Malware Analysis Report

2025-01-23 15:33

Sample ID 240416-mptzfsab6t
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-16 10:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-16 10:38

Reported

2024-04-16 10:39

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

8s

Max time network

17s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1614 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1614 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/content-prefs.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore-backups/previous.js N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/s8rf5lyu.default-release/content-prefs.sqlite N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1621/stat N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1703/stat N/A N/A
File opened for reading /proc/1697/smaps N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/94 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1572/stat N/A N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1762/stat N/A N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/1570/cmdline N/A N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1663/cmdline N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/task/1738/stat N/A N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1643/cmdline N/A N/A
File opened for reading /proc/self/task/1783/stat N/A N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1731/statm N/A N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1697/statm N/A N/A
File opened for reading /proc/1652/cmdline N/A N/A
File opened for reading /proc/1667/cmdline N/A N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1731/smaps N/A N/A
File opened for reading /proc/1648/cmdline N/A N/A
File opened for reading /proc/1582/attr/current N/A N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {a9c5819b-6455-4eb3-aaa2-0a28b5d5ef2e} 1570 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {1882df11-b780-457b-b7a8-ad55f2f41257} 1570 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {ea55e68c-427a-413e-b9d1-eab75d6b5dbe} 1570 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {11848233-1603-4a78-bd1e-2192d4e2a83c} 1570 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {75bb4b45-b545-4f08-a582-688318c8d804} 1570 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.105:443 services.addons.mozilla.org tcp
GB 18.245.162.105:443 services.addons.mozilla.org tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.240.56.209:443 location.services.mozilla.com tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 1adeb69fdf33ba73cbda105798c0dbe1
SHA1 306cac07988ea06f341f9122eefbc34182e6b202
SHA256 aae984da17fb75b07cfafb1210825d535fe0b47b21ac347f26e01c8398a3754e
SHA512 961b025d751d772536828b7e33f16dc20f1fbfe8284cbec8274f6759a2cc1ea055f80e1dfecca3c538fe3cae931470d836447d50ef646e538669d48385eb9244

/root/.mozilla/firefox/s8rf5lyu.default-release/times.json

MD5 826cc83449f8a06d16a266dfbe83891a
SHA1 b41e8c87038a1997dd2bf96df3e43175d5660070
SHA256 5a597c2264dac5159643e049fdaf252cc28cb8223bb9177275ebabe2b7336a3d
SHA512 740317781427cc6f23c52f14147f9efae6a2269b1d09ddb80cf4acb29c413d772142608db2fdc562054e6d7435efa665b6b31fc747eec9f7cee141ef13839e7c

/root/.mozilla/firefox/6ovharwt.default/times.json

MD5 19f975cf33f6f311c2f20183b2ba9694
SHA1 16c287ae4d89f3d5742051ba65b835ed30d5a3d9
SHA256 7729ef0c1878909db7ee7b410278c719afa45000cdf9b8566e4114b7397640fe
SHA512 b573ac50f135fd72b3d58be726c974978f6cf8e2d5f58a880e8f799007d3724ce7f099e8a2569855f93ecdfea441235fd1b7fd23534d102fb98c02c60778e834

/root/.mozilla/firefox/installs.ini

MD5 d517f1dbf6f9e1fa10ce1c431828c67d
SHA1 6f113c4d16d0d7c20801632a34f5b22064c13b2e
SHA256 c864cffd84b153e2fa56097c4c10e88fc9dae08ad6b9ee29c6c1735e2018f042
SHA512 729d9c6a15c3d43dee096f106d6c8258cabc1998f959de560f090b56dd4af97985daef91b833a6c1359c1bbbafee9302e4a84d41014f88328c18abdb9a7d9471

/root/.mozilla/firefox/profiles.ini

MD5 f4ab89ba9bdfd3dde1b3e88208c0ecf3
SHA1 13d8b5b346386805343625da8650430c355660b7
SHA256 9320761750972f89fd6c8bde1475572af1847f22a6f988f55065a9ed25135dd9
SHA512 0de6da16a2422f86eb870f7d98a4df770f6610404e80b53b91955a0e2739f42e089585691194cbe60049dd2888c257d5ef43f536fc7fd4b497d3f43207a18a27

