Malware Analysis Report

2025-01-23 15:26

Sample ID 240417-gv6ybahc2v
Target https://trixxware.sellauth.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://trixxware.sellauth.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 06:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 06:08

Reported

2024-04-17 06:09

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

10s

Max time network

14s

Command Line

[firefox -new-tab https://trixxware.sellauth.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1648 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1648 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/content-prefs.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/places.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/places.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/favicons.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/previous.js N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/places.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/favicons.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/r8d051ml.default-release/handlers.json /usr/lib/firefox/firefox N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1729/smaps N/A N/A
File opened for reading /proc/1670/cmdline N/A N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1597/cmdline N/A N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1674/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/task/1755/stat N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1746/statm N/A N/A
File opened for reading /proc/self/task/1599/stat N/A N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1685/cmdline N/A N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/self/fd/83 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1653/stat N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/73 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/1746/smaps N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1689/cmdline N/A N/A
File opened for reading /proc/1694/cmdline N/A N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/33 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1729/statm N/A N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1734/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1814/stat N/A N/A
File opened for reading /proc/1612/attr/current N/A N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1665/cmdline N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1789/stat N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://trixxware.sellauth.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://trixxware.sellauth.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {3cf684b7-4c69-4cc5-a64d-79aeb4d5acfc} 1597 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {3f52c00a-10c1-4716-92e1-52c2d5057839} 1597 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {60baa5ac-f1b6-4e04-8a71-7021efc62f83} 1597 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {080bd585-fae6-4a4e-b24c-23da64998654} 1597 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 28015 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {63903520-82ed-4082-96bc-471e0a5c29ee} 1597 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.2.49:443 cdn.fwupd.org tcp
US 151.101.65.91:443 tcp
GB 89.187.167.2:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.2:443 1527653184.rsc.cdn77.org tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.3:443 services.addons.mozilla.org tcp
GB 18.245.162.3:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.240.56.209:443 location.services.mozilla.com tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 trixxware.sellauth.com udp
US 1.1.1.1:53 trixxware.sellauth.com udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 172.67.177.236:443 trixxware.sellauth.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
GB 143.204.72.186:443 www.mozilla.org tcp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 bdceee9b55e0e2f6540625816a464394
SHA1 ac32b552ebdcb4cde602f5e756c4b2394d215de8
SHA256 b6e28958b15f1bc3af43afe74a3bd2fed59cb36cb52ff5136d54a17a1045e01c
SHA512 f3260497354f0fae2865118fc7f83f9df08c5d6e530972ee5fda47fe18eddcdece5fe09387d8c2aa58c7b8f97005687385b580272291812a115af058fc84a82a

/root/.mozilla/firefox/r8d051ml.default-release/times.json

MD5 4dd09f0e1eec893800ec7df273cb3a63
SHA1 f4868380a5cdce2177e4dccc39554ed631db9e06
SHA256 f3a61458f661899aca8e5097ae787b776bcac70dbe444667e108794e2044f872
SHA512 2de1a0f3414b119c585ada2053f084ea53d0917f631e61e8e1c31eabffaff350920bdf947f26549ecd3e10179d7719b955a8a136e2395745207b34c5765ebbe9

/root/.mozilla/firefox/fxids9td.default/times.json

MD5 45a3a98bf6315add18f3b1f0f39c3829
SHA1 57c84580bd72308b6d56585d7414cb32b2b5fb02
SHA256 1034ad83021e249e44d5404a2def71f85ce68532c8747c063434b3e4f09546fb
SHA512 e794f00d1dc0fa7181894f284158a1266f549d9d827fbb02f754b89ef6195cb77d9b5e7bcaa9320bbe7397a880523493f8040554d8bc345eef29142ffdf1883b

/root/.mozilla/firefox/installs.ini

MD5 67e794ef63869c1c32f8473300d79376
SHA1 38fca196ed54a67ff6b03569c08e0cda62427bd3
SHA256 5acbda94feb3d040485312a5cd2196279c1756de5cfeaf40e83e69e0d8417f78
SHA512 5e149673e122e1da25f31d53538ff0adf095cbdd57863f4cc6cb507e8a305439b634ebbe888b7f73a2498202a958428b9aa68d906882c499e02048d303020727

