Analysis Overview
Threat Level: Shows suspicious behavior
The file https://trixxware.sellauth.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Changes its process name
Reads user data of web browsers
Checks CPU configuration
Reads CPU attributes
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-17 06:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-17 06:08
Reported
2024-04-17 06:09
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
10s
Max time network
14s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1648 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1648 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/key4.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/content-prefs.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/key4.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/places.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/pkcs11.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/ClientAuthRememberList.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/SiteSecurityServiceState.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/previous.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/cert_override.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/permissions.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.bak | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/places.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/favicons.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/cert9.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/key4.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/AlternateServices.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/previous.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/places.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.baklz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/xulstore.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/sessionstore-backups/recovery.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/addons.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/shield-preference-experiments.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/search.json.mozlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/favicons.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/times.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/r8d051ml.default-release/handlers.json | /usr/lib/firefox/firefox | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1729/smaps | N/A | N/A |
| File opened for reading | /proc/1670/cmdline | N/A | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1597/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/37 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1674/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/task/1755/stat | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1746/statm | N/A | N/A |
| File opened for reading | /proc/self/task/1599/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1685/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/75 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/38 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/6 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/51 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/83 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1653/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/fd/76 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/fd/73 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/1746/smaps | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/42 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1689/cmdline | N/A | N/A |
