Analysis Overview
Threat Level: Shows suspicious behavior
The file https://www.google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Changes its process name
Reads user data of web browsers
Checks CPU configuration
Reads CPU attributes
Writes file to tmp directory
Enumerates kernel/hardware configuration
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-16 05:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-16 05:41
Reported
2024-04-16 05:41
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
3s
Max time network
25s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1614 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1614 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.bak | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/content-prefs.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/protections.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/temporary | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/previous.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/shield-preference-experiments.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/key4.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionCheckpoints.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/key4.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cert_override.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/AlternateServices.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/bookmarkbackups | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/ClientAuthRememberList.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/ExperimentStoreData.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/addons.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/times.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.baklz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/SiteSecurityServiceState.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/key4.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/previous.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/search.json.mozlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/thumbnails | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/pdnxgwza.default-release/pkcs11.txt | /usr/lib/firefox/firefox | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd-fuse | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/109 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/75 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1740/smaps | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/31 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1719/stat | N/A | N/A |
| File opened for reading | /proc/1690/statm | N/A | N/A |
| File opened for reading | /proc/self/fd/111 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1761/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/110 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1621/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1642/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1712/statm | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1590/attr/current | N/A | N/A |
| File opened for reading | /proc/1578/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1690/smaps | N/A | N/A |
| File opened for reading | /proc/self/task/1743/stat | N/A | N/A |
| File opened for reading | /proc/1740/statm | N/A | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/1638/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/1712/smaps | N/A | N/A |
| File opened for reading | /proc/self/fd/76 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/39 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1757/statm | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/1662/cmdline | N/A | N/A |