/root/.mozilla/firefox/profiles.ini

MD5 78fc2b64be6f8dabb49f04dd5f0fcb16
SHA1 911b8918be473fb8321c7972216d8eafbbb92138
SHA256 f93574b250af1d960c32ce773b7ccca564c3202e40d205f5b94ce78be6cf2370
SHA512 69a5579d82d21584964cd6284374e38a3a43a397f4df04ce1a5a14d5aacdc5fc52d93f75d12399022e0b1d89ee0e8146e19af512293232339f0f567f804655e7

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 e7ca9e918836419c25bf6c3d955ae13e
SHA1 90ed5da5db0e4609969a9db0b5b350f70545a82b
SHA256 b9f874d698f2a13fe209560bf775afbf225a0475eba31244c95017b3a6241c8c
SHA512 01ee0b35fd4ed21248f74fbe93aecd954d7408a62dcdb1ad745151976d2d3c8fa05b6d40da8b1bc4cd7e8a4e31ae8a457c5b08bf601990d31ceb1a9e22d5ba4e

/root/.mozilla/firefox/r8d051ml.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/r8d051ml.default-release/prefs.js

MD5 d0308c888a19beb998fed4ad37b72408
SHA1 7514812ebf70ed670d70e71a04469ce10a7737a3
SHA256 9d42ea1fa111f5005a77f87c8627eb095356a030f1718c1fedca142f5f455462
SHA512 d59b26b7fe6e759031d0e2ddd674e710ae956642d2e8e989f2f3896d792aaa2de46c4d4a300ef83294bbe6009cb389a89ea236d9c5dafcf80245802d699f4e0e

/root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 f9232ecbaed4c763cb2d8659ff4833c9
SHA1 6b036c7f038f345f08abd0c831fe7ac3b56b82ea
SHA256 20a918f2a63abacb198b2a4c61bf7a5ae31a8687956d284809ebd13188236a2d
SHA512 8062be023b5ddeebbd5a339f49d26eab6943528b4a5fba4d1ccf2152ca503ec57f10abaa36847087b234491547d513193155d3cff7e44a69d113b18e62893339

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 9eab165c6580faa8d0c8714ba6ce1a67
SHA1 51d8c1c0e622c61e4841865c089c52175dcdad66
SHA256 23788584696a30ad9ba73abbc398525425f2d90ce54004151cd4bfc057e281ea
SHA512 62259bae0f0e7764059a11db10f18e74e1680e65aa0a7c011707457b5e9c3e3516edfc9d0499e234ae7aebf790e29b92c940abd7243df81367cad4db9df8f064

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 0592d1f9e8e745586143bd245f1f33e8
SHA1 78938ed0ccf58b83b9aad31f18d6c15af7ca0449
SHA256 c8e2cca6bbeb7e7bfabe72ef1f358c94d2ba42fa4de79c3787f606c49792a214
SHA512 6525b082344afce66f18bc8a23413946a970ddf28e5729f2f0d5ff1dd2647537542a9ccb38672d1d8766d992a18b1fff09879230e0ef1baa15eb88f741e1eefa

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 79330e650840c2442f06bff20f1b1fa4
SHA1 28c5d8c8692696cd108b0247c0043ed7f1c168bd
SHA256 63ce8b7f296eecdba038baab6fb1bb17d3d063b20afe1e532beaa2d0525f0460
SHA512 fbfbd733e8d854c2a292b2886f3d46adadb5b2912a8fd99943d4b54f9f411310d335594327f9b182f084f391a58b23c26decbbe6ea4da2753589c9149e857a3a

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 8362c2dba19113652f553bc9dfd1ae12
SHA1 bb3e5be31e39551062e1886225f0c5f69bf29002
SHA256 8b97ca2365fb1734b8414c7f75931b283ae196f46bf5d5a626a014fab44c9df9
SHA512 fd15fa7591d64f7bc035731341398ae2987d44fc70bb2c16455e1ab4959c5573251a7112a6b38030d65588684f14b94a756d3ad5b75edd59abd10e3c93794430

/root/.cache/dconf/user

MD5 441077cc9e57554dd476bdfb8b8b8102
SHA1 3f29546453678b855931c174a97d6c0894b8f546
SHA256 b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2
SHA512 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8