| File opened for reading | /proc/1694/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/33 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1729/statm | N/A | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1734/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1814/stat | N/A | N/A |
| File opened for reading | /proc/1612/attr/current | N/A | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1665/cmdline | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1789/stat | N/A | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab https://trixxware.sellauth.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab https://trixxware.sellauth.com]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {3cf684b7-4c69-4cc5-a64d-79aeb4d5acfc} 1597 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {3f52c00a-10c1-4716-92e1-52c2d5057839} 1597 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {60baa5ac-f1b6-4e04-8a71-7021efc62f83} 1597 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {080bd585-fae6-4a4e-b24c-23da64998654} 1597 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 28015 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {63903520-82ed-4082-96bc-471e0a5c29ee} 1597 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.194.49:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.2.49:443 | cdn.fwupd.org | tcp |
| US | 151.101.65.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.2:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.3:443 | services.addons.mozilla.org | tcp |
| GB | 18.245.162.3:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.240.56.209:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | trixxware.sellauth.com | udp |
| US | 1.1.1.1:53 | trixxware.sellauth.com | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 172.67.177.236:443 | trixxware.sellauth.com | tcp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
Files
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | bdceee9b55e0e2f6540625816a464394 |
| SHA1 | ac32b552ebdcb4cde602f5e756c4b2394d215de8 |
| SHA256 | b6e28958b15f1bc3af43afe74a3bd2fed59cb36cb52ff5136d54a17a1045e01c |
| SHA512 | f3260497354f0fae2865118fc7f83f9df08c5d6e530972ee5fda47fe18eddcdece5fe09387d8c2aa58c7b8f97005687385b580272291812a115af058fc84a82a |
/root/.mozilla/firefox/r8d051ml.default-release/times.json
| MD5 | 4dd09f0e1eec893800ec7df273cb3a63 |
| SHA1 | f4868380a5cdce2177e4dccc39554ed631db9e06 |
| SHA256 | f3a61458f661899aca8e5097ae787b776bcac70dbe444667e108794e2044f872 |
| SHA512 | 2de1a0f3414b119c585ada2053f084ea53d0917f631e61e8e1c31eabffaff350920bdf947f26549ecd3e10179d7719b955a8a136e2395745207b34c5765ebbe9 |
/root/.mozilla/firefox/fxids9td.default/times.json
| MD5 | 45a3a98bf6315add18f3b1f0f39c3829 |
| SHA1 | 57c84580bd72308b6d56585d7414cb32b2b5fb02 |
| SHA256 | 1034ad83021e249e44d5404a2def71f85ce68532c8747c063434b3e4f09546fb |
| SHA512 | e794f00d1dc0fa7181894f284158a1266f549d9d827fbb02f754b89ef6195cb77d9b5e7bcaa9320bbe7397a880523493f8040554d8bc345eef29142ffdf1883b |
/root/.mozilla/firefox/installs.ini
| MD5 | 67e794ef63869c1c32f8473300d79376 |
| SHA1 | 38fca196ed54a67ff6b03569c08e0cda62427bd3 |
| SHA256 | 5acbda94feb3d040485312a5cd2196279c1756de5cfeaf40e83e69e0d8417f78 |
| SHA512 | 5e149673e122e1da25f31d53538ff0adf095cbdd57863f4cc6cb507e8a305439b634ebbe888b7f73a2498202a958428b9aa68d906882c499e02048d303020727 |
