Malware Analysis Report

2025-01-23 15:26

Sample ID 240417-ha51ysfh68
Target http://dualstack.p2.shared.global.fastly.net
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://dualstack.p2.shared.global.fastly.net was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Reads CPU attributes

Checks CPU configuration

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 06:32

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-17 06:32

Reported

2024-04-17 06:33

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-17 06:32

Reported

2024-04-17 06:33

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 06:32

Reported

2024-04-17 06:35

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

3s

Max time network

37s

Command Line

[xdg-open http://dualstack.p2.shared.global.fastly.net]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1694 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1694 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/content-prefs.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/previous.js N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/blszmboc.default-release/key4.db N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/task/1809/stat N/A N/A
File opened for reading /proc/self/task/1851/stat N/A N/A
File opened for reading /proc/1583/attr/current N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/94 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1599/cmdline N/A N/A
File opened for reading /proc/self/task/1667/stat N/A N/A
File opened for reading /proc/1665/cmdline N/A N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1718/cmdline N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1742/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1733/cmdline N/A N/A
File opened for reading /proc/self/task/1786/stat N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1833/stat N/A N/A
File opened for reading /proc/1578/cmdline N/A N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1697/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1780/smaps N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /bin/sed N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1713/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/1722/cmdline N/A N/A
File opened for reading /proc/1780/statm N/A N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1737/cmdline N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/xdg-open

[xdg-open http://dualstack.p2.shared.global.fastly.net]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/grep

[grep -q ^file://]

/bin/egrep

[egrep -q ^[[:alpha:]+\.\-]+:]

/usr/local/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/local/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/usr/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/sbin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/grep

[grep -E -q ^[[:alpha:]+\.\-]+:]

/bin/sed

[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]

/usr/bin/xdg-mime

[xdg-mime query default x-scheme-handler/http]

/usr/bin/dbus-send

[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/bin/grep

[grep = \"xfce4\"$]

/usr/bin/xprop

[xprop -root _DT_SAVE_MODE]

/bin/grep

[grep -i ^xfce_desktop_window]

/usr/bin/xprop

[xprop -root]

/bin/grep

[grep -q ^Enlightenment]

/bin/uname

[uname]

/bin/sed

[sed s/:/ /g]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]

/usr/bin/cut

[cut -d ; -f 1]

/usr/bin/cut

[cut -d = -f 2]

/usr/bin/head

[head -n 1]

/bin/grep

[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]

/bin/sed

[sed s/:/ /g]

/bin/sed

[sed -e s|-|/|]

/bin/sed

[sed -e s|-|/|]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/which

[which firefox]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/cut

[cut -d= -f 2-]

/usr/bin/firefox

[/usr/bin/firefox http://dualstack.p2.shared.global.fastly.net]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox http://dualstack.p2.shared.global.fastly.net]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {1ad0b06a-c7ff-43c9-9ce3-e17d34a18334} 1665 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {a230b9d7-318e-429e-9364-d3b19108e7fb} 1665 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {9f49044e-498a-42f1-b59b-e9ce49f1367e} 1665 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2e720d94-fa0b-48fe-9cb1-a7982c5138b7} 1665 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {3b9d86d4-de75-48cb-b442-0f6106760cf2} 1665 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.130.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.105:443 services.addons.mozilla.org tcp
GB 18.245.162.105:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.240.56.209:443 location.services.mozilla.com tcp
GB 89.187.167.5:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 151.101.194.49:80 cdn.fwupd.org tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.2:443 1527653184.rsc.cdn77.org tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozorg.moz.works udp
DE 13.32.119.185:443 www.mozilla.org tcp

Files

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 afe69a3ece2f5898172ef5d9bdc4107e
SHA1 45223af5b4884c43beb78a1f97d0085479f73ad3
SHA256 a7b5a056c481f8814e8b344bf6120630fc6b18ffbc72ebca76e8a0901e4ffe68
SHA512 e33327af76b7acaf82c185f9bed47243dcdbc8d648f673a70e10be764190595c0738971a4329f40a242b016535f224fcae5b80c84d74399d84a54682aaeec472

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 541b7099b727943fd73c8d22c70bb586
SHA1 d66698c332ec9e0ef262f21e8431ab56b5226325
SHA256 299b94f82addc2af697d3046f4a1c308976faf2c192540a8e1ad998732c872d4
SHA512 4b9e71643a05b5cc79575e72f24984cf74b187dbc053eead98080431b35f7dce931e01902c48a381d99fa0bb15ad4cbd61c85776deeae710ddb3f7da9c58307e