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 ef3d3c3ccf6559d5bc8a2bedd006fdc0
SHA1 64e1ee3406593060fc5bd162c28de03faf1e6f61
SHA256 ad1c37f92fa2338383e663e48a57107e573722191537ef79f67c9e7b9a02e858
SHA512 252d91d7eccb0bad04fccc706610015ad73a530330d1511b381e602bf622c17070a808baee909c91fc637b77ebd40061bbb1960e6b07cf93e3ccac3992af7f6f

/root/.mozilla/firefox/s8rf5lyu.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/s8rf5lyu.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/s8rf5lyu.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/s8rf5lyu.default-release/prefs.js

MD5 fb5a634024117eaea5de7f0a8b8f0121
SHA1 1290a82bf57836f5791445e5a3dcaf4e99ba8423
SHA256 f4e01e61503235e8efbd05892dc1caf0ba36295506b04afab16fc906cfe4efb7
SHA512 c8f5acfe7d91a889faccdf032737e1b9afef2c29c85efe61083330087985fddd13230d0a73c3733b1a794facf19e9385810c30134db27650652d24d31f0d1bc3

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 c3afb06b17258e1b836cc3f8a8408496
SHA1 b9cb03a00cc4c51c436a224250ccf882a17b3227
SHA256 70ad28a63b28167142e6175c4e33faa18602d659fc0468527b9dd7bad318d06c
SHA512 9ec84a8fdc876e08ae45c1e22de955be2aae57cf5e26f76707486c7dd52efb7b7ce3a5080dbc7887c73b4d2ac43e93e948cf7e12792b763a906fab99ecda3bc6

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 d1bb09e2dca26fc93a8df27b7f2ede5f
SHA1 4d1c9d418dcdab09faf6cf21797439c301088b39
SHA256 f942fdf74aa1ce0ea08dcae190023018027dae820cdeda01a8caa4ef2c8ef22b
SHA512 6c0185ae3f3030431f5138a324de987ae85eb9e25b586f49dd0805123c502ee790ee6d52d6a1e86686e60c02db6f4efb3e00e977ebd7af7e98503e0e766608d2

/root/.mozilla/firefox/s8rf5lyu.default-release/prefs-1.js

MD5 7c8034af5fdba0a8ef1d5b2101cbb643
SHA1 9ed12b37599db5927663495b7e7bf949fad7f1de
SHA256 ae3431d8c3f085682555c709fdc8c8cf96414f614497b51a4b5080f95e3e83d3
SHA512 fec7ab4262484f457e006b46f87cae98a0ecbee50b0cf25123e9f8649858cc52733447aec60b9678001f844e74fe34623abcc5833ce600c85050ccb8a63493f9

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 c78043f7af401d1cb50bca238651c064
SHA1 18a92cf4f10cfbb2b785bd24556acbae2f01fed0
SHA256 65b528a2beb7855dc1e2286ac6778bc057d7935f0dd699caaa129a1f673a6157
SHA512 3020c71f77b314cd9ca98ed0ecd7b0f3d5f2c9f4d7178e28012f21e8ce2152e06530b0cf61fce8016be159eda547dc02dbd3e117eabae9b4f0f188675ec02d35

/root/.cache/dconf/user

MD5 06ac3c9e7b3f15660c5294badde2dfa1
SHA1 eaba1526c0f451ade3466c0c4f660c6cd4df3f48
SHA256 a1f386a0ecb061b3c46a038616212779858ba7258b2eccb818a64986c97282da
SHA512 ea4e7ad8938bacf96f5ccaecf2e1cda16fa30533db7607cd57345d28e296a7d3f6bb2cde357295f5865fba42b5fe8a482443a481a5fb52606e280cf12b3a41ca

/root/.mozilla/firefox/s8rf5lyu.default-release/permissions.sqlite

MD5 232fbc22dd03a8ec41edde02bdbea61c
SHA1 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256 d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

/root/.mozilla/firefox/s8rf5lyu.default-release/prefs-1.js

MD5 38d5323d1b924c20b1737f49ef96b86f
SHA1 c2f5a056c1f3dc94464ff27c0eab00c76b17dacb
SHA256 650edb42bce031955366a4eab23ac00bdf0d2cc1e842c87961ef61e3c963c414
SHA512 a0b65584eaae037b4fd4c567cf7bbfe6872e37905a79a44e200d0673d088279093f31ce958047579b6e5d2161e188b8ec166bf8dbe0db6eb4c1f4d330e164ace

