Malware Analysis Report

2025-01-23 15:38

Sample ID 240416-mbbwqafh66
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Reads CPU attributes

Checks CPU configuration

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-16 10:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-16 10:17

Reported

2024-04-16 10:19

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

64s

Max time network

123s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #6 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #6 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #7 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #7 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #8 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #8 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #9 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #9 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself Worker Launcher N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/default N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore-backups/previous.js N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/thumbnails N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/favicons.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/places.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/temporary N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/places.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/favicons.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cookies.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/protections.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/ohkjalgk.default-release/handlers.json /usr/lib/firefox/firefox N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1675/cmdline N/A N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1574/cmdline N/A N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1734/statm N/A N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/self/task/1779/stat N/A N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/1655/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1712/smaps N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1595/status N/A N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1595/attr/current N/A N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/1670/cmdline N/A N/A
File opened for reading /proc/1734/smaps N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd/33 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1741/stat N/A N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1635/stat N/A N/A
File opened for reading /proc/1712/statm N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1651/cmdline N/A N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1718/stat N/A N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/1646/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1666/cmdline N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1582/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/95 /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {add96d8b-ad88-4832-b972-1b70b06b6064} 1574 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {3a1316a6-56bc-46b0-9ff1-f67e23f75d51} 1574 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {2fa97c13-2f64-4af0-9671-973caf40874a} 1574 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {c75f5071-d91e-4ee0-8d09-ac0371cb6412} 1574 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.130.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.3:443 services.addons.mozilla.org tcp
GB 18.245.162.3:443 services.addons.mozilla.org tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 44.240.56.209:443 location.services.mozilla.com tcp
GB 89.187.167.3:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 89.187.167.8:443 1527653184.rsc.cdn77.org tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
GB 172.217.16.228:443 www.google.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
GB 143.204.72.186:443 www.mozilla.org tcp
GB 172.217.16.228:443 www.google.com tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
GB 172.217.16.228:443 www.google.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
GB 2.19.117.19:80 a1887.dscq.akamai.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 35.83.153.5:443 shavar.services.mozilla.com tcp
GB 2.19.117.19:80 a1887.dscq.akamai.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 autopush.prod.mozaws.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 1.1.1.1:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 1.1.1.1:53 fp2e7a.wpc.phicdn.net udp
US 34.107.243.93:443 push.services.mozilla.com udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.43:443 services.addons.mozilla.org tcp
GB 18.245.162.43:443 services.addons.mozilla.org tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 addons.mozilla.org udp
US 1.1.1.1:53 addons.mozilla.org udp
US 18.173.205.87:443 addons.mozilla.org tcp
US 18.173.205.55:443 addons.mozilla.org tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
DE 52.222.236.23:443 services.addons.mozilla.org tcp
US 18.173.205.55:443 addons.mozilla.org tcp
US 18.173.205.55:443 addons.mozilla.org tcp
US 18.173.205.55:443 addons.mozilla.org tcp
US 18.173.205.55:443 addons.mozilla.org tcp
US 18.173.205.55:443 addons.mozilla.org tcp
US 18.173.205.55:443 addons.mozilla.org tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 1.1.1.1:53 archive.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 1.1.1.1:53 archive.mozilla.org udp
US 34.117.35.28:443 archive.mozilla.org tcp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
NL 2.18.121.72:80 ciscobinary.openh264.org tcp
US 34.117.35.28:443 archive.mozilla.org udp
US 1.1.1.1:53 turbobit.net udp
US 1.1.1.1:53 turbobit.net udp
NL 212.192.240.178:443 turbobit.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
GB 2.19.117.19:80 a1887.dscq.akamai.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
US 1.1.1.1:53 turbo.to udp
US 1.1.1.1:53 turbo.to udp
US 1.1.1.1:53 hif.to udp
US 1.1.1.1:53 hif.to udp
US 1.1.1.1:53 app.turbobit.net udp
US 1.1.1.1:53 app.turbobit.net udp
NL 212.192.240.178:443 app.turbobit.net tcp
NL 212.192.240.178:443 app.turbobit.net tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
NL 212.192.240.178:443 app.turbobit.net tcp
NL 212.192.240.178:443 app.turbobit.net tcp
GB 172.217.169.74:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 pki-goog.l.google.com udp
GB 142.250.187.227:80 pki-goog.l.google.com tcp
GB 142.250.187.227:80 pki-goog.l.google.com tcp
GB 172.217.169.74:443 safebrowsing.googleapis.com udp
NL 5.61.56.172:443 turbo.to tcp
NL 5.45.70.250:443 hif.to tcp
DE 94.130.130.77:443 tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 turbobita.net udp
US 1.1.1.1:53 turbobita.net udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
NL 5.45.70.250:80 hif.to tcp
US 1.1.1.1:53 s.o333o.com udp
US 1.1.1.1:53 s.o333o.com udp
DE 94.130.130.77:443 tcp
DE 85.10.205.45:443 s.o333o.com tcp
NL 5.61.48.58:443 turbobita.net tcp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 1.1.1.1:53 mc.webvisor.org udp
US 1.1.1.1:53 mc.webvisor.org udp
RU 87.250.250.119:443 mc.webvisor.org tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
DE 94.130.130.77:443 tcp
US 1.1.1.1:53 i.gyazo.com udp
US 1.1.1.1:53 i.gyazo.com udp
US 1.1.1.1:53 grincircus.com udp
US 1.1.1.1:53 grincircus.com udp
GB 172.217.16.228:443 www.google.com tcp
US 104.18.25.163:443 i.gyazo.com tcp
US 104.18.25.163:443 i.gyazo.com tcp
US 192.243.61.227:443 grincircus.com tcp
US 192.243.61.227:443 grincircus.com tcp
GB 172.217.16.228:443 www.google.com udp
US 1.1.1.1:53 engine.spotscenered.info udp
US 1.1.1.1:53 engine.spotscenered.info udp
US 104.17.159.201:443 engine.spotscenered.info tcp
US 192.243.61.227:443 grincircus.com tcp
US 192.243.61.227:443 grincircus.com tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 104.17.159.201:443 engine.spotscenered.info udp
US 1.1.1.1:53 system-notify.app udp
US 1.1.1.1:53 system-notify.app udp
US 1.1.1.1:53 pocketoption.com udp
US 1.1.1.1:53 pocketoption.com udp
CZ 185.104.210.34:443 pocketoption.com tcp
DE 157.90.33.68:443 system-notify.app tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 recaptcha.net udp
US 1.1.1.1:53 recaptcha.net udp
US 1.1.1.1:53 analytics.google.com udp
US 1.1.1.1:53 analytics.google.com udp
GB 142.250.180.14:443 analytics.google.com tcp
GB 142.250.180.14:443 analytics.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 57249f33bd739adffe5a5f10659d36e4
SHA1 e8eef3611e58c5e6c9f6a54d0c2c7abc36f24fdb
SHA256 75700f482ba29106035a315f59247f5d0a0ff6547e0b2943475a81a94b903e5a
SHA512 d01e0a1a0ff90dd77ac861fa3e07b4af44979a673cc497d29ffd46f120853e3d08e9dc72c8adaaa2c3142352f89f1512569ec00b85010021c8f6a3cc1fbbc2aa

