e38aa26121f3d0b1f8f50e6a5fd6830aa9ab
-
Filesize
4KB
MD5e3a2f08461d00e6aab1d8f68cca43553
SHA14d91f0b8c135599a3764c98c41023cb2db6cb821
SHA256eedcc2f5bfd06b0c3e37919682aa744eb868feed07fb866db54c8ab8f2a4e25d
SHA51285ab9fdc40a29f8b4a092ac4305afa707e59c5f15bdbf38d7d1780aae17019a5f7122a2d1f34950134fa76ce97e84645e44c727a45f54338ee9205fe44341f60
-
Filesize
1KB
MD5362473670c7df9a0f57f4224b7796c52
SHA1f86cde8a92263be2f4382f4b3911448f65227e97
SHA256cca00d11f58ac82716fc001cd2d4118169425fe4d4568e9b0b6b9b4935015cec
SHA5123970d9c8b6a01c85ffb7245558cf847de4f6aa5af8e42fe44f312c1211979810b22365812f3c75abc325622b13c75828928fd0a205d7f8be17b4dd74f4478459
-
Filesize
96KB
MD5e0c613bfd69956a19ce2dc5e925aa223
SHA114accb230edcd6cb76967cdc6d4e5686db96b5df
SHA2560d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA51201643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1
-
Filesize
128KB
MD5178d71e5529d637ac62f7e75fdd75896
SHA1339f2b949cc4c207b66aea11137448ba28d36dcb
SHA2567b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664
-
Filesize
42B
MD5d2c9cd4c16e0c4b0cb210fe307e20dc8
SHA14e82daba903d2cbee541999528d220befd6e5999
SHA25680625fbb78f5f9ef533a21ecfb88398569119bb5c8c077bdeedbef62eb90792f
SHA51294b9947fbf76a4b6ae6a967a4736b55749adf6ddc18b77bcf67e4756df8fbadaba62bfb17bf580c2fc98af215e32edfb29264458975ece17fa2159f597d18387
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize44KB
MD5a8dd7ebaad5528b23f82ccb1534cea18
SHA1600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA51267f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
Filesize12KB
MD543a8916c902e7adfc3379af8c8923c4b
SHA11c4da42197a913f133922964772c173d3cd53c20
SHA256b6a7ca15f7402026c191fcc8a00dbd75e606ac629f7a5a18d39533a079ab90ac
SHA512baa94b64ba592de742cbafc5d1144e8da5582aea3d6a4b136b2ce4a0763278d18c10c3fad8cbd22438a8f120a2084abe7af1165d0dcefece8d88d31d8b576baa
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize44KB
MD57352c8848e88edc39b7fb5e663888187
SHA18c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA2567a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
Filesize12KB
MD5b4cd206dfd142286ee444bb8b7cfd611
SHA168e8cda2fde2c0a52681fc1a98d00ac6520d819e
SHA256195520e63151835d0e8aeb19d98df4133fe95a8aa48a55739f0a26a66cda71f4
SHA5127080406760e2f8e76fef774e48b01429b5fa4caf91676b2fe06ef75a3fa07e206df3d5dac2db01a4d49be827a44be1f72f8f22f2ccedb7bd92f3e65c4023b2c1
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize44KB
MD5759544297aaa61f5fef8ee42d0ae4393
SHA1fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA2561bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA5128aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize12KB
MD515c33e833d3aa0446b816013baad9c77
SHA12fb5532e78f9ac245126275ec25cebdb9d807a4f
SHA2563b99ad96aa3347db46bb904cfb75511814b47b107d69a6672ba6a6aeab45c6dc
SHA512729519abcacf72da109dadc768b2c57816fc96f82153ea15dcec2e0e771381af56c098b21e00a2a6525cb8323db3f1b57da161fca27fce7709e6a4900cf8fd94
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize44KB
MD507a412e08825220262ad2890757ff779
SHA1f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA5120134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize12KB
MD5993d6a827b05215734d5bce0af7a9623
SHA11bcb47b360fb0d81d12c9cc142af6942a365b0c4
SHA256759b55196800f604e0161318cff459fb1e9bed7b4eb77fc2b040379d41f541f8
SHA512d1c01ac83030104acaa311f98f639592c4f04a82836cfd956870a1919ad90347b41868b4bac98383986c693ed2e838c59bda4a12b808619a6a5a192e00681b2f
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize164KB
MD58922e80878af40b51a093756a442b81f
SHA152cd4cab3c688560c10296ba728f94c8223071c2
SHA256e3b049076cd128cac66358a723ee90b0982389e3af670b0d57545616c101e8a1
SHA5129c832160797e3fc824c3786c86955aa05f672d0883e2481a7f0b3888bfcea14c660317bb64b3f799ccdb970751dfb2d449e33a12eebc31b5ae776c05dfd93b33
-
/root/.mozilla/firefox/vb0uel90.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize148KB
MD5dd3f6ba37c670af5953593535e435d04
SHA1ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA2565cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA51286e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3
-
Filesize
50B
MD53a999b30e0b8ef083f445e4764ee42eb
SHA10a008e4537721ccdd10e60ed8f9f9440573c918f
SHA2560c407ba983dea1d211887b49805434a25fd8b05853c9cad561da0b49eec96b64
SHA512e24f02de00f14759932ecb7c2a3afb83fcdabe39fd8c2a2e84baaa10c1571f97d22447fcc75c115ea991435e40c5d2dfc71071656cfe18268b53fc9cddb75869
-
Filesize
47B
MD54ae0ad3f102b5480b8a5ba475aff898d
SHA1c6c1def494bdfc00b387eb82dfc29b05eb84e737
SHA25688c3bd08f89e1ae66d54ca7daf1c1eea9b2a7311eba515212a841c83b4481408
SHA51253e520e406e0c04912d094886ae648c70f9c410f435ec5c2c18c91d80b339f929a13acc8e736223b2df5c2b5070d76a0fb971c40a767b700b600f8b274f77a86