| File opened for reading | /proc/self/task/1696/stat | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/6 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/self/fd/38 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/1590/status | N/A | N/A |
| File opened for reading | /proc/self/fd/40 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1657/cmdline | N/A | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/fd/37 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab https://www.google.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab https://www.google.com]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {9c3f8564-522c-460a-8dfc-2ec370245f1b} 1578 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {4d77479f-fe83-4274-85cd-6b3f6d873494} 1578 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21418 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {a849ac13-83bb-46f5-8e84-3f7c290a3142} 1578 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {d694d9ea-0ea0-47b0-9644-dd0d36b037c1} 1578 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2752fd1b-37ae-494a-8226-b932610affbf} 1578 true tab]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.3:443 | services.addons.mozilla.org | tcp |
| GB | 18.245.162.3:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 44.240.56.209:443 | location.services.mozilla.com | tcp |
| US | 151.101.130.49:443 | tcp | |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 151.101.193.91:443 | tcp | |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| GB | 89.187.167.3:443 | tcp | |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
Files
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | 9361656b4441fd2f18455323efe86f3a |
| SHA1 | d7ec8cb3b059e1fd7cb4d9b61fdfb4f495454269 |
| SHA256 | 6f78c518727cc3aa303394f20009421cede9bee9a1f544f2ad385a3acd1c028b |
| SHA512 | aa4f2443290d81a7f828faed8c9a64ad04208f400c4ffaf6c46178b1145f255198ed01cb74be91fcd1738e8079b16c3d47ebdf7010e65df0c26d6d7eb956a986 |
/root/.mozilla/firefox/pdnxgwza.default-release/times.json
| MD5 | e8cdcbdb0733c5e40b750ca4099d57c5 |
| SHA1 | 311d8ffe7364c52024a3278a6f316ec2f13ed828 |
| SHA256 | 055270b6d75ef002f3fcfdb38becd2ec0394e062ca49a10bca9178a14b2fdb35 |
| SHA512 | a56c878b78c2f72d6d446430937f1aab47aaad78aabeba99637c1d49d44611bb3f6db844a851ecbd6139503d94a8c714c54982ecad6bedacb80cfc84c2a97e63 |
/root/.mozilla/firefox/installs.ini
| MD5 | 58a99bab861d28aab668c5c9814ce1b0 |
| SHA1 | 445954607e68c9265021bb0063a62aa946ab11e9 |
| SHA256 | cb2ed8eff8405d00a68dd76d47427c4c6fafee6f6661519dac57c5b233e4b5a4 |
| SHA512 | e7d920cd7dd8bffc1e88525ff90b46a01128b1bcbb7d9de85f578c9fa98167d9fe82e9b41da6602d5c8a70d3d5feaec2b772737c636acb39390c9c9cba288712 |
/root/.mozilla/firefox/profiles.ini
| MD5 | 43db06b85c80e1687520ef19c37e25e2 |
| SHA1 | 28c2eb4eb773120d64dd5da1b487cc7484281f03 |
| SHA256 | 21f2c18ac3bd5eca5bca4264140188b8b825297ca463044ea9e082dddaf749a4 |
| SHA512 | 20bfb8e9422e76fbd5586eaa27555e213f2ce04f6d81452a04ddb3f81092570e25ff991e4a5b514bf7e626fb01da302ad733826f1cb4fb9bbd980d71647234c7 |
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | b896ba1f9e0cd0553b96d9faf216b79a |
| SHA1 | a1234c109c4b2fac445fb767fbb3829a0bc8369a |
| SHA256 | 828131ef22ecce82f07bf4d610a53ec29d7048a03ee106bce2d31c800cf616c8 |
| SHA512 | bc0b9a7dbf2360b09632e3d6269786807169e4b0e68f67c0ff008c88a3256ef1043a537fa20710100e33f44259fd6eef6f7424ae305c4cd797e6030c98f3d04e |
/root/.mozilla/firefox/pdnxgwza.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | cc15a2f56cabbf2f7ab722266f1c044d |
| SHA1 | 0ecc72eadb6831118fe55a233a4d29d18d515993 |
| SHA256 | 98bd8235ecb92073a3101480fbf9042b4cb630af9ab43fd3dc972e625bc54ea1 |
