Malware Analysis Report

2025-01-23 15:39

Sample ID 240416-gdegqsaf49
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

Writes file to tmp directory

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-16 05:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-16 05:41

Reported

2024-04-16 05:41

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

3s

Max time network

25s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1614 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1614 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/content-prefs.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/protections.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/temporary N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/bookmarkbackups N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/ExperimentStoreData.json N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore-backups/previous.js N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/thumbnails N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/pdnxgwza.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/109 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1740/smaps N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1719/stat N/A N/A
File opened for reading /proc/1690/statm N/A N/A
File opened for reading /proc/self/fd/111 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1761/stat N/A N/A
File opened for reading /proc/self/fd/110 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1621/stat N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1642/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1712/statm N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1590/attr/current N/A N/A
File opened for reading /proc/1578/cmdline N/A N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1690/smaps N/A N/A
File opened for reading /proc/self/task/1743/stat N/A N/A
File opened for reading /proc/1740/statm N/A N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/1638/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/1712/smaps N/A N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1757/statm N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/1662/cmdline N/A N/A
File opened for reading /proc/self/task/1696/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/1590/status N/A N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1657/cmdline N/A N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {9c3f8564-522c-460a-8dfc-2ec370245f1b} 1578 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {4d77479f-fe83-4274-85cd-6b3f6d873494} 1578 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21418 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {a849ac13-83bb-46f5-8e84-3f7c290a3142} 1578 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {d694d9ea-0ea0-47b0-9644-dd0d36b037c1} 1578 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2752fd1b-37ae-494a-8226-b932610affbf} 1578 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.3:443 services.addons.mozilla.org tcp
GB 18.245.162.3:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.240.56.209:443 location.services.mozilla.com tcp
US 151.101.130.49:443 tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 34.107.221.82:80 detectportal.firefox.com tcp
GB 143.204.72.186:443 www.mozilla.org tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
GB 172.217.169.36:443 www.google.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
GB 89.187.167.3:443 tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 9361656b4441fd2f18455323efe86f3a
SHA1 d7ec8cb3b059e1fd7cb4d9b61fdfb4f495454269
SHA256 6f78c518727cc3aa303394f20009421cede9bee9a1f544f2ad385a3acd1c028b
SHA512 aa4f2443290d81a7f828faed8c9a64ad04208f400c4ffaf6c46178b1145f255198ed01cb74be91fcd1738e8079b16c3d47ebdf7010e65df0c26d6d7eb956a986

/root/.mozilla/firefox/pdnxgwza.default-release/times.json

MD5 e8cdcbdb0733c5e40b750ca4099d57c5
SHA1 311d8ffe7364c52024a3278a6f316ec2f13ed828
SHA256 055270b6d75ef002f3fcfdb38becd2ec0394e062ca49a10bca9178a14b2fdb35
SHA512 a56c878b78c2f72d6d446430937f1aab47aaad78aabeba99637c1d49d44611bb3f6db844a851ecbd6139503d94a8c714c54982ecad6bedacb80cfc84c2a97e63

/root/.mozilla/firefox/installs.ini

MD5 58a99bab861d28aab668c5c9814ce1b0
SHA1 445954607e68c9265021bb0063a62aa946ab11e9
SHA256 cb2ed8eff8405d00a68dd76d47427c4c6fafee6f6661519dac57c5b233e4b5a4
SHA512 e7d920cd7dd8bffc1e88525ff90b46a01128b1bcbb7d9de85f578c9fa98167d9fe82e9b41da6602d5c8a70d3d5feaec2b772737c636acb39390c9c9cba288712

/root/.mozilla/firefox/profiles.ini

MD5 43db06b85c80e1687520ef19c37e25e2
SHA1 28c2eb4eb773120d64dd5da1b487cc7484281f03
SHA256 21f2c18ac3bd5eca5bca4264140188b8b825297ca463044ea9e082dddaf749a4
SHA512 20bfb8e9422e76fbd5586eaa27555e213f2ce04f6d81452a04ddb3f81092570e25ff991e4a5b514bf7e626fb01da302ad733826f1cb4fb9bbd980d71647234c7

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 b896ba1f9e0cd0553b96d9faf216b79a
SHA1 a1234c109c4b2fac445fb767fbb3829a0bc8369a
SHA256 828131ef22ecce82f07bf4d610a53ec29d7048a03ee106bce2d31c800cf616c8
SHA512 bc0b9a7dbf2360b09632e3d6269786807169e4b0e68f67c0ff008c88a3256ef1043a537fa20710100e33f44259fd6eef6f7424ae305c4cd797e6030c98f3d04e