/root/.mozilla/firefox/ohkjalgk.default-release/times.json

MD5 40ae4645f9c69a30de68e89d083d65c5
SHA1 bcc7f9bd3522df147ef11f9e202e4ca2da166d07
SHA256 9219a513f16db20dfaf5355e57da57d9f85327dcd7bca25957e413e83d82face
SHA512 c956d98408c0f51a785a16944334e4c9e16927eb52bb94e3afa0da4b48e364cbcca7e48f3f9d7b41215bd9e193d8d48be6d28d2c676f519116caa6b2ddbd3e3d

/root/.mozilla/firefox/zoch2irs.default/times.json

MD5 255f0f25ace9b53aaa995e3c8b0259b2
SHA1 a82b0d151615fab6b6fb4152f90619cc49dc69a6
SHA256 3bb84bb2cf140243f0ca05eb1e4a6c410d42f377ed730dec17cec1ee55528083
SHA512 6126893b4d9e6a3e6e5e94e7d2fa9aa6916f4e7882b35ca3381604a9b43b71dba1bf24e8e524a1d750b1f30ed702bab40864dbcb0d27459fc028d96e555ea5fc

/root/.mozilla/firefox/installs.ini

MD5 ac3e6bcc2281229be78c625df0290fdd
SHA1 d72c2b645ad6c6164b5c62edd1b145e38ba6b3e7
SHA256 b3966c40eb864fbb7b14eb8fe7881cd756724846167f181dfc19a34687fe6fe1
SHA512 adfcd27ae907b4fddb5b2ae9332eadedb63de455341aa91064c809ff5a865ace883d10e2be237a2a6fc2a2c468a26a85b6d649df17f4e86676ee24f3651e22b6

