Analysis Overview
Threat Level: Shows suspicious behavior
The file http://dualstack.p2.shared.global.fastly.net was found to be: Shows suspicious behavior.
Malicious Activity Summary
Changes its process name
Reads user data of web browsers
Reads CPU attributes
Checks CPU configuration
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-17 06:32
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-04-17 06:32
Reported
2024-04-17 06:33
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-04-17 06:32
Reported
2024-04-17 06:33
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-17 06:32
Reported
2024-04-17 06:35
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
3s
Max time network
37s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1694 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1694 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cert_override.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/content-prefs.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/search.json.mozlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/permissions.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cert9.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/ClientAuthRememberList.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/xulstore.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cert9.db-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionCheckpoints.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/handlers.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/times.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/pkcs11.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/key4.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/previous.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/previous.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/addons.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cert9.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/AlternateServices.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/shield-preference-experiments.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.baklz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/key4.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/SiteSecurityServiceState.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.bak | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/blszmboc.default-release/key4.db | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/task/1809/stat | N/A | N/A |
| File opened for reading | /proc/self/task/1851/stat | N/A | N/A |
| File opened for reading | /proc/1583/attr/current | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/94 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1599/cmdline | N/A | N/A |
| File opened for reading | /proc/self/task/1667/stat | N/A | N/A |
| File opened for reading | /proc/1665/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/42 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1718/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/76 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/34 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/51 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1742/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1733/cmdline | N/A | N/A |
| File opened for reading | /proc/self/task/1786/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/37 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/46 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/75 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1833/stat | N/A | N/A |
| File opened for reading | /proc/1578/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/38 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1697/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1780/smaps | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1713/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/1722/cmdline | N/A | N/A |
| File opened for reading | /proc/1780/statm | N/A | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1737/cmdline | N/A | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open http://dualstack.p2.shared.global.fastly.net]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox http://dualstack.p2.shared.global.fastly.net]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox http://dualstack.p2.shared.global.fastly.net]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {1ad0b06a-c7ff-43c9-9ce3-e17d34a18334} 1665 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {a230b9d7-318e-429e-9364-d3b19108e7fb} 1665 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {9f49044e-498a-42f1-b59b-e9ce49f1367e} 1665 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2e720d94-fa0b-48fe-9cb1-a7982c5138b7} 1665 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {3b9d86d4-de75-48cb-b442-0f6106760cf2} 1665 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.130.49:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| US | 151.101.1.91:443 | tcp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.105:443 | services.addons.mozilla.org | tcp |