/root/.mozilla/firefox/profiles.ini
| MD5 | 78fc2b64be6f8dabb49f04dd5f0fcb16 |
| SHA1 | 911b8918be473fb8321c7972216d8eafbbb92138 |
| SHA256 | f93574b250af1d960c32ce773b7ccca564c3202e40d205f5b94ce78be6cf2370 |
| SHA512 | 69a5579d82d21584964cd6284374e38a3a43a397f4df04ce1a5a14d5aacdc5fc52d93f75d12399022e0b1d89ee0e8146e19af512293232339f0f567f804655e7 |
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | e7ca9e918836419c25bf6c3d955ae13e |
| SHA1 | 90ed5da5db0e4609969a9db0b5b350f70545a82b |
| SHA256 | b9f874d698f2a13fe209560bf775afbf225a0475eba31244c95017b3a6241c8c |
| SHA512 | 01ee0b35fd4ed21248f74fbe93aecd954d7408a62dcdb1ad745151976d2d3c8fa05b6d40da8b1bc4cd7e8a4e31ae8a457c5b08bf601990d31ceb1a9e22d5ba4e |
/root/.mozilla/firefox/r8d051ml.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/r8d051ml.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/r8d051ml.default-release/prefs.js
| MD5 | d0308c888a19beb998fed4ad37b72408 |
| SHA1 | 7514812ebf70ed670d70e71a04469ce10a7737a3 |
| SHA256 | 9d42ea1fa111f5005a77f87c8627eb095356a030f1718c1fedca142f5f455462 |
| SHA512 | d59b26b7fe6e759031d0e2ddd674e710ae956642d2e8e989f2f3896d792aaa2de46c4d4a300ef83294bbe6009cb389a89ea236d9c5dafcf80245802d699f4e0e |
/root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | f9232ecbaed4c763cb2d8659ff4833c9 |
| SHA1 | 6b036c7f038f345f08abd0c831fe7ac3b56b82ea |
| SHA256 | 20a918f2a63abacb198b2a4c61bf7a5ae31a8687956d284809ebd13188236a2d |
| SHA512 | 8062be023b5ddeebbd5a339f49d26eab6943528b4a5fba4d1ccf2152ca503ec57f10abaa36847087b234491547d513193155d3cff7e44a69d113b18e62893339 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 9eab165c6580faa8d0c8714ba6ce1a67 |
| SHA1 | 51d8c1c0e622c61e4841865c089c52175dcdad66 |
| SHA256 | 23788584696a30ad9ba73abbc398525425f2d90ce54004151cd4bfc057e281ea |
| SHA512 | 62259bae0f0e7764059a11db10f18e74e1680e65aa0a7c011707457b5e9c3e3516edfc9d0499e234ae7aebf790e29b92c940abd7243df81367cad4db9df8f064 |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | 0592d1f9e8e745586143bd245f1f33e8 |
| SHA1 | 78938ed0ccf58b83b9aad31f18d6c15af7ca0449 |
| SHA256 | c8e2cca6bbeb7e7bfabe72ef1f358c94d2ba42fa4de79c3787f606c49792a214 |
| SHA512 | 6525b082344afce66f18bc8a23413946a970ddf28e5729f2f0d5ff1dd2647537542a9ccb38672d1d8766d992a18b1fff09879230e0ef1baa15eb88f741e1eefa |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 79330e650840c2442f06bff20f1b1fa4 |
| SHA1 | 28c5d8c8692696cd108b0247c0043ed7f1c168bd |
| SHA256 | 63ce8b7f296eecdba038baab6fb1bb17d3d063b20afe1e532beaa2d0525f0460 |
| SHA512 | fbfbd733e8d854c2a292b2886f3d46adadb5b2912a8fd99943d4b54f9f411310d335594327f9b182f084f391a58b23c26decbbe6ea4da2753589c9149e857a3a |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | 8362c2dba19113652f553bc9dfd1ae12 |
| SHA1 | bb3e5be31e39551062e1886225f0c5f69bf29002 |
| SHA256 | 8b97ca2365fb1734b8414c7f75931b283ae196f46bf5d5a626a014fab44c9df9 |
| SHA512 | fd15fa7591d64f7bc035731341398ae2987d44fc70bb2c16455e1ab4959c5573251a7112a6b38030d65588684f14b94a756d3ad5b75edd59abd10e3c93794430 |
/root/.cache/dconf/user
| MD5 | 441077cc9e57554dd476bdfb8b8b8102 |
| SHA1 | 3f29546453678b855931c174a97d6c0894b8f546 |
| SHA256 | b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2 |
| SHA512 | 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8 |
/root/.mozilla/firefox/r8d051ml.default-release/permissions.sqlite
| MD5 | 232fbc22dd03a8ec41edde02bdbea61c |