/root/.mozilla/firefox/profiles.ini

MD5 c0ddc10a4357ec58d54338d237293629
SHA1 e553fbed851d8af13261f3e00b4d2a379a6e9fce
SHA256 c039bfb9504f2fe1330bd7d8172f9f317ac3e9155f4869dc1dbc1dd54907d636
SHA512 7dbd3f336ab4b28f3fbeca9f3d594fcdc159a405ab376bb837072382bfc3bf9c29f21ca9fe507032e4822f44eb8576edf5b822bfc8f87dfeef6f7cb4d86f661b

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 25e100f1a9bfac355f983de672cde3fe
SHA1 50344a552e7fd85b5b6e21b5485108d6a81a0959
SHA256 d4a12a7d00770042e60a6a445b86722fbd42e822336152375484f73fd7331e73
SHA512 337c0a3615c3eec8094844162f5ea24a633ef17291b559e1bb9c29452d6e3d80cf5bd14fbc3d3587699adbad434c8b6341b417c7701a55471928988d80e4cebe

/root/.mozilla/firefox/ohkjalgk.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/ohkjalgk.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/ohkjalgk.default-release/cookies.sqlite

MD5 6ae0b24bb456e114aba513c5dd4bbae0
SHA1 28e767613eec317ed770b9057cfae86f0469fcb2
SHA256 ef2a6bf02d688694d299c66516697167176be4d53c4fcaaf360d706edfd3684b
SHA512 7c6755249b34d78e32f1bc2cbd67cb04e9d1d69583f6b2d1a67eee6f4594a93989909f757e8d0a0074ff77733175347697482db799655b4cd28b1c1afe870fe6

/root/.mozilla/firefox/ohkjalgk.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/ohkjalgk.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 588383f823f24dfc393425ad7719a075
SHA1 b29b828eaab95870502462c790313ab569ae690a
SHA256 06e5dc3a1c7c57be0fc9a16e55f204064854bf94d73903877a377854ba3627a0
SHA512 efbf065993a2d83e9c8d426940adaaf3953f2afd5bd66d2cef98852ad455f9a2e69339b93579c1d0034f1ef362141e5b2afc02d873c2f64a090579483ec1091c

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 ac682416efcf2e01d7dce342a1ceb173
SHA1 209cf1cec0f6154a44e8aa9b3a64139081001926
SHA256 4e696b436ac579c727895b974b94fe6e8b08aa04718c5480adb2edade0f238e0
SHA512 edc4f968ecaf26ee34c3bd5db633e427fbfdbd54a5d93f3713af4e8e47ae8cf271c49bdb57d517fe3b056790c1b8a799fb451651a06bdc559279009c918937eb

/root/.mozilla/firefox/ohkjalgk.default-release/prefs.js

MD5 681e5dae0d4034daa29fedb911f601b4
SHA1 e8380ddf0ee306785e91373defda069aaea14656
SHA256 94b24f7baa9efae750095fe29b371e2f3477226cfb94866fffe50ecdc07825dc
SHA512 4c3c595a735bb42dae4b2f0e390cea8e5bbea80f34d81fd84baac9f728b9724bb1e12ecddbc02091a57398abce0fb91a4ae163fedbd7273d6b935d5560a3f9f8

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 0b9bbe1072af76217d39d552bd673da7
SHA1 a16137c9de92c6a53a942e686da28379977ff06c
SHA256 e64bf561b3a679ac886909a8c0a9d8b40a8652c0ce4d7769a1176d617f0787a1
SHA512 8406a32ffbd33685c0091ebfe32153957b33caa928816ec2946d949588e5d50dfa1b6f7e4f3529d556129b878432daaf90f00a03c98f9205627802e5199a2439

/root/.cache/dconf/user

MD5 c4103f122d27677c9db144cae1394a66
SHA1 1489f923c4dca729178b3e3233458550d8dddf29
SHA256 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA512 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

/root/.mozilla/firefox/ohkjalgk.default-release/prefs-1.js

MD5 72bc21413df36a048768a180da3dd575
SHA1 1a474c86c4895a3421d825d32ec625d5106816ce
SHA256 3ef6e7f7500861d94dc033655a84c05e9ae0563fb4051913bd84198779f1c830
SHA512 01ab95aec737c0fc328916555e9df5aa45110621de49c30e11008338ea5895bd156b4bcb7a130acee3ef95e6d17404f05efe9923736c5a640180c22ce75c7deb