| GB | 18.245.162.105:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.240.56.209:443 | location.services.mozilla.com | tcp |
| GB | 89.187.167.5:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 151.101.194.49:80 | cdn.fwupd.org | tcp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 89.187.167.2:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| DE | 13.32.119.185:443 | www.mozilla.org | tcp |
Files
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | afe69a3ece2f5898172ef5d9bdc4107e |
| SHA1 | 45223af5b4884c43beb78a1f97d0085479f73ad3 |
| SHA256 | a7b5a056c481f8814e8b344bf6120630fc6b18ffbc72ebca76e8a0901e4ffe68 |
| SHA512 | e33327af76b7acaf82c185f9bed47243dcdbc8d648f673a70e10be764190595c0738971a4329f40a242b016535f224fcae5b80c84d74399d84a54682aaeec472 |
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | 541b7099b727943fd73c8d22c70bb586 |
| SHA1 | d66698c332ec9e0ef262f21e8431ab56b5226325 |
| SHA256 | 299b94f82addc2af697d3046f4a1c308976faf2c192540a8e1ad998732c872d4 |
| SHA512 | 4b9e71643a05b5cc79575e72f24984cf74b187dbc053eead98080431b35f7dce931e01902c48a381d99fa0bb15ad4cbd61c85776deeae710ddb3f7da9c58307e |
/root/.mozilla/firefox/blszmboc.default-release/times.json
| MD5 | b6001df511402db1db28438a7377820f |
| SHA1 | 9d39e252075a3f3eb24bdedf53dcd826e6c71b87 |
| SHA256 | ba0ef16cadff4acd8c557e2b32d9031c9f2f477db6353202de729d14f65baae5 |
| SHA512 | a9080d60fce645465f31baea13c4ba461dceda2f13a7da0f20474e75c32c56237e3f96494d581b487e4685ca359df50ed8ad89b0e3d6421134f1358737f0de06 |
/root/.mozilla/firefox/installs.ini
| MD5 | 771a36cf27d1e4d6f2414d777c6839fb |
| SHA1 | fc4b9164a097ce855e3d41e90483e2ddf835468b |
| SHA256 | 50223383f607b0424b99e3a026ffedad463c85551973c2f027130363f7cf3369 |
| SHA512 | 9f916c2bbbc183b8eeebc5afc976f98f0d4d8bb999ebac2cc4a3594436577d6cefaf1fd57c32d45dbe7330cee22044da17eb24de240ab058ed3c4f1146019381 |
/root/.mozilla/firefox/profiles.ini
| MD5 | 3dbaabd134162c5b168e8c36cb8064fd |
| SHA1 | 6c114b3047a962c35c3499890622935b99342162 |
| SHA256 | 84da937368430983767f3fdd6cd84c5e1bb4c170453cca03df17c2644afc17c5 |
| SHA512 | 45f2fa8e1af4bfb98b6612fa0aef8a6635cbcf2bc077139751e3c13a0cb87117fc7bd15a53ef792720b049a1ad7a8afb602a7530c30e5a2cb8299963b55b8920 |
/root/.mozilla/firefox/blszmboc.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | 0b16ee57f288d886161818804e482c3c |
| SHA1 | aa7d7c8e308363993aaab63cebc4eb4170e4f0a2 |
| SHA256 | fecace645eb04e5a6dc144b32304cb8f6afa00716e1c53cd539710f09bf24ef0 |
| SHA512 | 25fe575e703d7960bbccb43521b8e04ecc18d8aed2648af50410bf7faa2c4fbf0580e9db8e3c0fffeedebcbc2f0ab1ee28b66e2706c5378b544590bad9dcccf2 |
/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | fb9509d0f061a509a1e4defa9529cd93 |
| SHA1 | 5fa9d65a78587f94e417747f69da089b65362f3e |
| SHA256 | 58d0d6716fd43a53528e78ee32d2a1d592190e3ccadd4a64ddbd2d27074db271 |
| SHA512 | cdac1b616121b9a559ee466b99354f359e6748da1698110575b0a02820396b14daf031549e6a651f31a29aa41eb3db04b077bc0192c6597d4063edb4afde4783 |
/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | a655f0d42fba2dd4cbb32e1f0e578646 |
| SHA1 | cd2f283040b20842edd1f586076b0305d7fc36e4 |
| SHA256 | dfbc2689fae0716872de5e42b6da84d43e7119983c5ca8c3c05afaec54bed025 |
| SHA512 | c96bcb9772c9b7883a54412d035069b6922070b9f054ffb096921dd934b0c58293cde481543af00a965c6ce1881ea14aad52c2bfe611bd3ccb0d4830e0c9f1fc |
/root/.mozilla/firefox/blszmboc.default-release/prefs.js
| MD5 | 01f50e4b3f07562d2d5ea98072cb2d76 |
| SHA1 | 0e92f01d8bc3a87e2a42d249e0b1ad221a340835 |
| SHA256 | 79ce40a9290fe14c6d6f6f8cb990c184d34cbdfb32e4feb7f3ac66fc9cd1e110 |
| SHA512 | 693ae467cc190ed6ba8575c59f2c297879685ba2ee802df006b8fea91a051071444fb3bb77670a07f1131a7aa31039d6e9d4b44904a6c1ce4d9c2ce51e8921a6 |
/root/.cache/dconf/user
| MD5 | 441077cc9e57554dd476bdfb8b8b8102 |
| SHA1 | 3f29546453678b855931c174a97d6c0894b8f546 |
| SHA256 | b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2 |
| SHA512 | 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8 |
/root/.mozilla/firefox/blszmboc.default-release/permissions.sqlite
| MD5 | 232fbc22dd03a8ec41edde02bdbea61c |