/root/.mozilla/firefox/s8rf5lyu.default-release/times.json

MD5 22c37b799e556edb36edaecbfd4e8a0d
SHA1 d75b7639d94b49d208608a25061315b03ae3325b
SHA256 4f40df9447d299f6d04c1a18111e3358648785ae23c7fcf2e30242f73603004d
SHA512 7d105a9ae674776c3ee676b6a0f6811760340294edfe17fdeafe0324678978ae5cc83df3fc50b66b1e25f24ef58d4389d8def8389ce2665f5a2124a98da7a441

/root/.mozilla/firefox/s8rf5lyu.default-release/cert9.db

MD5 85588ae2d1f1652a5277bd910d5bef2b
SHA1 512885c62c1fc1cc66829c5e62ba07f1d5036e8d
SHA256 cece06d3fd0e91ba6dc9540ad642692bbb5a59897808d9fc22f79e1a0fab900f
SHA512 21dd3133fe87575f73fa50a8fcc95fb3f605bf85a97daa1927b329e355d75e164e7db7ab1e2fcfb45427f8a65b1728fd5da03f838e29b07f95d9c8f76f4ef2ad

/root/.mozilla/firefox/s8rf5lyu.default-release/key4.db

MD5 472f744837603feb97908e9546b289ad
SHA1 afdaa965c263e872fc0ef5e23ee1680215ee9303
SHA256 94fc79f812774bf2af20132e6cd2b01624116e1124aaed292a64fcf5c15d9b8f
SHA512 931af39ed5b2e5755cb8412601d159488e0a75b5e349b60327ffe47a9a1c00a953bfaa5259eba0a37563458eb3c6b2614d91641c07b3370dfa18a2d4db41aa9b

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 f3e7dd6ce74646e9c840d79db3e723c1
SHA1 3639e7fe24ac5c0fee0d2d28dfa5b79767c7f9ee
SHA256 60c22d729fc8425e2040a0a14ea9dc9e2bfe197a7034b7913448e82267394706
SHA512 db51d8eae0863d8b10aed56c2c8340e62cf80c2706fe17f95e914006206df21b1bc66befccada2e86a5de24124af61ac2dd86b403b86c82ac05c119445177c6a

/root/.cache/mozilla/firefox/s8rf5lyu.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 cccf9db77f8657d30d39ded3905f1e69
SHA1 ad1c9edd64832193a84c9983663acfa0651cb6d6
SHA256 980c110924a914b76b82f956c7ac7f6affcdcc96915f3d46b6965cd455eb0ae7
SHA512 b6d1d5d86d35a5825fd7e099dd41a09da337d0b120412d7f5da38275235e993ef547723a0be4b408b65ea0310a276ccb6144364594d51e89a975fc40de7c504d

/root/.mozilla/firefox/s8rf5lyu.default-release/prefs-1.js

MD5 dc7ba924aa9ea4f06de1a80be3bb7890
SHA1 cf850a6ef524cf43565d61167d97bc401723eebf
SHA256 8e0f305cadaca95c35244d3e4e30a3e5a7d7c78396ae1e2f26e8a11fd1d23272
SHA512 5da0c5fa0f0e657f69ecc99ae559b4ac62f485cf9ea29a8497faa27c3e46cc885b0da85402854d7151688f3efc8f31d5dcd3d73e6f0e12685bba0dce2686c914

/root/.mozilla/firefox/s8rf5lyu.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/s8rf5lyu.default-release/prefs-1.js

MD5 d35de6a1f338bc0aa221c54cafbaa85a
SHA1 55ccf6dce3acac54734716e28b47b63e3dc6487e
SHA256 b63b9a1f474e80bfa5c64028085aad9dd0f270f97eabadb0fd0205cd5f8b7fa1
SHA512 88799e20b9af608c88504bac9d3a5f8287e3683d1b5826d4e71a5344b33ec854588bc3f0d9c2a11322ecf09f7d095f2670b73e1106be487c933d403586a0e1bf

/root/.mozilla/firefox/s8rf5lyu.default-release/prefs-1.js

MD5 21c49ec1a3c99f4ae6d0355c7c942096
SHA1 9f6d8496cf9634980761a23dbc82b49dc2d115e4
SHA256 c1a88bdbdcb38d629a0c57f4b62a00298e8eb2cbb65d0589145c1eedff86e0c0
SHA512 490dec2f7eece4c9114c17877a1f2b9547f0d88ab352d7b269667ccabcd5cee3beda5412b7703b0e1e94aff47fed097ad41ae1b80363abab3268a6db15efb974