/root/.mozilla/firefox/blszmboc.default-release/times.json

MD5 b6001df511402db1db28438a7377820f
SHA1 9d39e252075a3f3eb24bdedf53dcd826e6c71b87
SHA256 ba0ef16cadff4acd8c557e2b32d9031c9f2f477db6353202de729d14f65baae5
SHA512 a9080d60fce645465f31baea13c4ba461dceda2f13a7da0f20474e75c32c56237e3f96494d581b487e4685ca359df50ed8ad89b0e3d6421134f1358737f0de06

/root/.mozilla/firefox/installs.ini

MD5 771a36cf27d1e4d6f2414d777c6839fb
SHA1 fc4b9164a097ce855e3d41e90483e2ddf835468b
SHA256 50223383f607b0424b99e3a026ffedad463c85551973c2f027130363f7cf3369
SHA512 9f916c2bbbc183b8eeebc5afc976f98f0d4d8bb999ebac2cc4a3594436577d6cefaf1fd57c32d45dbe7330cee22044da17eb24de240ab058ed3c4f1146019381

/root/.mozilla/firefox/profiles.ini

MD5 3dbaabd134162c5b168e8c36cb8064fd
SHA1 6c114b3047a962c35c3499890622935b99342162
SHA256 84da937368430983767f3fdd6cd84c5e1bb4c170453cca03df17c2644afc17c5
SHA512 45f2fa8e1af4bfb98b6612fa0aef8a6635cbcf2bc077139751e3c13a0cb87117fc7bd15a53ef792720b049a1ad7a8afb602a7530c30e5a2cb8299963b55b8920

/root/.mozilla/firefox/blszmboc.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/blszmboc.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/blszmboc.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 0b16ee57f288d886161818804e482c3c
SHA1 aa7d7c8e308363993aaab63cebc4eb4170e4f0a2
SHA256 fecace645eb04e5a6dc144b32304cb8f6afa00716e1c53cd539710f09bf24ef0
SHA512 25fe575e703d7960bbccb43521b8e04ecc18d8aed2648af50410bf7faa2c4fbf0580e9db8e3c0fffeedebcbc2f0ab1ee28b66e2706c5378b544590bad9dcccf2

/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 fb9509d0f061a509a1e4defa9529cd93
SHA1 5fa9d65a78587f94e417747f69da089b65362f3e
SHA256 58d0d6716fd43a53528e78ee32d2a1d592190e3ccadd4a64ddbd2d27074db271
SHA512 cdac1b616121b9a559ee466b99354f359e6748da1698110575b0a02820396b14daf031549e6a651f31a29aa41eb3db04b077bc0192c6597d4063edb4afde4783

/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 a655f0d42fba2dd4cbb32e1f0e578646
SHA1 cd2f283040b20842edd1f586076b0305d7fc36e4
SHA256 dfbc2689fae0716872de5e42b6da84d43e7119983c5ca8c3c05afaec54bed025
SHA512 c96bcb9772c9b7883a54412d035069b6922070b9f054ffb096921dd934b0c58293cde481543af00a965c6ce1881ea14aad52c2bfe611bd3ccb0d4830e0c9f1fc

/root/.mozilla/firefox/blszmboc.default-release/prefs.js

MD5 01f50e4b3f07562d2d5ea98072cb2d76
SHA1 0e92f01d8bc3a87e2a42d249e0b1ad221a340835
SHA256 79ce40a9290fe14c6d6f6f8cb990c184d34cbdfb32e4feb7f3ac66fc9cd1e110
SHA512 693ae467cc190ed6ba8575c59f2c297879685ba2ee802df006b8fea91a051071444fb3bb77670a07f1131a7aa31039d6e9d4b44904a6c1ce4d9c2ce51e8921a6

/root/.cache/dconf/user

MD5 441077cc9e57554dd476bdfb8b8b8102
SHA1 3f29546453678b855931c174a97d6c0894b8f546
SHA256 b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2
SHA512 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8

/root/.mozilla/firefox/blszmboc.default-release/permissions.sqlite

MD5 232fbc22dd03a8ec41edde02bdbea61c
SHA1 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256 d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js

MD5 e7fc003bd009f390045072d8558fc078
SHA1 f65ee60bd7949a2f1282839ba0476f1596b26993
SHA256 f62b0b6acf4e6ded877f07902184a02d7114c470ab7c63257ae3dc614816f6c3
SHA512 55519fa7d58259ca0dae2058c7d45d66d5b8eebbeac5dabd25caefc8f1b7bcfbf590de40329f681626954fef422bc57bccc5c6b4e5b7e3e8752fb7c1f999e3df