/root/.mozilla/firefox/r8d051ml.default-release/permissions.sqlite

MD5 232fbc22dd03a8ec41edde02bdbea61c
SHA1 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256 d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 0e7bf3a0e05867dee197638c0c0823e2
SHA1 49784d86427258f206f491e1151021edde956a53
SHA256 2a55694878e040e96580d4a40ed2b7c3438ccf6e3ce4007aea3ba53a72bcfaa7
SHA512 03d4a1f7b49ed72782ec074f638c06ead74374a5ee3dff2bd44da64227709fa1ab1d71761259bca97e4f8425b5276c0ebee56b608299dd8bf6645b0a61c1639e

/root/.mozilla/firefox/r8d051ml.default-release/times.json

MD5 293a42d53977796a6cd3281f14b9e3af
SHA1 b96a6acaff31b0695570f020fab7439e641b8b3e
SHA256 67515d79ccca57b853e4b70e5fc421faf2b79fe20ce912c24b6ac39da0cdbb63
SHA512 eca95b2a636e47b6a15cfc53de93731802910c85b119622fae18f755b0e17d6da15d00c638fcc7033a5fbf61a0cb6363600c476a99f1308fad2dc78f0f49aba9

/root/.mozilla/firefox/r8d051ml.default-release/cert9.db

MD5 8f6faca963263c3ef666e52f75998328
SHA1 ade2313bf7078d4e93733cd626c58c80dd972223
SHA256 1d987869f6b8347d966bbdf58f6be8ea65119081c05d5fd9dbfa9bd31bf0b305
SHA512 aaa46077308a69bca2ba9a064fa314eba54e448d35f46332d033dbb823542f0a298b3824f1fdffeb281fd3dc51baeea626eb0ba4551dc7d57e24a318ea3c1cca

/root/.mozilla/firefox/r8d051ml.default-release/key4.db

MD5 4a8c3418f9cb11778e05be4d32daa6fc
SHA1 f1a1f362fd4da93552f39e62714f0ea3fac4cae8
SHA256 084ae99de22e9c46d7f955b94c417f46c4d553ec89b525bb8a10e60982c940a1
SHA512 0e027003c105e5643fe3c285a8f599d75e0ec907e8b8d1e56f5423ef8e1f479f15abf85e69bdc6824f39539a5eaa65185c064358314a8fec7d55b6da3538f670

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 b13986b3923d7c770680f4947cbe7192
SHA1 5dd4da311fa35b81fd57cd51594b836af429ec5a
SHA256 9afc013cfb83c647ab1570189da257c0dc61560c77e2d17d5474fd7d3ced358f
SHA512 2d0ff37b90ca20ddc972bd5993069df83ed8a6db23740d521d3ce0a3223d1180a0a7f6163787bc905b4296ad6c29a68ebd690e5d5cb0c1e4c36b522a3145d3c4

/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 e0567b5edb7e988afb1b324431e48ddd
SHA1 6a410b67613e50dad59dde8098fd6a4c6a985323
SHA256 6bc91c966878ede790e4588fab2a5d27fbc1ebe29f4acd7268d20be0b575b547
SHA512 4ee59cdaec7f995c3f4916f0a6cf07b2f123573f9f0c8e3b3aa968b3912c0fcf64de396f86f3cce2719edac641e0bb44cbad0a2a1e3854422875b6de314470c3

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 cfc7328b2507898e94b3f712c13d980b
SHA1 b10caa2f90682d44c7d0378352cb3f9f35406018
SHA256 b36310a6ba35207d0410491bb00826a1cdec9860bb1868a92c0ec87cd078f974
SHA512 784fe737f8aa0ac379e4267c1972ed8db0d9ba11ab94caec905cc604aeb9228cb4234e744d0f701234af53cef44036a92b81b943061c5ff8d907c81489b3219f

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 06849f75a7ac3bdb1f2955d20234b7b4
SHA1 f6846f89b032cde5f206bffe6fc5d2194738714e
SHA256 57207850873465e889fa3518788af2a725e6c71258888031f894973fef1d420c
SHA512 67e4b2a5532ac7dae79e7cfd4bd649c7db915be4c648b509394bb40e5080c87e04413b8b9c14f3abda98cd163e8f495a6698cc1d98fe572d9c7592d8fec7cefd