/root/.mozilla/firefox/pdnxgwza.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/pdnxgwza.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/pdnxgwza.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 cc15a2f56cabbf2f7ab722266f1c044d
SHA1 0ecc72eadb6831118fe55a233a4d29d18d515993
SHA256 98bd8235ecb92073a3101480fbf9042b4cb630af9ab43fd3dc972e625bc54ea1
SHA512 a809cb43887c9610201764412e455993845ae0520f9290043a20dcaa50882d1b4ca104ed458abde4a9ff104154ed04736b6648f7305ded8c87c854e4d7c528cd

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 6dae7aa4f9691823d135e6fcb5a68bb7
SHA1 977e06b067a1dd4a3ed109b8b452c8227d7573e1
SHA256 d74c2c52e9577a7e9fb685755cb636679ac58a51b63f5c29aeed3e6e31051c4e
SHA512 6365f8015b378f7638c0f7cc9e86d674ab2d5904b7fb11dd0d23c1cef2276a29487e82145c55609d134ea83c11e376de3e07ad8ae1f4bff6033474a4759d78b4

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 9c760157c57749ff94ae2b78d9545c4c
SHA1 86497b648366e1df95da5936a38a5c6e654447f6
SHA256 5a3ecaea48e4c22ad77ec23026d1268bec9527bf818ee77c175d5b4e35831c7c
SHA512 5ca602403434aeec6a22bf48a0008661a2c9f36186b1e4daa09de08cf9b5bb640cdf569c0bde491c2a9930d25cc9c52a2b5daa4bba75cda801fc68839243e804

/root/.mozilla/firefox/pdnxgwza.default-release/prefs.js

MD5 17beeece6814db5b1ad9a108359bf453
SHA1 11d1a12d564888db50aa823c32f5bcf436bd5e45
SHA256 e2ff66aa16eb32a8d6ffca1fc9495977e181939ff9b7f969ab1d1eddd7030d4a
SHA512 3fd8232bda968b86d4a9d2b1039194ddbf9b13e7897245772595bc5105a55c15ae48b01932969fc156964afbb6c4813192a2ea32d52d6397cb65035c493397cb

/root/.cache/dconf/user

MD5 441077cc9e57554dd476bdfb8b8b8102
SHA1 3f29546453678b855931c174a97d6c0894b8f546
SHA256 b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2
SHA512 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8

/root/.mozilla/firefox/pdnxgwza.default-release/permissions.sqlite

MD5 1bde978b83f4314559ee656878c81d24
SHA1 644a6f420d8cf8cebfb084cb1cd11ea6896c225d
SHA256 7574f7deac57d3ad97356cf77e9193d16f7e4bc497414acd4345d3a9bb34d448
SHA512 e07aa94f97f2aaaab877fea4c9ffb67eff509c953962a11edab9935488105e47a98a816cf11ae0a0a838506797639400362104cc21831d171c27d7812359f353

/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

MD5 c10d71cb5bed66a9814ab99c7b6f4ca8
SHA1 f78c236cc936bf3987320897ea83174c46d1bc56
SHA256 88009532a30d8d67ed56f434fc05070efb6115403fb6375712de2a41b933da04
SHA512 094ddace373dca7e1bc1cce359aa669ad9dd6a1b91c5a85fedeac3e40e47712069754cfac9c498d3c3656f85ee7600bec295cf0cd57a3987f73bac41a7f857f3

/root/.mozilla/firefox/pdnxgwza.default-release/times.json

MD5 680e49738a3160033f32ef3cb874cef5
SHA1 570a11c7a5615ca6806db6fb530483ac5f1a7973
SHA256 37939f6c42b2f5086b2082e2a0bd61c4aa1c704d3a352b56fc0d7ef88cfb590b
SHA512 38bb2c22ac75aaaf2520777dc234fcfec959ccbb205f4d3f9d19847887612fdcc2d2869f60095b4cf7d58975e82fef4ebcb6b293934350834131fc91efe010be

/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

MD5 4afc113b60b83e8f236aed18696fe59b
SHA1 ea0be784ca2291af98e478748656d68522b2dac9
SHA256 678839576f8970beae4e03140ae0936b350fb9ca071da374f7174b1944023710
SHA512 19f6350fd467bb3ce3c2c68eb4ae160185b21661a9e012dded9d0c5bf96b61db68f2ddd603c442a23458e6289a324de43362588d2d2eaa7dd5638d38b81ffabf

/root/.mozilla/firefox/pdnxgwza.default-release/key4.db

MD5 6b51411ad0ea4603003d76967ffb7914
SHA1 32342e513a6a6166dbb7ebfdd68e6ac652c8af35
SHA256 1c16f57ef1b93b4d222217e2daaa844bb899044568700f50e0282e14ae4f7ff2
SHA512 4f91697f69913bdd01ae38728d6bc5f97ccc3fd22ac02aaaa70826d61a65cfd6fa5e4eda54e8e1ab0cc7d12b58cb8b50143e351ca6c990f19b7b71d75899cce5