/root/.mozilla/firefox/ohkjalgk.default-release/permissions.sqlite

MD5 404e50f05b78c62eccd7cc5bf5cee234
SHA1 04da6ab97e3816cac56d137e15e05f6417a0e870
SHA256 666e02e258a8ff110f3f7b9f4787b98a85ed03285ebcee6eb85da6d99a83d187
SHA512 3c8d77ad83cc0c71a4d610ac34c24abd9a318de22c4136a65074ff070870db6f54011a3a99f5a36a5bcaa599ac1a0594f732755e279b43dae1849ede682e3cd3

/root/.mozilla/firefox/ohkjalgk.default-release/prefs-1.js

MD5 07a1bc6518ac5e4b8912dcb5960b071c
SHA1 8f8396faf0a8d0d123a86fcb726c12c6cb8663e4
SHA256 71d4174b3c12403d6d987883354daba94535d57c5e391e580c0dbf74e3ac7946
SHA512 8c9ea9341d1a13dd8d204ea8ee4f69fd838ab8f70c1b9f9dde6683e6849ed98cb2a8daf2aca27e0e96833ef3891d37a4d019be27504a4a78f089dd23b4274a07

/root/.mozilla/firefox/ohkjalgk.default-release/times.json

MD5 8d51071c6506ec7c61ac654f17b658d6
SHA1 2da2f84dde2f6541d86924d6ba63a9d3dd028baa
SHA256 4858d88cc83ab6851e84e3b1f7ed196ed08cb2ee9f958fcdb2d75a0aa711af1f
SHA512 75b715b824f5f11f6cc951827788c21a18154f11d28dd01937ad794aaedf3cddc08530806e1bb7b8c75755503c9af541d6cb8b33d6d51e3522f89f8229abb959

/root/.mozilla/firefox/ohkjalgk.default-release/cert9.db

MD5 c489a1f3e35e71f506498374976af966
SHA1 bf6fdb4fe6d6adeb68a207f7c2aef99704824df5
SHA256 5c2975481c62add79f49787946495f1b188a28e5c7b3e29e36a3704d2707e296
SHA512 598159766410f0b5817fff6c9b601d3c508ada7581f01a9063aa71310f89aec10262577a5fb1aecc0da0203fe56728493916ce10796de264b1f21f690a903d7c

/root/.mozilla/firefox/ohkjalgk.default-release/key4.db

MD5 644c0a3fbb491ae265662f9cd2283597
SHA1 cd4ccf30c03fd56c7ed58b13d606e29fc0538dcd
SHA256 2f60a1784017a8a36a88dba814fb5aba91acda3ffe49bb7445954bd0feafc5fb
SHA512 3203c30a0abaf0d5a56f3eb75b04a3d6e4073f24de080689546165fd4a0c1e6f80acb8ee71af219d2a2c7c757c08966ba76b8b10f1cb115d1d5729a91e4aaaf4

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 d47dbdc8e6fdc3168dc5834521088963
SHA1 d411ac3ac0a50eea1d345d52abd495208c42869c
SHA256 56411510725b8de155bdb181f04fe36baea26e33cebde015a0062bc44685dd41
SHA512 6624fd162db1f6f212d6cfdb56e907c6337f30ef119bbf680a976e6d00df0e4397403c1cba4558df3730f27bf190ad11b975f9dcc2105fa6285293fee80ed20b

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 31d2b11ead0838e48b403d36057145ba
SHA1 aa8b7437d911489cd5b40499e46d841c1c95064b
SHA256 9d0222c6655bb8814627de61b296ae23c000cb427468149a1912165bba60e99e
SHA512 33980166adabba555e19124c37da44044ebf5bdea45c61068b1c4c3ffedd0e89c55b6da1aaf4ec6899f9ee7394cb47f58a20915b4989b8d86f21294c1100220a

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 a7a3eacd8ae823f2d9b9574612025860
SHA1 542c7c8d0c9d2fffbb6451826611303a565695f7
SHA256 39aa06b05d40a34d9f4fc6b57b596903f89837155239acd7af45f25bc3ea8f54
SHA512 00477f8762c48b18fa51bab344463bdd4b53c7ce4c656841417645ef1b29479c46aa4e2354c3dde4c6ac60a3901772cf95991fb4d6f53cda2c224ad730b6e857