| SHA1 | 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6 |
| SHA256 | d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0 |
| SHA512 | 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892 |
/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js
| MD5 | e7fc003bd009f390045072d8558fc078 |
| SHA1 | f65ee60bd7949a2f1282839ba0476f1596b26993 |
| SHA256 | f62b0b6acf4e6ded877f07902184a02d7114c470ab7c63257ae3dc614816f6c3 |
| SHA512 | 55519fa7d58259ca0dae2058c7d45d66d5b8eebbeac5dabd25caefc8f1b7bcfbf590de40329f681626954fef422bc57bccc5c6b4e5b7e3e8752fb7c1f999e3df |
/root/.mozilla/firefox/blszmboc.default-release/times.json
| MD5 | 04b3e195252d1c31ed61813cb728749c |
| SHA1 | 6bdb7305f8e9feaba9cad8353d307b68d7f1e15a |
| SHA256 | 15cf0d2ceca6e480576771728f603f47b0c19036483b70017c1f40954c0ad96a |
| SHA512 | d012e53f5bd33da15e16c2ff60b3929f7b164b5b5fceb1734e2624ff47932b7190b9f3d1d91e9ef0a6b2b7d66f788f29e367b22ca1467b1bd0a77ea6216be027 |
/root/.mozilla/firefox/blszmboc.default-release/cert9.db
| MD5 | e9d7d9fbd1e03bed9f8426763263d838 |
| SHA1 | efb548590a37d8b0f507b1fe1a509c3607974501 |
| SHA256 | e4ca1ea6d9608078a2493e16db3ca6e8e0c95e75fb23c8847cc1a55825d6e3a9 |
| SHA512 | 6122547b4fff3dcd11f28ba03aeeb689c404986e0573d86764af820977fa90d188119ea32f9770e88efd89d50b0bf03c20ca4b73267ba4c0ed11a6c455447fc7 |
/root/.mozilla/firefox/blszmboc.default-release/key4.db
| MD5 | aecc18749c912ad4dae5b53459c6f26f |
| SHA1 | 2ce933ea1b39a75d9dfa237119725756aa5a099c |
| SHA256 | 44746c402cb433dc4d6ab5541bfbdc0ac42dd24f71e7d5a02ace594814e64a94 |
| SHA512 | d0120346ef4a38bdfc30805a727b35786b610195a4a798774eaf9892a16992cfc653181592e6fa255fa93c6e9abc3e302ba5c4071e2f1788b9a60fb10dc4f871 |
/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 759544297aaa61f5fef8ee42d0ae4393 |
| SHA1 | fc2d66f6e60409e3e8d38623ce5f817fc7f571e0 |
| SHA256 | 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5 |
| SHA512 | 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f |
/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 71bb9ef3fb2fd6f962e1f276b7304070 |
| SHA1 | 9ee5eeada058037f89414d2cb1824c9864747c3e |
| SHA256 | d32cf0e17e1f520aa72d37caafa98411545dfe9d7efbea2bb672e93487fbd9ee |
| SHA512 | 88a7ea740b16ebe79795032d391dcb0dd253bd8a06c28a88a29f6d3a8cb6df8e617c079790b6b72364bfb1ee2dbf90c1233db7fa1546d5f97fabd8e5833f776f |
/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | dd3f6ba37c670af5953593535e435d04 |
| SHA1 | ecfe4e650a050bce77e8ff7468de04c1b8acc9a4 |
| SHA256 | 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561 |
| SHA512 | 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3 |
/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js
| MD5 | 502fd3faba10bcbcce0af0809fe008df |
| SHA1 | 653eb8d34dc5990505060d1da20d538f804bc838 |
| SHA256 | c4c43871b3890efb0f8d057c0990ce31bba3f4ebf51177da2c6fcfcf8c2b1152 |
| SHA512 | 0b04a80e5429cb49d3c2aacab50c0196d12103398da1c80139ef682b19d9962a49aefa5558f6e523eac000c265b412bc00a4a638313c76511bc70b60a90e0689 |
/root/.cache/mozilla/firefox/blszmboc.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | ce833ef1526dc63efa3eb56e61711d89 |
| SHA1 | c461ad2a9385fdeeb5c5c82cc6e7c82f5f1036f3 |
| SHA256 | ca6b57efe07afee4b9e86f8ff980c34420428e9b8e28e9d034fc7ade14683d5e |
| SHA512 | 9e2e43e4f10c6cfe12ae25f0f304646781505227ded67698b5d194425beec28ae46c556f0dc4b1b4180fa15496a9c3c41339c27f49cb67038c62c9e0bd954c00 |
/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js
| MD5 | ca6d22d802b5f6eff4da615c51ac2f0d |
| SHA1 | 4673241b7cc811bacfc7fccdd122828ebf9531e6 |
| SHA256 | b1fd76722e508a59b33fa89f2c6a5cfce7724e6a4d69978a4b309420d68185ae |
| SHA512 | e4daef264df8f21fc1195ca2266edb937b794a22768daea64815d604c319734638e10dccef112a25f3726e7c9cacc9e565a89bfdabadb88756e38ae72203691b |
/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js
| MD5 | 6884c1137f81e6fa519f5a5e50fd903f |
| SHA1 | 6d5a30673a41fb0f3f8fedb39de411d967fff639 |
| SHA256 | 0c21778a61a4f23da5d090a0e4e07a38928ef011e923bd5cba035b800aa65538 |
| SHA512 | 4b1d0814e9808f60656023cda3be6962ec6c3847dc5955c15036ff6b03c2d47988f03ef8b58a132dc6c443365e90a5321d330fb5f02cc7c2019a61587ba0e5bb |
/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js
| MD5 | b789a466da73bf4e3b511abab909c94e |
| SHA1 | 95a2b68d331407de97782736036063c38ec2ee22 |
| SHA256 | 891d69259a009109d32a35ecf745757a0095b9177053a0be6fdfff7408036a0e |
| SHA512 | 52fba6b383cfdf946653ba6e1bcd346e4d15aef5bdf9d68383a370c6087fc6e52750f9acad6b0e217f0bd502fdb4f00109634e0517882110921f35255f97a78f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-17 06:32
Reported
2024-04-17 06:33
Platform
debian9-armhf-20240226-en