Malware Analysis Report

2025-01-23 15:37

Sample ID 240416-lz8pxsgh9z
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-16 09:59

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-16 09:59

Reported

2024-04-16 10:02

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

9s

Max time network

149s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/ann6wzwk.default-release/storage.sqlite N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1570/stat N/A N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1581/status N/A N/A
File opened for reading /proc/1581/attr/current N/A N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1568/cmdline N/A N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.130.49:443 tcp
US 151.101.65.91:443 tcp
GB 195.181.164.14:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 1.1.1.1:53 dualstack.p2.shared.global.fastly.net udp
US 151.101.2.49:443 dualstack.p2.shared.global.fastly.net tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.34.56.182:443 location.services.mozilla.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 52.34.56.182:443 location.services.mozilla.com tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 1.1.1.1:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 151.101.65.91:443 tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 fp2e7a.wpc.phicdn.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
GB 89.187.167.6:443 1527653184.rsc.cdn77.org tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
DE 52.222.236.120:443 services.addons.mozilla.org tcp
US 52.34.56.182:443 location.services.mozilla.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
DE 52.222.236.120:443 services.addons.mozilla.org tcp
US 52.34.56.182:443 location.services.mozilla.com tcp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 archive.mozilla.org udp
US 1.1.1.1:53 archive.mozilla.org udp
US 34.117.35.28:443 archive.mozilla.org tcp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
NL 2.18.121.72:80 ciscobinary.openh264.org tcp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 push.services.mozilla.com udp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.117.35.28:443 archive.mozilla.org udp
US 1.1.1.1:53 addons.mozilla.org udp
US 1.1.1.1:53 addons.mozilla.org udp
US 18.173.205.72:443 addons.mozilla.org tcp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 1.1.1.1:53 normandy-cdn.services.mozilla.com udp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.42:443 safebrowsing.googleapis.com tcp
GB 142.250.200.42:443 safebrowsing.googleapis.com udp
US 18.173.205.128:443 addons.mozilla.org tcp
US 1.1.1.1:53 turbobt.net udp
US 1.1.1.1:53 turbobt.net udp
US 103.224.212.215:443 turbobt.net tcp
US 103.224.212.215:443 turbobt.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
GB 104.86.110.202:80 a1887.dscq.akamai.net tcp
US 1.1.1.1:53 ww25.turbobt.net udp
US 1.1.1.1:53 ww25.turbobt.net udp
GB 142.250.200.42:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 77026.bodis.com udp
US 199.59.243.225:443 ww25.turbobt.net tcp
US 199.59.243.225:80 ww25.turbobt.net tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp
US 1.1.1.1:53 pki-goog.l.google.com udp
GB 172.217.169.68:443 www.google.com udp
US 1.1.1.1:53 www.adsensecustomsearchads.com udp
US 1.1.1.1:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 1.1.1.1:53 afs.googleusercontent.com udp
US 1.1.1.1:53 afs.googleusercontent.com udp
GB 142.250.179.225:443 afs.googleusercontent.com tcp
GB 142.250.179.225:443 afs.googleusercontent.com tcp
GB 142.250.179.225:443 afs.googleusercontent.com udp
US 1.1.1.1:53 www.turbobit.net udp
US 1.1.1.1:53 www.turbobit.net udp
US 1.1.1.1:53 turbobit.net udp
NL 212.192.240.178:443 www.turbobit.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
NL 212.192.240.178:443 www.turbobit.net tcp
NL 212.192.240.178:443 www.turbobit.net tcp
NL 212.192.240.178:443 www.turbobit.net tcp
NL 212.192.240.178:443 www.turbobit.net tcp
NL 212.192.240.178:443 www.turbobit.net tcp
NL 212.192.240.178:443 www.turbobit.net tcp
US 1.1.1.1:53 turbo.to udp
US 1.1.1.1:53 turbo.to udp
US 1.1.1.1:53 hif.to udp
US 1.1.1.1:53 hif.to udp
US 1.1.1.1:53 app.turbobit.net udp
US 1.1.1.1:53 app.turbobit.net udp
NL 212.192.240.178:443 app.turbobit.net tcp
NL 212.192.240.178:443 app.turbobit.net tcp
NL 5.45.70.250:443 hif.to tcp
NL 5.61.56.172:443 turbo.to tcp
GB 104.86.110.202:80 a1887.dscq.akamai.net tcp
US 1.1.1.1:53 vo.turbocap.net udp
US 1.1.1.1:53 vo.turbocap.net udp
DE 94.130.130.77:443 vo.turbocap.net tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 1.1.1.1:53 turbobita.net udp
US 1.1.1.1:53 turbobita.net udp
NL 5.61.48.58:443 turbobita.net tcp
NL 5.45.70.250:80 hif.to tcp
US 1.1.1.1:53 s.o333o.com udp
US 1.1.1.1:53 s.o333o.com udp
DE 85.10.205.45:443 s.o333o.com tcp
DE 94.130.130.77:443 vo.turbocap.net tcp
US 1.1.1.1:53 mc.webvisor.org udp
US 1.1.1.1:53 mc.webvisor.org udp
RU 87.250.250.119:443 mc.webvisor.org tcp
DE 94.130.130.77:443 vo.turbocap.net tcp
US 1.1.1.1:53 engine.spotscenered.info udp
US 1.1.1.1:53 engine.spotscenered.info udp
US 1.1.1.1:53 i.gyazo.com udp
US 1.1.1.1:53 i.gyazo.com udp
US 104.18.24.163:443 i.gyazo.com tcp
US 104.18.24.163:443 i.gyazo.com tcp
US 104.16.176.168:443 engine.spotscenered.info tcp
US 104.16.176.168:443 engine.spotscenered.info udp
US 1.1.1.1:53 pocketoption.com udp
US 1.1.1.1:53 pocketoption.com udp
CZ 185.104.210.34:443 pocketoption.com tcp
US 1.1.1.1:53 recaptcha.net udp
US 1.1.1.1:53 recaptcha.net udp
GB 142.250.187.227:443 recaptcha.net tcp
GB 142.250.187.227:443 recaptcha.net udp
US 1.1.1.1:53 analytics.google.com udp
US 1.1.1.1:53 analytics.google.com udp
GB 172.217.169.78:443 analytics.google.com tcp
GB 172.217.169.78:443 analytics.google.com udp
GB 172.217.169.68:443 www.google.com tcp
GB 172.217.169.68:443 www.google.com tcp
GB 172.217.169.68:443 www.google.com udp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 77f74535c20a4fd8c4e078c7df0f067f
SHA1 43a4fc51d88e833f139bc2a29e95ad004d3735f7
SHA256 1af6997e6c29f106f9f7096daec4e1293c6bc62a9c947c8e70d5a05147bf0c78
SHA512 41d95fde4b67ee1c4af98d885f0687373420b77415a8ae10d5ac0421cb8c4004a387c14871a1681ae86edb901fe00fc847a3414174da1399ac8cf9f22ad5e6c1