| SHA512 | a809cb43887c9610201764412e455993845ae0520f9290043a20dcaa50882d1b4ca104ed458abde4a9ff104154ed04736b6648f7305ded8c87c854e4d7c528cd |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 6dae7aa4f9691823d135e6fcb5a68bb7 |
| SHA1 | 977e06b067a1dd4a3ed109b8b452c8227d7573e1 |
| SHA256 | d74c2c52e9577a7e9fb685755cb636679ac58a51b63f5c29aeed3e6e31051c4e |
| SHA512 | 6365f8015b378f7638c0f7cc9e86d674ab2d5904b7fb11dd0d23c1cef2276a29487e82145c55609d134ea83c11e376de3e07ad8ae1f4bff6033474a4759d78b4 |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 9c760157c57749ff94ae2b78d9545c4c |
| SHA1 | 86497b648366e1df95da5936a38a5c6e654447f6 |
| SHA256 | 5a3ecaea48e4c22ad77ec23026d1268bec9527bf818ee77c175d5b4e35831c7c |
| SHA512 | 5ca602403434aeec6a22bf48a0008661a2c9f36186b1e4daa09de08cf9b5bb640cdf569c0bde491c2a9930d25cc9c52a2b5daa4bba75cda801fc68839243e804 |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs.js
| MD5 | 17beeece6814db5b1ad9a108359bf453 |
| SHA1 | 11d1a12d564888db50aa823c32f5bcf436bd5e45 |
| SHA256 | e2ff66aa16eb32a8d6ffca1fc9495977e181939ff9b7f969ab1d1eddd7030d4a |
| SHA512 | 3fd8232bda968b86d4a9d2b1039194ddbf9b13e7897245772595bc5105a55c15ae48b01932969fc156964afbb6c4813192a2ea32d52d6397cb65035c493397cb |
/root/.cache/dconf/user
| MD5 | 441077cc9e57554dd476bdfb8b8b8102 |
| SHA1 | 3f29546453678b855931c174a97d6c0894b8f546 |
| SHA256 | b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2 |
| SHA512 | 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8 |
/root/.mozilla/firefox/pdnxgwza.default-release/permissions.sqlite
| MD5 | 1bde978b83f4314559ee656878c81d24 |
| SHA1 | 644a6f420d8cf8cebfb084cb1cd11ea6896c225d |
| SHA256 | 7574f7deac57d3ad97356cf77e9193d16f7e4bc497414acd4345d3a9bb34d448 |
| SHA512 | e07aa94f97f2aaaab877fea4c9ffb67eff509c953962a11edab9935488105e47a98a816cf11ae0a0a838506797639400362104cc21831d171c27d7812359f353 |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js
| MD5 | c10d71cb5bed66a9814ab99c7b6f4ca8 |
| SHA1 | f78c236cc936bf3987320897ea83174c46d1bc56 |
| SHA256 | 88009532a30d8d67ed56f434fc05070efb6115403fb6375712de2a41b933da04 |
| SHA512 | 094ddace373dca7e1bc1cce359aa669ad9dd6a1b91c5a85fedeac3e40e47712069754cfac9c498d3c3656f85ee7600bec295cf0cd57a3987f73bac41a7f857f3 |
/root/.mozilla/firefox/pdnxgwza.default-release/times.json
| MD5 | 680e49738a3160033f32ef3cb874cef5 |
| SHA1 | 570a11c7a5615ca6806db6fb530483ac5f1a7973 |
| SHA256 | 37939f6c42b2f5086b2082e2a0bd61c4aa1c704d3a352b56fc0d7ef88cfb590b |
| SHA512 | 38bb2c22ac75aaaf2520777dc234fcfec959ccbb205f4d3f9d19847887612fdcc2d2869f60095b4cf7d58975e82fef4ebcb6b293934350834131fc91efe010be |
/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db
| MD5 | 4afc113b60b83e8f236aed18696fe59b |
| SHA1 | ea0be784ca2291af98e478748656d68522b2dac9 |
| SHA256 | 678839576f8970beae4e03140ae0936b350fb9ca071da374f7174b1944023710 |
| SHA512 | 19f6350fd467bb3ce3c2c68eb4ae160185b21661a9e012dded9d0c5bf96b61db68f2ddd603c442a23458e6289a324de43362588d2d2eaa7dd5638d38b81ffabf |
/root/.mozilla/firefox/pdnxgwza.default-release/key4.db
| MD5 | 6b51411ad0ea4603003d76967ffb7914 |
| SHA1 | 32342e513a6a6166dbb7ebfdd68e6ac652c8af35 |
| SHA256 | 1c16f57ef1b93b4d222217e2daaa844bb899044568700f50e0282e14ae4f7ff2 |
| SHA512 | 4f91697f69913bdd01ae38728d6bc5f97ccc3fd22ac02aaaa70826d61a65cfd6fa5e4eda54e8e1ab0cc7d12b58cb8b50143e351ca6c990f19b7b71d75899cce5 |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 759544297aaa61f5fef8ee42d0ae4393 |
| SHA1 | fc2d66f6e60409e3e8d38623ce5f817fc7f571e0 |
| SHA256 | 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5 |
| SHA512 | 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 994bebb82bc25a640bd6fc6329647186 |
| SHA1 | 302955bf3b363b1bd0a82b6efb3d2f7dc9e73e0f |
| SHA256 | 228b7143fff21261c55b8bc702ab4ac84c3921b5c591955a9f6e05b3e3a0c6fc |