| SHA1 | 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6 |
| SHA256 | d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0 |
| SHA512 | 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892 |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | 0e7bf3a0e05867dee197638c0c0823e2 |
| SHA1 | 49784d86427258f206f491e1151021edde956a53 |
| SHA256 | 2a55694878e040e96580d4a40ed2b7c3438ccf6e3ce4007aea3ba53a72bcfaa7 |
| SHA512 | 03d4a1f7b49ed72782ec074f638c06ead74374a5ee3dff2bd44da64227709fa1ab1d71761259bca97e4f8425b5276c0ebee56b608299dd8bf6645b0a61c1639e |
/root/.mozilla/firefox/r8d051ml.default-release/times.json
| MD5 | 293a42d53977796a6cd3281f14b9e3af |
| SHA1 | b96a6acaff31b0695570f020fab7439e641b8b3e |
| SHA256 | 67515d79ccca57b853e4b70e5fc421faf2b79fe20ce912c24b6ac39da0cdbb63 |
| SHA512 | eca95b2a636e47b6a15cfc53de93731802910c85b119622fae18f755b0e17d6da15d00c638fcc7033a5fbf61a0cb6363600c476a99f1308fad2dc78f0f49aba9 |
/root/.mozilla/firefox/r8d051ml.default-release/cert9.db
| MD5 | 8f6faca963263c3ef666e52f75998328 |
| SHA1 | ade2313bf7078d4e93733cd626c58c80dd972223 |
| SHA256 | 1d987869f6b8347d966bbdf58f6be8ea65119081c05d5fd9dbfa9bd31bf0b305 |
| SHA512 | aaa46077308a69bca2ba9a064fa314eba54e448d35f46332d033dbb823542f0a298b3824f1fdffeb281fd3dc51baeea626eb0ba4551dc7d57e24a318ea3c1cca |
/root/.mozilla/firefox/r8d051ml.default-release/key4.db
| MD5 | 4a8c3418f9cb11778e05be4d32daa6fc |
| SHA1 | f1a1f362fd4da93552f39e62714f0ea3fac4cae8 |
| SHA256 | 084ae99de22e9c46d7f955b94c417f46c4d553ec89b525bb8a10e60982c940a1 |
| SHA512 | 0e027003c105e5643fe3c285a8f599d75e0ec907e8b8d1e56f5423ef8e1f479f15abf85e69bdc6824f39539a5eaa65185c064358314a8fec7d55b6da3538f670 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 759544297aaa61f5fef8ee42d0ae4393 |
| SHA1 | fc2d66f6e60409e3e8d38623ce5f817fc7f571e0 |
| SHA256 | 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5 |
| SHA512 | 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | b13986b3923d7c770680f4947cbe7192 |
| SHA1 | 5dd4da311fa35b81fd57cd51594b836af429ec5a |
| SHA256 | 9afc013cfb83c647ab1570189da257c0dc61560c77e2d17d5474fd7d3ced358f |
| SHA512 | 2d0ff37b90ca20ddc972bd5993069df83ed8a6db23740d521d3ce0a3223d1180a0a7f6163787bc905b4296ad6c29a68ebd690e5d5cb0c1e4c36b522a3145d3c4 |
/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | e0567b5edb7e988afb1b324431e48ddd |
| SHA1 | 6a410b67613e50dad59dde8098fd6a4c6a985323 |
| SHA256 | 6bc91c966878ede790e4588fab2a5d27fbc1ebe29f4acd7268d20be0b575b547 |
| SHA512 | 4ee59cdaec7f995c3f4916f0a6cf07b2f123573f9f0c8e3b3aa968b3912c0fcf64de396f86f3cce2719edac641e0bb44cbad0a2a1e3854422875b6de314470c3 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | dd3f6ba37c670af5953593535e435d04 |
| SHA1 | ecfe4e650a050bce77e8ff7468de04c1b8acc9a4 |
| SHA256 | 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561 |
| SHA512 | 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3 |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | cfc7328b2507898e94b3f712c13d980b |
| SHA1 | b10caa2f90682d44c7d0378352cb3f9f35406018 |
| SHA256 | b36310a6ba35207d0410491bb00826a1cdec9860bb1868a92c0ec87cd078f974 |
| SHA512 | 784fe737f8aa0ac379e4267c1972ed8db0d9ba11ab94caec905cc604aeb9228cb4234e744d0f701234af53cef44036a92b81b943061c5ff8d907c81489b3219f |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | 06849f75a7ac3bdb1f2955d20234b7b4 |
| SHA1 | f6846f89b032cde5f206bffe6fc5d2194738714e |
| SHA256 | 57207850873465e889fa3518788af2a725e6c71258888031f894973fef1d420c |
