Malware Analysis Report

2025-01-23 15:27

Sample ID 240417-19d1maga39
Target http://google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

Reads runtime system information

Writes file to tmp directory

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 22:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 22:20

Reported

2024-04-17 22:21

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

8s

Max time network

41s

Command Line

[xdg-open http://google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1694 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1694 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/qzywic8k.default-release/sessionstore-backups/previous.js N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/1574/attr/current N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/33 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/1590/cmdline N/A N/A
File opened for reading /proc/1717/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/1732/cmdline N/A N/A
File opened for reading /proc/1766/statm N/A N/A
File opened for reading /proc/self/task/1658/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1569/cmdline N/A N/A
File opened for reading /proc/1788/smaps N/A N/A
File opened for reading /proc/1574/status N/A N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1700/stat N/A N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/1788/statm N/A N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1770/stat N/A N/A
File opened for reading /proc/1766/smaps N/A N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1721/cmdline N/A N/A
File opened for reading /proc/1736/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1712/cmdline N/A N/A
File opened for reading /proc/self/task/1831/stat N/A N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1795/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/96 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1656/cmdline N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open http://google.com]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/grep

[grep -q ^file://]

/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/bin/sed

[sed s/:/ /g]

/bin/sed

[sed -e s|-|/|]

/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox http://google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox http://google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {c9fbb68f-c1bd-4f2a-92e1-ffb0a2500c61} 1656 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {6750b407-937f-463a-bdcf-ec41afc956d8} 1656 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {95afb3d4-eea4-4e54-a157-bda7edd7b7a3} 1656 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {277b64a7-ee10-49b4-9638-9c638f533ed2} 1656 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.130.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.105:443 services.addons.mozilla.org tcp
GB 18.245.162.105:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.240.56.209:443 location.services.mozilla.com tcp
US 1.1.1.1:53 google.com udp
US 1.1.1.1:53 google.com udp
GB 172.217.169.46:80 google.com tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp

Files

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 61d8e79ba6b15e30bcc8838f481bb46b
SHA1 443b6738471c17b19d231b614350648959dadf10
SHA256 af6d40003655551cff3c00ae7cec818b043084cc9745628a0826633afa8740c0
SHA512 f4e211870b9216d871a6cf8eba46f72667f3afde5c0df352d1251768559a470f50f239b6af4b776b45f34d3f25f683fad7ff4c6f5121d3665c52ea5e6d298c18

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 ba7d5ea67d94582a80d03242b5d47e3b
SHA1 e37701699e2968e95f8be8d37ac35c40678ee650
SHA256 6897f72213c64c150ef7ce51344bc42c8080720b3f3525ea86feb7e461bfabd3
SHA512 8aa328bb130adab4aa69a1e9e8f68fa7ed5c79d053644bcfb378fbe4bb1f5a8eb13a8c5be898f7425d26556198c02eb7559649e3d7c28b9b6757e5ba98668b40

/root/.mozilla/firefox/qzywic8k.default-release/times.json

MD5 411c72f831c559d2f243a76feea31640
SHA1 751d3d83ffa651a959d060d1e561ab9e44a047b2
SHA256 5b330aea24d8e629daf31fbe78963aa1d24192c824458699b4d9f308fd709ce7
SHA512 c1f2c41ecfe6d8fa38f1ef93b623ef214270782ccf8e6baf11d22bfd634b854a1ce8ff8f370a0348c6de7375199764bd8d5a834a2d9cbb4615f8033184c5b779

/root/.mozilla/firefox/2dmzsr6t.default/times.json

MD5 882941b29a3f5724a4a3d9914a0bf318
SHA1 e80b4699a63ecf00b91d2513449d83ebcb9e0d9e
SHA256 3611519f71800ba038f6fd0ee3fdd3c58b5870a33298b81160763e708db8f4b4
SHA512 c05390ef25cbeb1c09a90c84e7abfbabc98e0754a6923ab3602bb7f104972f680ab31abe3fef2aebd2c53e8c23c210025c428de30132b01a7d0fe2a11a940bb3

/root/.mozilla/firefox/installs.ini

MD5 db87d54a64573fe2b0f25f0d63b3bb3b
SHA1 7aafb969797ae01e449c2cdc61f5239fe58068b7
SHA256 910c2d7ba15dca5e12ebbd438d751ee22fc3a2035896a70400395519000d6a70
SHA512 323f91866910381b0d1133ebbccc3ede7ff3ffbf9b844f40d37bf0d8dc8efde6d9376410424a477f36fd62e52615e83ae4f94db5583d41b9da0bf474891a3a9c