| SHA512 | 882ea73720bdc366698e035dbf265a1728f0ef2186326ffebe43786ea3b0045f8734cf6c676dbd450895b6fb2302410d519ca48bd490a076c8203ca5aab27772 |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | dd3f6ba37c670af5953593535e435d04 |
| SHA1 | ecfe4e650a050bce77e8ff7468de04c1b8acc9a4 |
| SHA256 | 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561 |
| SHA512 | 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3 |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js
| MD5 | a5f8940c23c10395b5f2f76983014454 |
| SHA1 | d3fc86bc51eb0ee36f219579ac70507d0d037974 |
| SHA256 | b103adebac1efc9c5c7a37c7f521d64a22ce9026ff98a99495e897f280039198 |
| SHA512 | 705e917eafa14ae859eb4df7e9c32916b10dc2c4982cae4370ca53b27dab5e0d3f16ed67e4e00581de02ed5faeace731c1fa8c18e384bb12b89910c0e2a25102 |
/root/.cache/mozilla/firefox/pdnxgwza.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | 920773a1db74541a25ddda1b5ed9f521 |
| SHA1 | e797c8526e35516d60f56f3476bd839bc81c2e33 |
| SHA256 | 405ba90b4428d0d5f20d1c32cbb695d46e6252cb68704fa269ed036be0dc91cd |
| SHA512 | 748ceceb2c8ab22a0b400fa1644ebcca807a07a16eecd52e06c985a88f791d415e9f380b78531119a6cc579478600bfe0422fa08f2842421c82bff8380aa31b8 |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js
| MD5 | 3a3d55a37378a6d9fd63327ccb9dca59 |
| SHA1 | 61a13f1abcdb9e93d63dc607c537f2c922d1fb73 |
| SHA256 | 41c900bfade05b0186c1b25cf2afb38c733c8658999ae6a349521ac6e10f5e3d |
| SHA512 | 57d6f34663d8f1652d437fdd2703eeec30543e16db616d74c6db0387381fde352e22f6e49bb4c7ed3d633bbfb7275445f4b3ab3558f92040c46802610a13ca54 |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js
| MD5 | e24e0f23676c6bcd69fb6812eadd1079 |
| SHA1 | 775f4a75bcea6d358d82b507fc3b594efa7baeb1 |
| SHA256 | 872fad9f449a3cc25de89e568c0ef9be7a001815f9e6420e26c17b42851442f6 |
| SHA512 | 4775c08a640d9f9d222b37f5f7fe9d09e8b1cbef6728747c980b0760db8a86d1469da2db35197ed77b8ae72fcfa5a53e7ee5c3f95efda335b0f7366ec9a89da1 |
/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db
| MD5 | 6e0cf61ee6a052924ca6cce451c825c6 |
| SHA1 | be8a46ec15b9dd08194872ec8b9405d01dbac488 |
| SHA256 | 9cedcc0d834fac439ab88410345153a99689117c7517c4399f82c61665de852e |
| SHA512 | 5011332e1d9edc65ed7d07251b0005868e4c7942163db7e004d7ac5eb7a16ce820461103686ca700f7c345e65c6b317728a75bdcd914a83c08e361d431edd96c |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | a8dd7ebaad5528b23f82ccb1534cea18 |
| SHA1 | 600daceacfb5cf9df0b66ba7dce4516b2ac4df70 |
| SHA256 | e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec |
| SHA512 | 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | 5314ae58bc889b2323fc46d8217fd376 |
| SHA1 | e09a54d802e6c7a9bf3ef73167ec685bfbf28bc7 |
| SHA256 | 8b862645cbb1dc9d0cca6d4ff983e4f1cff3b0af59e6a429d9fa1118549a462b |
| SHA512 | 1827062dac487183b1245c7b1da8420b7bd137d81011b195c92d4e79935d0ce7b1d39ab4cb3d16deb42fbb90d07abd0c329d69fcd992e9fea4f165f3367ba25e |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | 7352c8848e88edc39b7fb5e663888187 |
| SHA1 | 8c3dffe25cc56c7aec1b782292d6fceed81e6304 |
| SHA256 | 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a |
| SHA512 | f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280 |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | f2013da5bb134fb73f93d134d788f822 |
| SHA1 | 38c09e550713b46ca28945e055ad5ad03af25213 |
| SHA256 | 2ee16c3e642d7105c67fd59c772ad14dcdf0b40917eff5e5200dbee2077aca40 |
| SHA512 | 0e971e3ada2ee74aaec3963abc57cafc92c552cb6fdb882ebe300c543209b99d950a6cd86d8d33ca0847c3a8b66cee896a849c9b5f36ba8fccfa5ca23ee9f15d |
/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db
| MD5 | 015d2b1e82f9af236ec7ed40cf625830 |
| SHA1 | 3603af31fc3c54f1f4906963e1105c27a654f8e1 |