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 994bebb82bc25a640bd6fc6329647186
SHA1 302955bf3b363b1bd0a82b6efb3d2f7dc9e73e0f
SHA256 228b7143fff21261c55b8bc702ab4ac84c3921b5c591955a9f6e05b3e3a0c6fc
SHA512 882ea73720bdc366698e035dbf265a1728f0ef2186326ffebe43786ea3b0045f8734cf6c676dbd450895b6fb2302410d519ca48bd490a076c8203ca5aab27772

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

MD5 a5f8940c23c10395b5f2f76983014454
SHA1 d3fc86bc51eb0ee36f219579ac70507d0d037974
SHA256 b103adebac1efc9c5c7a37c7f521d64a22ce9026ff98a99495e897f280039198
SHA512 705e917eafa14ae859eb4df7e9c32916b10dc2c4982cae4370ca53b27dab5e0d3f16ed67e4e00581de02ed5faeace731c1fa8c18e384bb12b89910c0e2a25102

/root/.cache/mozilla/firefox/pdnxgwza.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 920773a1db74541a25ddda1b5ed9f521
SHA1 e797c8526e35516d60f56f3476bd839bc81c2e33
SHA256 405ba90b4428d0d5f20d1c32cbb695d46e6252cb68704fa269ed036be0dc91cd
SHA512 748ceceb2c8ab22a0b400fa1644ebcca807a07a16eecd52e06c985a88f791d415e9f380b78531119a6cc579478600bfe0422fa08f2842421c82bff8380aa31b8

/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

MD5 3a3d55a37378a6d9fd63327ccb9dca59
SHA1 61a13f1abcdb9e93d63dc607c537f2c922d1fb73
SHA256 41c900bfade05b0186c1b25cf2afb38c733c8658999ae6a349521ac6e10f5e3d
SHA512 57d6f34663d8f1652d437fdd2703eeec30543e16db616d74c6db0387381fde352e22f6e49bb4c7ed3d633bbfb7275445f4b3ab3558f92040c46802610a13ca54

/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

MD5 e24e0f23676c6bcd69fb6812eadd1079
SHA1 775f4a75bcea6d358d82b507fc3b594efa7baeb1
SHA256 872fad9f449a3cc25de89e568c0ef9be7a001815f9e6420e26c17b42851442f6
SHA512 4775c08a640d9f9d222b37f5f7fe9d09e8b1cbef6728747c980b0760db8a86d1469da2db35197ed77b8ae72fcfa5a53e7ee5c3f95efda335b0f7366ec9a89da1

/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

MD5 6e0cf61ee6a052924ca6cce451c825c6
SHA1 be8a46ec15b9dd08194872ec8b9405d01dbac488
SHA256 9cedcc0d834fac439ab88410345153a99689117c7517c4399f82c61665de852e
SHA512 5011332e1d9edc65ed7d07251b0005868e4c7942163db7e004d7ac5eb7a16ce820461103686ca700f7c345e65c6b317728a75bdcd914a83c08e361d431edd96c

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 5314ae58bc889b2323fc46d8217fd376
SHA1 e09a54d802e6c7a9bf3ef73167ec685bfbf28bc7
SHA256 8b862645cbb1dc9d0cca6d4ff983e4f1cff3b0af59e6a429d9fa1118549a462b
SHA512 1827062dac487183b1245c7b1da8420b7bd137d81011b195c92d4e79935d0ce7b1d39ab4cb3d16deb42fbb90d07abd0c329d69fcd992e9fea4f165f3367ba25e

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 f2013da5bb134fb73f93d134d788f822
SHA1 38c09e550713b46ca28945e055ad5ad03af25213
SHA256 2ee16c3e642d7105c67fd59c772ad14dcdf0b40917eff5e5200dbee2077aca40
SHA512 0e971e3ada2ee74aaec3963abc57cafc92c552cb6fdb882ebe300c543209b99d950a6cd86d8d33ca0847c3a8b66cee896a849c9b5f36ba8fccfa5ca23ee9f15d

/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

MD5 015d2b1e82f9af236ec7ed40cf625830
SHA1 3603af31fc3c54f1f4906963e1105c27a654f8e1
SHA256 13dda0d2a0fb296d360d03a6736623c5dfa44972d737fef57ad0d04db1656bb6
SHA512 d18f10fcd34959f29a81e8422f75293d147a348ea1d8ee1ccb0f4618ac20a52f375253aea5976d145d2e22e24b49b9d0f2395db906b1646260bcaf76f633a4b4

/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

MD5 26e2de4c87cdef83456b46a3c1770ecf
SHA1 6979a902775cf573142b595e4af31bccd38eed0a
SHA256 5249b0dfd731b52e6e8c85083891b5dfd7cb52634ab6962f002e80474c06e5b6
SHA512 6cf857216cc77c5110b0821c8af73092d860b0c567bab046e47d6f970c6093b0e19fc970f2aa5d836b4589cf32ca1278ec9ca885c1b186f0c082aef11a256cfb