/root/.mozilla/firefox/ohkjalgk.default-release/prefs-1.js

MD5 b8a8d36275e1dddac15ad73bda29f8bd
SHA1 20fe94dff799c51e9a76bbd7a838cf5779ac3e0d
SHA256 47db712ff660e09e51d4529192c8570d463ab01f991a244968de48506c0418f8
SHA512 ce24fbebe09a7a9c2d25d3e5afe083eb4e4717e8dd76c59bcbe211170fe02c80ff7f23cde23059b29781984fbdbaf30e8f8c47fe5ff5f3b52da3e96719dcd1f4

/root/.mozilla/firefox/ohkjalgk.default-release/prefs-1.js

MD5 41915fa5248c124268c80c7e3f0f9949
SHA1 37c63a05bb7bca5d855a168928b80a68cad108d4
SHA256 2dfa6c6d73a2ff991562c6390be2af505fbef6f12d9c89b9b90cd40f5ea2032f
SHA512 b277e0c3f74ab7d6d9197c3943d9c592471ddf8e1162bc96dfc55d96fd04257142914fb51f0b581bb11eee9da144c886b4940a2e74c3b88c02a39cd39c704077

/root/.mozilla/firefox/ohkjalgk.default-release/prefs-1.js

MD5 b13a1877c67c96342726ccd9809181bb
SHA1 d96d9780b7ceb938360ebed1df9fd6cd55d69a36
SHA256 6a6e51b6918a04c2ab11b0ad7ee8db1dbc7dc2993d4c635aee99135f65568404
SHA512 3f1b293b6f7af6fd4a1220c02b9b5ebb69f7f4d45fb21a077bd7d78fc73f189286b72d8be1a2dba165b4ac230b63fa31a929589f2f4d0acb99b786dcfb757485

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 9210e91f9222a3705417dfa755c68fa8
SHA1 95e91de3a7a235b7e83122a1d26f756e54c355e9
SHA256 27ac78c314306704b9cdb70b137d3762f3e14a96bb26a75c47ec7796e57b1680
SHA512 bca0afcf5c39bf79837cf961ed5c90970e70a85410a1a037d3ac01847fd91b7e07c727c8829385a1d9fdb63c2601e120ddd0856a8e152c8e494bae19e3c357d5

/root/.mozilla/firefox/ohkjalgk.default-release/content-prefs.sqlite

MD5 1fc2e7b7fe2c5be305dfa9a2bbb60771
SHA1 4967389dea050001cb1af3ec799edb7805c3abb8
SHA256 1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a
SHA512 fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

/root/.mozilla/firefox/ohkjalgk.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 68e82304adc24e17e01001d004ea1cd5
SHA1 8eba35e0b5de67e32a0603384c338ea85d6ab9f4
SHA256 9c76e4754267677e6dea1b3837c2ac09c563e09273a99a56d2a310676e052b46
SHA512 6cc945d434b272edc51cc9e82613cbbd0fbf71f68b1a73cd8baa98516c3891afc4979534ea71c7e4204375d79010524af1638b4ad4791252b4286062438e5c00

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/6D89348819C8881868053197CA0754F36784BF5F

MD5 fc5a21c64f996edcaac4c55adcc28d16
SHA1 9f9c5f36117114bc26de59ccf884965ffc02bec4
SHA256 227f1871f7d007a585f5ed03a8b877559a5189c30ae93d31272500b3d33a866b
SHA512 52a0a4bd2d7367ddecc48f6d77f9f4a84bbd8492b14b2269b60d80f318b977bd13814512e50992a7b2377ef1e44e2b209af4b6adb4deed3deda5cf9ca42642f6

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/44230749A38B6989F56217B435A03E84CCADE62D

MD5 9bb86d68c24c1a55bbcb2ef4a0d861ab
SHA1 1fffd91c1f686bff7dd11a24a0c07f7930133bd2
SHA256 9da4f659e0a4f055ce38e4fe1bf9fd691af18bc0ccfcf2df5dfddb5cae7d0678
SHA512 c2af688a17469de5067d4f5434ce43ae207b285379d9d746e6790d84c2a51e9cf8e073f324fd1a7ecd70e437d5036a16dd17caed0f82057fca17b64fea1449df

/root/.mozilla/firefox/ohkjalgk.default-release/prefs-1.js

MD5 cd8736f72184b86dc566840cac30ff1f
SHA1 65320e50a069bb97cb2715b29f30d0d1a60c90b3
SHA256 c2787a095ea27fb315c8511c254ef4ba2e9c114c63ae5767da9892faeff8931c
SHA512 e1b7c9ebd7e7b722467493d7f27ca8afe179032344e4d6491f2624bd4cf3dc433b5b3e53e3213e652f4e63ac7bd84fe1bd4cebc5478b7c9ae220fc8d788dc3f1