| SHA256 | 13dda0d2a0fb296d360d03a6736623c5dfa44972d737fef57ad0d04db1656bb6 |
| SHA512 | d18f10fcd34959f29a81e8422f75293d147a348ea1d8ee1ccb0f4618ac20a52f375253aea5976d145d2e22e24b49b9d0f2395db906b1646260bcaf76f633a4b4 |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js
| MD5 | 26e2de4c87cdef83456b46a3c1770ecf |
| SHA1 | 6979a902775cf573142b595e4af31bccd38eed0a |
| SHA256 | 5249b0dfd731b52e6e8c85083891b5dfd7cb52634ab6962f002e80474c06e5b6 |
| SHA512 | 6cf857216cc77c5110b0821c8af73092d860b0c567bab046e47d6f970c6093b0e19fc970f2aa5d836b4589cf32ca1278ec9ca885c1b186f0c082aef11a256cfb |
/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db
| MD5 | 27dfdd8ab91ec020a54e5ff76ab3f133 |
| SHA1 | e3cfd01e45efb693500db78f98b7d71e05e45b8d |
| SHA256 | 53f3af7bb9effbea4efffa3f8b8a04f5c416298ba4c4978b430cdbd82374c339 |
| SHA512 | 87d3fa54f8be1e49c84574a4f80cad4db973ccbe0072f8697c81eb182c071d4a97ec8397ffe0bcf6305c374dfae1c04f4387d04a11da72050359a3fc4c3fd685 |
/root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite
| MD5 | d9d4bbb51d6a031ec937aca02637cf73 |
| SHA1 | 0fb03fbf3f3ca1cc6905f85133e54fd295c9c77a |
| SHA256 | 527c83f0bfb77dc93b9f1b380c4192ece184108ad39e225d7f50acc65e644b4e |
| SHA512 | 11602aad61acc7cee525d2b5fd313f8826e711d8733ad36104eb4df6852c2d9ad7c1310977ef224ff3cd2e202ef4cf25b9497cb5b7bd24e915604aa49d2bcf46 |
/root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite
| MD5 | 3c0a1ec298284608bfa51081ea539be3 |
| SHA1 | e51b58f6fe89d45fd8a1d935b51da172d5f6f32e |
| SHA256 | 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2 |
| SHA512 | 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js
| MD5 | 40788edb83e94c6e1ba36ec868de01c0 |
| SHA1 | 1707f6ab1240f59a598b6f922e669c7b4216807f |
| SHA256 | fe8c6eadc125bee0432f6ce506729b551971b0ceaf95bfbd17a91f8b522b3547 |
| SHA512 | ffacd522251e14df40b137b0f60f1c27893fb3ae87b2bc234ac27e10931d9b6cf604259ee4459ba0fd2e5bd5210eb12bed025e66deebdec91f3fe5a3e5671e15 |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 02dab7dd59ab6ccf75cd73d0d4ca7cc0 |
| SHA1 | 28c0b9bd95f09a1674260e501e9ec9cdcb0eb6c4 |
| SHA256 | 92c0cfde3837ce37353c3c54839c7f7a067622c886131a99b9b74eed837df00e |
| SHA512 | 9da3abe0c6fad322aaf28dca0ef5964006f435a7b1505c474762c98bd6ac71f07ee83df881aa97f3991c17b528f45e3a27f3a7060977e1f76ae9a5afaaa01a5e |
/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 7429018a2112cc83660b3f8cfb139499 |
| SHA1 | e5d1db486ee51b8e425aa92d17f215fab93060d0 |
| SHA256 | bccf25342b359891cc3cc0d49a3a2a37f0f257dda84bd5a18305ea1a297660cd |
| SHA512 | d96536f48f12feb5c628b293712c41ce83294f1ca83f2b67705710545503cb713baa92c9d2cd95e19a713a9e2e86cc83fc719edcf14788d7dff9829f96169f38 |
/root/.cache/mozilla/firefox/pdnxgwza.default-release/cache2/entries/82F4CDEDC8A08E6BCE520A4114F15825F2E886F6
| MD5 | b0d93b7dbdf9d9b7fb72d1adcf463ad9 |
| SHA1 | 1f890da756d413ccee31c7c785c10e44aa55fc50 |
| SHA256 | 5ca5c0b226b7161c4d9b6fb8196e0690c4609b779a4e2fcb9617ee9201a59d18 |
| SHA512 | 999d6a11d1fc1730b305ce8ec6c60f5f51340e866cbabedd0269e57019fd2486a2e4b8029d0396ef23badf80bea5fca5ec1a8ce88be47f02bdfc3814c8c370a0 |
/root/.mozilla/firefox/pdnxgwza.default-release/content-prefs.sqlite
| MD5 | 1fc2e7b7fe2c5be305dfa9a2bbb60771 |
| SHA1 | 4967389dea050001cb1af3ec799edb7805c3abb8 |
| SHA256 | 1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a |
| SHA512 | fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5 |
/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js
| MD5 | 6bcc621dd8292ee8fc90727c8a20f455 |
| SHA1 | 5117bf6e57074bb8ac4bca93eeed68f476314e64 |
| SHA256 | 2a2fcc8a16aab94987dc3b7fa569d55fdde803e66ac597570fc1eee6fba92039 |
| SHA512 | 1414e66bf3daac73945498c3f66e3f9e6ac46364cb69d46680e3c165af365d4eb4ecb1c6e9624608d1ef299b0cf8c6be1dd1adf363d96e65f1311f404227816a |