/root/.mozilla/firefox/pdnxgwza.default-release/cert9.db

MD5 27dfdd8ab91ec020a54e5ff76ab3f133
SHA1 e3cfd01e45efb693500db78f98b7d71e05e45b8d
SHA256 53f3af7bb9effbea4efffa3f8b8a04f5c416298ba4c4978b430cdbd82374c339
SHA512 87d3fa54f8be1e49c84574a4f80cad4db973ccbe0072f8697c81eb182c071d4a97ec8397ffe0bcf6305c374dfae1c04f4387d04a11da72050359a3fc4c3fd685

/root/.mozilla/firefox/pdnxgwza.default-release/places.sqlite

MD5 d9d4bbb51d6a031ec937aca02637cf73
SHA1 0fb03fbf3f3ca1cc6905f85133e54fd295c9c77a
SHA256 527c83f0bfb77dc93b9f1b380c4192ece184108ad39e225d7f50acc65e644b4e
SHA512 11602aad61acc7cee525d2b5fd313f8826e711d8733ad36104eb4df6852c2d9ad7c1310977ef224ff3cd2e202ef4cf25b9497cb5b7bd24e915604aa49d2bcf46

/root/.mozilla/firefox/pdnxgwza.default-release/favicons.sqlite

MD5 3c0a1ec298284608bfa51081ea539be3
SHA1 e51b58f6fe89d45fd8a1d935b51da172d5f6f32e
SHA256 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2
SHA512 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

MD5 40788edb83e94c6e1ba36ec868de01c0
SHA1 1707f6ab1240f59a598b6f922e669c7b4216807f
SHA256 fe8c6eadc125bee0432f6ce506729b551971b0ceaf95bfbd17a91f8b522b3547
SHA512 ffacd522251e14df40b137b0f60f1c27893fb3ae87b2bc234ac27e10931d9b6cf604259ee4459ba0fd2e5bd5210eb12bed025e66deebdec91f3fe5a3e5671e15

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 02dab7dd59ab6ccf75cd73d0d4ca7cc0
SHA1 28c0b9bd95f09a1674260e501e9ec9cdcb0eb6c4
SHA256 92c0cfde3837ce37353c3c54839c7f7a067622c886131a99b9b74eed837df00e
SHA512 9da3abe0c6fad322aaf28dca0ef5964006f435a7b1505c474762c98bd6ac71f07ee83df881aa97f3991c17b528f45e3a27f3a7060977e1f76ae9a5afaaa01a5e

/root/.mozilla/firefox/pdnxgwza.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 7429018a2112cc83660b3f8cfb139499
SHA1 e5d1db486ee51b8e425aa92d17f215fab93060d0
SHA256 bccf25342b359891cc3cc0d49a3a2a37f0f257dda84bd5a18305ea1a297660cd
SHA512 d96536f48f12feb5c628b293712c41ce83294f1ca83f2b67705710545503cb713baa92c9d2cd95e19a713a9e2e86cc83fc719edcf14788d7dff9829f96169f38

/root/.cache/mozilla/firefox/pdnxgwza.default-release/cache2/entries/82F4CDEDC8A08E6BCE520A4114F15825F2E886F6

MD5 b0d93b7dbdf9d9b7fb72d1adcf463ad9
SHA1 1f890da756d413ccee31c7c785c10e44aa55fc50
SHA256 5ca5c0b226b7161c4d9b6fb8196e0690c4609b779a4e2fcb9617ee9201a59d18
SHA512 999d6a11d1fc1730b305ce8ec6c60f5f51340e866cbabedd0269e57019fd2486a2e4b8029d0396ef23badf80bea5fca5ec1a8ce88be47f02bdfc3814c8c370a0

/root/.mozilla/firefox/pdnxgwza.default-release/content-prefs.sqlite

MD5 1fc2e7b7fe2c5be305dfa9a2bbb60771
SHA1 4967389dea050001cb1af3ec799edb7805c3abb8
SHA256 1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a
SHA512 fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

/root/.mozilla/firefox/pdnxgwza.default-release/prefs-1.js

MD5 6bcc621dd8292ee8fc90727c8a20f455
SHA1 5117bf6e57074bb8ac4bca93eeed68f476314e64
SHA256 2a2fcc8a16aab94987dc3b7fa569d55fdde803e66ac597570fc1eee6fba92039
SHA512 1414e66bf3daac73945498c3f66e3f9e6ac46364cb69d46680e3c165af365d4eb4ecb1c6e9624608d1ef299b0cf8c6be1dd1adf363d96e65f1311f404227816a