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 544621285d91f000bc055d373039544d
SHA1 feba19fe8618bd9b184e576fdc6fc850c69e0179
SHA256 4a812bd07fa764adf4851221b88a184f024226b1e2ac374fdc6d0a398b4d9c8b
SHA512 d0cb76f3a53cad9a4ba26495225a60b565beb23ab9649548cabdf53c7ecbf5e606ba8774dd8a907bb8085a2c18536f4424448a9bbf75cf0bc0f1193045dcb414

/root/.mozilla/firefox/r8d051ml.default-release/cert9.db

MD5 71e60de4f979c38014c4e078bccc31d0
SHA1 dd0405f933f40b8baae28595b7f9a830cad31c36
SHA256 b2f5fb478c274593b147e36f9ff2f8b4fd0c0d554144c4b3f27d811b49d241ea
SHA512 d78c6ad23320b5bf91a51255d3f716f21137324041d8c6c62178e05d7e54a7a1aefbbc2c5d94c41d1c7a33c0d1c0044091c82cb39c4ac47ee2fbb0762055b30c

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 a4b0199b37b0711b0b67d877d3e7a3fa
SHA1 10deea047efebc0129095530fd3e44d619605d4f
SHA256 cbdb94b0dc959d1bed23e13a1351dde5e06b8b50e6ef69599e641ef379abf249
SHA512 fbb2aedfa7a43659d40880b097f06ec6fb28854b7697e0be02a2e1617c6117de4f2c11f88358a680f31ced8102e1eaa07720d80b878b3a37ecc1761475905740

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 50a0d56b5cd3159261df36144648c864
SHA1 0f4d396e7bb0de8e8a8d86b50da7f35feb494295
SHA256 321e03af7c71f112ca81d82476d0f71a4702bae712f9335480617f5dcfae0a10
SHA512 d14128af3754c6b84b737732ca7cd0241803762c68bbef21717d1c60308a9b144ef67e33384391cd8cbebdd5d1ca1c0c717247e51bad8dbc889a2cff22976ec5

/root/.mozilla/firefox/r8d051ml.default-release/cert9.db

MD5 ab942c47ebef442ea0f2fb750e53c1a9
SHA1 13c1c4c8b6a92c5a11f442313c9127e6b75ec082
SHA256 b198cf201b843e61433ac29bf3caecd5a182c2dbc575cb8601a982ff8e42ad6c
SHA512 99debe430f46c5b1a2c8421a3c8d19f378b057e644b4254ab40ecd049fbe3bbae161243d17cf762a09c214a13fface3d7dc89024c298f9f876808aee14c97381

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 63b808c619acc3f958328f8d8a124e2a
SHA1 7ee94cdffc488229c0d240e5bb07b77c6a6a6f0a
SHA256 3adcd78d4ef49d33fb83ddade9a8376879c921b6bb762fda81201adafad48eb3
SHA512 55a514ce9e39517b965fa5880f742cc419b0bff749c13c5070be088724d5dc937e0fa8e3f0ffa46e1e8013114d0cdded8940db72c781fb783f6128216068c40f

/root/.mozilla/firefox/r8d051ml.default-release/cert9.db

MD5 40c8dbece3b277a76568c28dbeba62d8
SHA1 417c4cb01d33aee8566b98c256262def06859026
SHA256 dbe39381720c651d6ee87dc825ea723ad0271a13f4fd6d8f5e4196f4d6952e1c
SHA512 b0a6d4764958f86105929020ec3154a1c810052f4408da960d787be407f87b1c38e5ca10cfdd1591eb8a01c7d77e691bf9d3e74ddb8983d7a6af4ed7e819da41

/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js

MD5 229f6d2f22a1e5c04c64a2c9bb0a2d64
SHA1 8e232596dcd5f5b7c2cf5963aa3bf28dede9006d
SHA256 4ab176f3546da76b5058a8f2a154dfd40fa7763777cfc69eee19e87363f1eb38
SHA512 a610254be0cdb1b5cdac398eecfca70a7e95d630681d00738d00865092e0e1a162b0d24c36907d5ba5cf842194b6037ebc93af6c4ecbac03ab9c78fdc8383389