/root/.mozilla/firefox/ann6wzwk.default-release/times.json

MD5 2dfba5c51ee5b2659119559f61597af8
SHA1 e5e23bc5b9fc308f344044455812cc1828812514
SHA256 d614f2ba12e3711c34305e97ddfdc12470267af906e3b6cd82925c1254fa20be
SHA512 2c97706dd0a6f9c38be5ded0899251173385fa65553a90b93f3f8d9700bfe65e6bbc2982371d36d76d32b75f9b3893a11f0e5e4ab1ac7a1c9ab745636381fc36

/root/.mozilla/firefox/zxtmunfd.default/times.json

MD5 fd8179d02349999b22e0a808bc796bbb
SHA1 5797f38845d42a4cfcfd58fead9e7aa1048c1058
SHA256 124aa6882152a3e9f73e97dc4f85ed9b529ec23bc9bd91210fac861014981e52
SHA512 91fa563f7835fad6ab3cad91e203a8c893b6771587a7560498c280292d9a56a269e6b5fec77c000bcf95ccaa8e1f21715b0bc8add2d0238b5be773f31579283e

/root/.mozilla/firefox/installs.ini

MD5 3432aa92a0a7994432b520ae86c095e9
SHA1 2366a656223b83a67ab9c9b8149ec9d8e0ec216a
SHA256 440ea6116b08f09a88f93ae06d755c24625b8b387d31355862decc8f8737cf79
SHA512 94a1b8ae44b25aa37badf279e63fb9096dc480f1202fc427f739acc6acdc460a670ab47cee37411ae8b947f94fe0bb01e5f08a99ba5396541472e7d5bfe34849

/root/.mozilla/firefox/profiles.ini

MD5 cce869550b3db6126aaa69e476212a21
SHA1 171499acbc9eb1d481d31f05905202a616fd7b17
SHA256 2411b21efd2711ee558e281c46df94535ebb88fa6bc8f860eb40072d180592bb
SHA512 153ee603f9669f205c0ce713b1d6620d85cb998bd4638ae5432e9ea3f4b0258230971cac25bc85ed67d4682c583dcdeeb99d89bbc78eb40fc6cf67ab7de53e06

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 b5e02dd65a7e593c230214a677d855a4
SHA1 9e04221da285f4450ee56643c2933999248b80f6
SHA256 4f00d6618733dec68d88ec014b848a3f33c67474ea7dcffd7ae6b126a36ccd91
SHA512 3e4cea711b28a0e9f8ed99a291ba2cf5317a7d26c05d5093e7e6fc60b790b967e71d2a907720a88ef4b70559fdb68096721245d7fca71f506b05c59ba0d75d37

/root/.mozilla/firefox/ann6wzwk.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/ann6wzwk.default-release/prefs.js

MD5 4b2c8eacb41c70b4f78da830e8850559
SHA1 3b00299a66b61d377e0e76e0e22fc4c9cc04b024
SHA256 8f180b89d3d9fceb52897dd6258f740848ab6a76be208d10dc9bfba7cc49ca74
SHA512 e8d6cdd90b8e2557415a99929c8b738c88c577f63162e67b30627e9a5340e6c69977b9b66998d626dff2fb6df067c1f0641d70002afbc7b0d9b8ded5ceaf9285

/root/.mozilla/firefox/ann6wzwk.default-release/cookies.sqlite

MD5 a7bcea1c0a0dfb9d44a9726ba016edff
SHA1 8dbdf3083273d3ba6aa3c7111321014383c6e823
SHA256 0bf18382bae9b86c437f97017d3649075c13780273bb080dfe15f2a9be7a99e6
SHA512 78316fef8ef1f1c1544717bef5344de0b896549f9c479b2318cf117cee078348fd4546e9e82e3a3ab4c65776cf0a116301440489ed75b475140c844eec84b765