| SHA512 | 67e4b2a5532ac7dae79e7cfd4bd649c7db915be4c648b509394bb40e5080c87e04413b8b9c14f3abda98cd163e8f495a6698cc1d98fe572d9c7592d8fec7cefd |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | 544621285d91f000bc055d373039544d |
| SHA1 | feba19fe8618bd9b184e576fdc6fc850c69e0179 |
| SHA256 | 4a812bd07fa764adf4851221b88a184f024226b1e2ac374fdc6d0a398b4d9c8b |
| SHA512 | d0cb76f3a53cad9a4ba26495225a60b565beb23ab9649548cabdf53c7ecbf5e606ba8774dd8a907bb8085a2c18536f4424448a9bbf75cf0bc0f1193045dcb414 |
/root/.mozilla/firefox/r8d051ml.default-release/cert9.db
| MD5 | 71e60de4f979c38014c4e078bccc31d0 |
| SHA1 | dd0405f933f40b8baae28595b7f9a830cad31c36 |
| SHA256 | b2f5fb478c274593b147e36f9ff2f8b4fd0c0d554144c4b3f27d811b49d241ea |
| SHA512 | d78c6ad23320b5bf91a51255d3f716f21137324041d8c6c62178e05d7e54a7a1aefbbc2c5d94c41d1c7a33c0d1c0044091c82cb39c4ac47ee2fbb0762055b30c |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | a4b0199b37b0711b0b67d877d3e7a3fa |
| SHA1 | 10deea047efebc0129095530fd3e44d619605d4f |
| SHA256 | cbdb94b0dc959d1bed23e13a1351dde5e06b8b50e6ef69599e641ef379abf249 |
| SHA512 | fbb2aedfa7a43659d40880b097f06ec6fb28854b7697e0be02a2e1617c6117de4f2c11f88358a680f31ced8102e1eaa07720d80b878b3a37ecc1761475905740 |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | 50a0d56b5cd3159261df36144648c864 |
| SHA1 | 0f4d396e7bb0de8e8a8d86b50da7f35feb494295 |
| SHA256 | 321e03af7c71f112ca81d82476d0f71a4702bae712f9335480617f5dcfae0a10 |
| SHA512 | d14128af3754c6b84b737732ca7cd0241803762c68bbef21717d1c60308a9b144ef67e33384391cd8cbebdd5d1ca1c0c717247e51bad8dbc889a2cff22976ec5 |
/root/.mozilla/firefox/r8d051ml.default-release/cert9.db
| MD5 | ab942c47ebef442ea0f2fb750e53c1a9 |
| SHA1 | 13c1c4c8b6a92c5a11f442313c9127e6b75ec082 |
| SHA256 | b198cf201b843e61433ac29bf3caecd5a182c2dbc575cb8601a982ff8e42ad6c |
| SHA512 | 99debe430f46c5b1a2c8421a3c8d19f378b057e644b4254ab40ecd049fbe3bbae161243d17cf762a09c214a13fface3d7dc89024c298f9f876808aee14c97381 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | a8dd7ebaad5528b23f82ccb1534cea18 |
| SHA1 | 600daceacfb5cf9df0b66ba7dce4516b2ac4df70 |
| SHA256 | e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec |
| SHA512 | 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | 63b808c619acc3f958328f8d8a124e2a |
| SHA1 | 7ee94cdffc488229c0d240e5bb07b77c6a6a6f0a |
| SHA256 | 3adcd78d4ef49d33fb83ddade9a8376879c921b6bb762fda81201adafad48eb3 |
| SHA512 | 55a514ce9e39517b965fa5880f742cc419b0bff749c13c5070be088724d5dc937e0fa8e3f0ffa46e1e8013114d0cdded8940db72c781fb783f6128216068c40f |
/root/.mozilla/firefox/r8d051ml.default-release/cert9.db
| MD5 | 40c8dbece3b277a76568c28dbeba62d8 |
| SHA1 | 417c4cb01d33aee8566b98c256262def06859026 |
| SHA256 | dbe39381720c651d6ee87dc825ea723ad0271a13f4fd6d8f5e4196f4d6952e1c |
| SHA512 | b0a6d4764958f86105929020ec3154a1c810052f4408da960d787be407f87b1c38e5ca10cfdd1591eb8a01c7d77e691bf9d3e74ddb8983d7a6af4ed7e819da41 |
/root/.mozilla/firefox/r8d051ml.default-release/prefs-1.js
| MD5 | 229f6d2f22a1e5c04c64a2c9bb0a2d64 |
| SHA1 | 8e232596dcd5f5b7c2cf5963aa3bf28dede9006d |
| SHA256 | 4ab176f3546da76b5058a8f2a154dfd40fa7763777cfc69eee19e87363f1eb38 |
| SHA512 | a610254be0cdb1b5cdac398eecfca70a7e95d630681d00738d00865092e0e1a162b0d24c36907d5ba5cf842194b6037ebc93af6c4ecbac03ab9c78fdc8383389 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | 7352c8848e88edc39b7fb5e663888187 |
| SHA1 | 8c3dffe25cc56c7aec1b782292d6fceed81e6304 |
| SHA256 | 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a |