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 231745363f375c15c860931164164960
SHA1 e1ebb129114a0f02e70d8ed0f419bf3331a4bfca
SHA256 efa4d022fc9634fb5eff8dab603e81525054cb276c4e8e9fae11b40d53f9e172
SHA512 277b0cc0d58e121fed19f1d22400741ddf5d7c291d064196b7a9a531b80ec151a538fa92ab88c6ddd5751b895348779fceeb64ba8ba3a92b2541df1600c4f4bb

/root/.mozilla/firefox/r8d051ml.default-release/places.sqlite

MD5 7f4230f35c3f6b74e78f091b3db1d088
SHA1 7c7d73e01129cd5c017c0417dd91eb80046c05d8
SHA256 3fea1f1a3f531d31249a4760bf62466e13291b0422bfc314f3c6364ce7c2e4e5
SHA512 f6d629db70776087e533c0580a83c2206a0d9652d2e9b0e9f228a83362f4f0f9623dbd2b90a5bca775060e33ba32d1a4f4d6f80fc592c765a86690cd1d396f45

/root/.mozilla/firefox/r8d051ml.default-release/favicons.sqlite

MD5 3c0a1ec298284608bfa51081ea539be3
SHA1 e51b58f6fe89d45fd8a1d935b51da172d5f6f32e
SHA256 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2
SHA512 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/FEBE6D1D4421715BB8B6DFA581D56EA985AB8A0E

MD5 1d4504344fd3d5ab0b30968176ca0331
SHA1 1f61f2bb6c035eeeedda86bc9db8860a51f162b5
SHA256 635c883c724e94c1cd5c6a8c85328452b1229a255633703cb36b203a0f501f06
SHA512 2e3b0225ea4c07c938297cd3eb879759f0914d1f51c6a73692442a1bb043e5cf53c618a190879f969be690ceac7cc65fc3e2906586c54d22ab3141f6a885f757

/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/039090029E64BC91E87E77199A6A6BE11FC39B6F

MD5 daee62fc3706ae6125a2d6c7a7174426
SHA1 b01ff06acae615b53e26833b9e2b08e7d96e2e25
SHA256 3d9d3c304d6fefd4ae864b2892a94cf8e062301cca72b1d787d73d37038299f9
SHA512 70e1405eb51d9ef43a2199fa189c071ba370bf9b0e7056388ef67b427369656527a581faed70d5285c1a964ce5b9c6c51e1cfa935512cc5713aa474870a52734

/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 8e911a7da83e9fb4ae1d387aee814532
SHA1 92627d48ba2b7f54f561cac86ea243e4061e8586
SHA256 aed43e9b70180ff70478cbf1bbf5c909480f2f2915c730c8e15e005d4ed34620
SHA512 9e49e8d6710f40d1a7b774cc14f2a536a556e3658c5cdceb3870e1fe6456e1f0a1395985bde928ced608cb76e05af856c8b8da7fe55009f5fdc053135743d8c4

/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/74690C3833D2639A575F70F1B38504BEF0CEDAF8

MD5 bd1b48f2a0f57229a9a99f83db66e245
SHA1 fe83456efdd725ad86271a0b5298e5d080fa4d27
SHA256 e01f343db292dca3f68f956d95c4aee2a5cefbc19d8d23fce8d9fe265374ebbd
SHA512 1f3905c7e26dc1d19a912d7daca7e4ea31c3c6671407763746af027dcd123e21abb01380a1d387797cdb2a02d8349687996d866b570809461a4b6129805992b1

/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F

MD5 b3a7c742b475635bf3985691587be847
SHA1 8f3bc1e11fb08a648faba514bd4623a65fd74bc9
SHA256 fe64e2a314ba94bc938253a737e564226cb59d6062aa2b498674a0ba81cf22c3
SHA512 0822bbc48057f6c7eeb23ab86ff96ed5476b0d3522bf331aef6acaad13b53dbaf5402e916c3e7cf423016cc95f2ae1f81c06fb93295f75cf975836b1a9ae1885

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 06:08

Reported

2024-04-17 06:08

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-17 06:08

Reported

2024-04-17 06:08

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-17 06:08

Reported

2024-04-17 06:08

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A