/root/.mozilla/firefox/profiles.ini

MD5 326bd96d8e9a54585735ab7d266b1ba6
SHA1 8d87f646ad3e3ce7996f8bcadd450bf95eed029c
SHA256 ff8136acbf043402d8859f3636e3a82a081db55296c5a15366a61fbb48ced895
SHA512 69aed3d8d58f1c9296734b9e88aafb0e610ba9c4cb2ea4b57d9777506a7563166d8dfc35ebf84f3676521f3094bced56f94a92bd12b76c4e581c5aaa1fac433f

/root/.mozilla/firefox/qzywic8k.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/qzywic8k.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/qzywic8k.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/qzywic8k.default-release/prefs.js

MD5 ac8e2b73d0687a96c016362a327e2867
SHA1 9907df82b569c368768e9c97b4e20797a1c63fd6
SHA256 23b4786d426a2539b2455845f919de62feff7f37e168fda7a2a64c37e1c55724
SHA512 7a5cd351a92077d0036dcde31dc1ced529fcdbb12e6d290b2c84cde159b4d1979f302b96d05abde625ac0d3631ec4e09b3bffdff50100c693252f7db47730978

/root/.mozilla/firefox/qzywic8k.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/qzywic8k.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 14cb142426d18c13e3262a8e1f798a26
SHA1 12625d639014a1412e23823fe1369479ed011f4d
SHA256 9db5ea646979c0f5a4667e5c31249e6549c8d539c242fc5e04ea626a4618574c
SHA512 0cbb9818569d4fff98695ce0e3414ebe6a7f91a25adef80eed6e8263dfcc4bcbbeacfd3abf623d987f4cd344faa2822bf977cc9e411ab559fcc08ce7b0c8b500

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 a773a2139b141ff7e3165d5138dcfca9
SHA1 4389a760fce877d370b916d1ddc91057e319908d
SHA256 67ae55c585045430a52ce7276a2ecb84e3702892dee1c6d0d789f80c59070dd3
SHA512 0fda0c7f77a7e92d7442f358cd99c3c68908df01350f6e9ee43e93d31c866576657362106dec793f502f755d61e99390a6ed5f0409297073a7919f8ffea6571f

/root/.mozilla/firefox/qzywic8k.default-release/prefs-1.js

MD5 8c1ae0b7e5cd8c4ec3bfcd857be24a45
SHA1 66c0ea31a00626a505507eeb71bc989e55a3a81e
SHA256 a6ba406565c6078385858a57fe52546433988fbbdbc4499510c7114640f0977c
SHA512 2998d4e4222f6c8712a882b7ead9f48974acfe809e591114db5b4d44c55b93403b80a9c014b708e8e1fb1b4bafe31411ef00d90a6376a5dcd7342b566d82237b

/root/.mozilla/firefox/qzywic8k.default-release/prefs-1.js

MD5 0c5d6f6998e7e84307c43f68eef85348
SHA1 765c87671a543e6340f5d99c53bd176a1aef9ad6
SHA256 2ea379a1230e6f7fa19a56b78a301debf67ea9000a7ee27d2e0cb244e6e8e92e
SHA512 cffefbe92e8c38a8a7ecdc5a6cd1607ed6cce3150b6512ea6d943650b387a6dede7fb2d8db6379980824e855b4fbe9e15b44ffeeaedff1ecaefe7e449b453229

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 324d818032634fef880383681fe84cdb
SHA1 d875c0b756774250211465c71f631280ec25169c
SHA256 5732a9f174ff55ecfd6bca846ac6653e991ddfeefd3a20eca987a59ab2c792b5
SHA512 ba2ae0f135cea26878a1ddc66fc995a928cd4d4e79670eb15b9012d7402b26ca68b0a48860e7a7465182fe82b133449acf3b8d4adfa255a39abcd38ed0ba5df4

/root/.cache/dconf/user

MD5 56f25ea3b3e30b9bef21aafa2abce374
SHA1 aa017174bc4ebe4eb33bb8cfb7d3020fd58afd6b
SHA256 a96fe66c56d3260e6203d8389086e84b06d36c719f27ce3cbd94d6a84084dd4f
SHA512 68fbd959e6b43b9ec30978dd65382343d23be402d64fa46e53efd047a2f673e5bffa8084566e9e924b8f8857c63cf6bdd5bf48f749849063ae54d95546724c34

/root/.mozilla/firefox/qzywic8k.default-release/permissions.sqlite

MD5 232fbc22dd03a8ec41edde02bdbea61c
SHA1 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256 d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

/root/.mozilla/firefox/qzywic8k.default-release/prefs-1.js

MD5 fb654c6352188fb5122e913821ffc306
SHA1 a33a1ecda99b23a01e5b744091339e877fde7020
SHA256 9a6a60b9d073d00b9d544d5744ad87c1a047fc9d6b215bd8b78a721cb2f920ef
SHA512 2ea871e69a3be02019c8320dffbd072478d2c2a91f2905e3f96f7ff47ff97f884c56797d59fd536157060dc8e1576337e8bf0c38ef5dc39d73b3a70cb41349cf