| SHA512 | f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280 |
/root/.mozilla/firefox/r8d051ml.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | 231745363f375c15c860931164164960 |
| SHA1 | e1ebb129114a0f02e70d8ed0f419bf3331a4bfca |
| SHA256 | efa4d022fc9634fb5eff8dab603e81525054cb276c4e8e9fae11b40d53f9e172 |
| SHA512 | 277b0cc0d58e121fed19f1d22400741ddf5d7c291d064196b7a9a531b80ec151a538fa92ab88c6ddd5751b895348779fceeb64ba8ba3a92b2541df1600c4f4bb |
/root/.mozilla/firefox/r8d051ml.default-release/places.sqlite
| MD5 | 7f4230f35c3f6b74e78f091b3db1d088 |
| SHA1 | 7c7d73e01129cd5c017c0417dd91eb80046c05d8 |
| SHA256 | 3fea1f1a3f531d31249a4760bf62466e13291b0422bfc314f3c6364ce7c2e4e5 |
| SHA512 | f6d629db70776087e533c0580a83c2206a0d9652d2e9b0e9f228a83362f4f0f9623dbd2b90a5bca775060e33ba32d1a4f4d6f80fc592c765a86690cd1d396f45 |
/root/.mozilla/firefox/r8d051ml.default-release/favicons.sqlite
| MD5 | 3c0a1ec298284608bfa51081ea539be3 |
| SHA1 | e51b58f6fe89d45fd8a1d935b51da172d5f6f32e |
| SHA256 | 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2 |
| SHA512 | 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f |
/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/FEBE6D1D4421715BB8B6DFA581D56EA985AB8A0E
| MD5 | 1d4504344fd3d5ab0b30968176ca0331 |
| SHA1 | 1f61f2bb6c035eeeedda86bc9db8860a51f162b5 |
| SHA256 | 635c883c724e94c1cd5c6a8c85328452b1229a255633703cb36b203a0f501f06 |
| SHA512 | 2e3b0225ea4c07c938297cd3eb879759f0914d1f51c6a73692442a1bb043e5cf53c618a190879f969be690ceac7cc65fc3e2906586c54d22ab3141f6a885f757 |
/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/039090029E64BC91E87E77199A6A6BE11FC39B6F
| MD5 | daee62fc3706ae6125a2d6c7a7174426 |
| SHA1 | b01ff06acae615b53e26833b9e2b08e7d96e2e25 |
| SHA256 | 3d9d3c304d6fefd4ae864b2892a94cf8e062301cca72b1d787d73d37038299f9 |
| SHA512 | 70e1405eb51d9ef43a2199fa189c071ba370bf9b0e7056388ef67b427369656527a581faed70d5285c1a964ce5b9c6c51e1cfa935512cc5713aa474870a52734 |
/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | 8e911a7da83e9fb4ae1d387aee814532 |
| SHA1 | 92627d48ba2b7f54f561cac86ea243e4061e8586 |
| SHA256 | aed43e9b70180ff70478cbf1bbf5c909480f2f2915c730c8e15e005d4ed34620 |
| SHA512 | 9e49e8d6710f40d1a7b774cc14f2a536a556e3658c5cdceb3870e1fe6456e1f0a1395985bde928ced608cb76e05af856c8b8da7fe55009f5fdc053135743d8c4 |
/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/74690C3833D2639A575F70F1B38504BEF0CEDAF8
| MD5 | bd1b48f2a0f57229a9a99f83db66e245 |
| SHA1 | fe83456efdd725ad86271a0b5298e5d080fa4d27 |
| SHA256 | e01f343db292dca3f68f956d95c4aee2a5cefbc19d8d23fce8d9fe265374ebbd |
| SHA512 | 1f3905c7e26dc1d19a912d7daca7e4ea31c3c6671407763746af027dcd123e21abb01380a1d387797cdb2a02d8349687996d866b570809461a4b6129805992b1 |
/root/.cache/mozilla/firefox/r8d051ml.default-release/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F
| MD5 | b3a7c742b475635bf3985691587be847 |
| SHA1 | 8f3bc1e11fb08a648faba514bd4623a65fd74bc9 |
| SHA256 | fe64e2a314ba94bc938253a737e564226cb59d6062aa2b498674a0ba81cf22c3 |
| SHA512 | 0822bbc48057f6c7eeb23ab86ff96ed5476b0d3522bf331aef6acaad13b53dbaf5402e916c3e7cf423016cc95f2ae1f81c06fb93295f75cf975836b1a9ae1885 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-17 06:08
Reported
2024-04-17 06:08
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-17 06:08
Reported
2024-04-17 06:08
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-17 06:08
Reported
2024-04-17 06:08
Platform
debian9-mipsel-20240226-en