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/039090029E64BC91E87E77199A6A6BE11FC39B6F

MD5 cd10a3f074b125db95a9b6e0dabb4eff
SHA1 4adf10591da72b7f3e4edba56c57f7abb8c41247
SHA256 c49515ac4a1db0393d6071079bc3f4f0c095b6e31a61c54a90124d7b5ab512a5
SHA512 c62d23bf9ed9c9f44583323eead57ea2ac371fa2fa67d78c098b727bbcfbbcb938266d54cdc5459687d236353b475554eb8665e25a18fca54d032d61ba7ff674

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/44230749A38B6989F56217B435A03E84CCADE62D

MD5 ea37017d1c7b00b44f741a4a1a50c6a2
SHA1 b0735a0ce1f0b7af6019594ba085a69f329d2cd5
SHA256 43c9bdd0e35b6b60187057b3372d2ef85e55efe4e0d0835d11594fa43e36d65f
SHA512 de6ca73aa1107bf8ebb13e3cf1fe6ce47f9382a16c853a8a9bb9eadf623a2fbe119d7836800128cbff693260a5884a0a5403d60a1a5601878e45b1500cec7268

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 30cf9878366a6f9bce197f29a974a5fb
SHA1 1fa908ac7327143a0f0e3b9c28d1acc508ac989d
SHA256 07f8205b64e795d7d67f275dfc9efa911dc1648644b6bde592da53983b72394e
SHA512 b2210ae372600eec1abbe97efa2d1427aaa853d22fab264666d9e3cdc31c1f79113129b68a5d2f96536b4c032784acced27e7d4e9ecc225b633bbe619a2ae297

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

MD5 32fbfb909ce917e3dd717f5053840622
SHA1 788c1c25bac9da325131004bc059a3eee0186812
SHA256 afd406580b1c1934f0f961cc68c268bc73ae325f5d876b13cfbacc370f75c85a
SHA512 353ad98ffbbbe99237c2aa9aaaad250709dcfda4fbcd7c837c072552655b7f2e861168bcaf1821d6925650ebe7bf6d625e0cf244458630bf037cb248ec042093

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F

MD5 5a0544e111c67c8ce9b0ccd9877160b7
SHA1 31ca76bf29bd682063f15383269e8e65ae62e993
SHA256 8e78b992e8c0d01156cae515b2342681768b3648360039d744da18e29c442151
SHA512 18f4a7bc7dec9b85f0cbe823e1e1be531c9c236e5fa0495d3f02a8796d1ae80e32ba960a3efc7fb15fa6f4ff6cd55ff6a75557676235ef559bd8a7a4d2451a23

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/099EB2BF8827A4F91EAB3E38B14650D0205226F2

MD5 16626ec852cad7b142d5e025a453e57e
SHA1 85d67d9c11e180edaa9292cbd1cb2d69bd7ccb6e
SHA256 fdc6f626e9fe30667c3aea48f7abfb8ebc05ed43c18b512be30c72bf6eef90f8
SHA512 41bfc17f3a4497e2aaa350cefeb761b706e50b10feaa42d022ec67a1e1d829e0e94da027d4c005a0bbbe81124eaaca526d7a52e9c2ce29e0d6fffd3a842eeb2e

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/D23F7952044A1A6016B80DED46FC563716A295DF

MD5 8b1d1300502ea242edf465c6354756db
SHA1 5ed9724cf589400cd4aba95a4846951da9a6b302
SHA256 0671c95447de5e111001d6a298f985b0ddc38bdb3a0aa8487f318c6df581b98f
SHA512 bcba6c8b0d07f790a5ef0f0c9931f5f921ff7e7c4146334a9384ec6dd11fbd2ce1a986ef4be5db611a09108a0f1eaee526387060634c6fbb53e6f77e2b0f1b81

/root/.cache/mozilla/firefox/ohkjalgk.default-release/cache2/entries/1F62480DACF8C0D521EEBE505E2857CAC773ACCC

MD5 cf83c286cd7f7527a0201a6bae59ddda
SHA1 5a32a640758b363a15c256d4203eb63a3899b09e
SHA256 77f3d79bf362f378d2bf97baa0829e08062a636cbd9f40f9e3efa1ee778c6f85
SHA512 1896a2ce8b7f21f97764cf344e7c083e6c1c7234d3978d6b4f4450c2465516408c8001d5880a2230497a2c2a43d13ffb49ae824effb62c6ce703f3f84e2e1107