/root/.mozilla/firefox/qzywic8k.default-release/times.json

MD5 53c4f0bcf15b7ab99f289c4b7024244f
SHA1 14aaa31f6da6947fc4da8a80e13f58d35b8771e4
SHA256 b04a2629cc72d92a73371a60a18fd542cfdc792ffa30b5a0734ad316bfd3ce0b
SHA512 753ea196e56545539bc23ef1c733f9c1e56582a160a062a18dcaf9b657d580b15e7db99f0e1582d856d04a35bc321f8af64349bbb862c7793c910a96a2575751

/root/.mozilla/firefox/qzywic8k.default-release/cert9.db

MD5 236a44412b6377efcef9916eea811cef
SHA1 644f4287e291ec149c7c6d7108dc9a16e8542feb
SHA256 c83ccad3e2edacac2a46ac307a184428df869dad42407b3e1708bcf5479a7f5e
SHA512 951efd524b6171a4035ab011d2057149152b1ab725c57afd578b269da7bea7a32b2c735987d24aad51ef1817758f1e240db624693b88e9ce2e55b1c379a998d3

/root/.mozilla/firefox/qzywic8k.default-release/key4.db

MD5 8a083486c60a21a9dac1f5ad03aef68f
SHA1 6fe767af0a511d680f986cdd4205ce5fe1d7db57
SHA256 88b1bc65286dbfa9fcbe8c17917d55c8bdefc4f118e51d135f6f45ae52fd754e
SHA512 001522737474107ef0524352ac18c9363b0f97ad08b0906ad464644c52dc9004e12867ace9a38eef31037dbb80405e49eff70e85f78ea79d4982d7098aba2e5e

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 5902c6a4096430ae3ada1387725da22d
SHA1 7f339d95d86cd6db8c70a6127c59b25a347c642d
SHA256 5b094f37587ceb44b7975635ffd5def1668a2c28f9e53b515c666e45999c0b1f
SHA512 b718d9ce56176077cc6da810917dd2649a7d87dfb32b232dd43c5ab9c390851b058bb26720b857d1f9db67dd15175c0d5fac99e7d73108478bc3e6939275fec6

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/qzywic8k.default-release/prefs-1.js

MD5 79e7996c1363cb434511ac09704644a4
SHA1 afba5c5da6ebb35d02c7f8222d1ca2e03e883db4
SHA256 a48732ec4ab1768965309dc7e93e61d68e7c538a0edfc7ffc2880ef48e18ee7e
SHA512 197a95284359260f095e40d18e1f76870237c5aafa41abd13f0d5da021396686aaec7ec91933b3fb3a7eed11ec1f51b06453b4019cbad28e66d0995b0eaecd02

/root/.cache/mozilla/firefox/qzywic8k.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 55c1ed542434adfa04d6911c9ba8f553
SHA1 b58b351ea6d2d1d204875a64fe914eb8dccf0189
SHA256 53830d8d9ae7a8ed0bc243e29dd00fa823ff49498f2f4b8533e72d1c71799db9
SHA512 6a7944d948d4947c38fb4d2b9791ef6b7bc61c69dc90b30d7a088fc7eced6fd8f3575f3b7c6e385f294543d0edf53040978b2fba285d9651cee5d4b1c0c8bc23

/root/.mozilla/firefox/qzywic8k.default-release/prefs-1.js

MD5 904c8e7968d4390c555f926d141170f4
SHA1 54f2848f433392c390eea34e31d59eb5ff6277b6
SHA256 4c117820add3dcd29bd99dda857e4b5c21385c9aef2a2612e633e6a170279720
SHA512 dc4479dab4fdd2cf3914c8e160d6a9f75be149b0ceb38b49746385d13e671167a07a41a3f368ade859056e8dfdcc0b4cb62d7b4e56ce8237d3235ee4473ae9c3

/root/.mozilla/firefox/qzywic8k.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 3a81a436ae4bebaeef597190a1fb885a
SHA1 daeb67d17d4b62e71fd40ba7ce401adf2f4389be
SHA256 54946f29664a07ac731acb408477b994c52d67947c5c9e12a73861faa1aa9269
SHA512 db25289156703a0cb3da89b2efba528f88d2288b5042b407ae1f39251150a3e7fbabf1d0a54f8c95adb36290f4fe9dd626316a7543290e1353f1b1d4b30faf36

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 22:20

Reported

2024-04-17 22:20

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-17 22:20

Reported

2024-04-17 22:20

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-17 22:20

Reported

2024-04-17 22:20

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A