/root/.mozilla/firefox/blszmboc.default-release/times.json

MD5 04b3e195252d1c31ed61813cb728749c
SHA1 6bdb7305f8e9feaba9cad8353d307b68d7f1e15a
SHA256 15cf0d2ceca6e480576771728f603f47b0c19036483b70017c1f40954c0ad96a
SHA512 d012e53f5bd33da15e16c2ff60b3929f7b164b5b5fceb1734e2624ff47932b7190b9f3d1d91e9ef0a6b2b7d66f788f29e367b22ca1467b1bd0a77ea6216be027

/root/.mozilla/firefox/blszmboc.default-release/cert9.db

MD5 e9d7d9fbd1e03bed9f8426763263d838
SHA1 efb548590a37d8b0f507b1fe1a509c3607974501
SHA256 e4ca1ea6d9608078a2493e16db3ca6e8e0c95e75fb23c8847cc1a55825d6e3a9
SHA512 6122547b4fff3dcd11f28ba03aeeb689c404986e0573d86764af820977fa90d188119ea32f9770e88efd89d50b0bf03c20ca4b73267ba4c0ed11a6c455447fc7

/root/.mozilla/firefox/blszmboc.default-release/key4.db

MD5 aecc18749c912ad4dae5b53459c6f26f
SHA1 2ce933ea1b39a75d9dfa237119725756aa5a099c
SHA256 44746c402cb433dc4d6ab5541bfbdc0ac42dd24f71e7d5a02ace594814e64a94
SHA512 d0120346ef4a38bdfc30805a727b35786b610195a4a798774eaf9892a16992cfc653181592e6fa255fa93c6e9abc3e302ba5c4071e2f1788b9a60fb10dc4f871

/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 71bb9ef3fb2fd6f962e1f276b7304070
SHA1 9ee5eeada058037f89414d2cb1824c9864747c3e
SHA256 d32cf0e17e1f520aa72d37caafa98411545dfe9d7efbea2bb672e93487fbd9ee
SHA512 88a7ea740b16ebe79795032d391dcb0dd253bd8a06c28a88a29f6d3a8cb6df8e617c079790b6b72364bfb1ee2dbf90c1233db7fa1546d5f97fabd8e5833f776f

/root/.mozilla/firefox/blszmboc.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js

MD5 502fd3faba10bcbcce0af0809fe008df
SHA1 653eb8d34dc5990505060d1da20d538f804bc838
SHA256 c4c43871b3890efb0f8d057c0990ce31bba3f4ebf51177da2c6fcfcf8c2b1152
SHA512 0b04a80e5429cb49d3c2aacab50c0196d12103398da1c80139ef682b19d9962a49aefa5558f6e523eac000c265b412bc00a4a638313c76511bc70b60a90e0689

/root/.cache/mozilla/firefox/blszmboc.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 ce833ef1526dc63efa3eb56e61711d89
SHA1 c461ad2a9385fdeeb5c5c82cc6e7c82f5f1036f3
SHA256 ca6b57efe07afee4b9e86f8ff980c34420428e9b8e28e9d034fc7ade14683d5e
SHA512 9e2e43e4f10c6cfe12ae25f0f304646781505227ded67698b5d194425beec28ae46c556f0dc4b1b4180fa15496a9c3c41339c27f49cb67038c62c9e0bd954c00

/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js

MD5 ca6d22d802b5f6eff4da615c51ac2f0d
SHA1 4673241b7cc811bacfc7fccdd122828ebf9531e6
SHA256 b1fd76722e508a59b33fa89f2c6a5cfce7724e6a4d69978a4b309420d68185ae
SHA512 e4daef264df8f21fc1195ca2266edb937b794a22768daea64815d604c319734638e10dccef112a25f3726e7c9cacc9e565a89bfdabadb88756e38ae72203691b

/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js

MD5 6884c1137f81e6fa519f5a5e50fd903f
SHA1 6d5a30673a41fb0f3f8fedb39de411d967fff639
SHA256 0c21778a61a4f23da5d090a0e4e07a38928ef011e923bd5cba035b800aa65538
SHA512 4b1d0814e9808f60656023cda3be6962ec6c3847dc5955c15036ff6b03c2d47988f03ef8b58a132dc6c443365e90a5321d330fb5f02cc7c2019a61587ba0e5bb

/root/.mozilla/firefox/blszmboc.default-release/prefs-1.js

MD5 b789a466da73bf4e3b511abab909c94e
SHA1 95a2b68d331407de97782736036063c38ec2ee22
SHA256 891d69259a009109d32a35ecf745757a0095b9177053a0be6fdfff7408036a0e
SHA512 52fba6b383cfdf946653ba6e1bcd346e4d15aef5bdf9d68383a370c6087fc6e52750f9acad6b0e217f0bd502fdb4f00109634e0517882110921f35255f97a78f

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 06:32

Reported

2024-04-17 06:33

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A