Analysis Overview
Threat Level: Shows suspicious behavior
The file https://www.google.com was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user data of web browsers
Changes its process name
Checks CPU configuration
Reads CPU attributes
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-17 01:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-17 01:30
Reported
2024-04-17 01:30
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
3s
Max time network
5s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | QuotaManager IO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IndexedDB #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | DOM Worker | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #5 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #4 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #3 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #2 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | MainThread | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Child | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1599 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | FSBroker1599 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Process | /usr/lib/firefox/firefox | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ProfilerChild | N/A | N/A |
Reads user data of web browsers
| Description | Indicator | Process | Target |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/compatibility.ini | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/permissions.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/shield-preference-experiments.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionCheckpoints.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/key4.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/ClientAuthRememberList.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/places.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/addonStartup.json.lz4 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/ls-archive.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/pkcs11.txt | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.bak | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/key4.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/places.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionstore.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/addons.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cert9.db-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionstore.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/content-prefs.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/extension-preferences.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/system-extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/extensions | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/times.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/search.json.mozlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cert9.db | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cert9.db-journal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/ExperimentStoreData.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/prefs.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/user.js | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/SiteSecurityServiceState.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/previous.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/extension-settings.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/handlers.json | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.js | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite-journal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.baklz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/places.sqlite-wal | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/extensions.json | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.jsonlz4 | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/AlternateServices.txt | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/cert9.db | N/A | N/A |
| File opened for reading | /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/online | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | N/A | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/vendor | N/A | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | N/A | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | N/A | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | N/A | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1575/status | N/A | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1642/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/37 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1606/stat | N/A | N/A |
| File opened for reading | /proc/1638/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/75 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1627/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd | N/A |
| File opened for reading | /proc/self/fd/6 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1678/stat | N/A | N/A |
| File opened for reading | /proc/1724/smaps | N/A | N/A |
| File opened for reading | /proc/self/task/1565/stat | N/A | N/A |
| File opened for reading | /proc/self/stat | N/A | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | N/A | N/A |
| File opened for reading | /proc/self/fd/41 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1741/statm | N/A | N/A |
| File opened for reading | /proc/1575/attr/current | N/A | N/A |
| File opened for reading | /proc/1697/statm | N/A | N/A |
| File opened for reading | /proc/1697/smaps | N/A | N/A |
| File opened for reading | /proc/self/fd/51 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/74 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/49 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1675/smaps | N/A | N/A |
| File opened for reading | /proc/1724/statm | N/A | N/A |
| File opened for reading | /proc/1623/cmdline | N/A | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/gvfs/gvfsd-fuse | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1704/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/45 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/48 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1741/smaps | N/A | N/A |
| File opened for reading | /proc/1675/statm | N/A | N/A |
| File opened for reading | /proc/self/fd/111 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1727/stat | N/A | N/A |
| File opened for reading | /proc/self/fd/29 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/38 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1618/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd/43 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/35 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/50 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-permission-store | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1647/cmdline | N/A | N/A |
| File opened for reading | /proc/self/fd | N/A | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal-gtk | N/A |
| File opened for reading | /proc/self/mountinfo | N/A | N/A |
| File opened for reading | /proc/self/fd/44 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/47 | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/firefox
[firefox -new-tab https://www.google.com]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -new-tab https://www.google.com]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {a57bbb6b-3fa5-42e3-8584-1d850e21ea9f} 1563 true socket]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/lib/gvfs/gvfsd
[/usr/lib/gvfs/gvfsd]
/usr/lib/gvfs/gvfsd-fuse
[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {47224091-1ec1-49d7-8f75-8230a264d4bf} 1563 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {8d780d41-b1e3-4a63-ba52-0a8002089bc5} 1563 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {03b894ec-5157-472b-8348-f1cd3c5e083e} 1563 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {516a29d6-5609-4357-8f3a-d3f834ba149a} 1563 true tab]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.130.49:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| NL | 52.222.139.74:443 | services.addons.mozilla.org | tcp |
| NL | 52.222.139.74:443 | services.addons.mozilla.org | tcp |
| GB | 89.187.167.2:443 | tcp | |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 52.25.6.244:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| NL | 195.181.172.27:443 | 1527653184.rsc.cdn77.org | tcp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| NL | 142.251.39.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | www.mozilla.org | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | example.org | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 1.1.1.1:53 | www.mozorg.moz.works | udp |
| DE | 13.32.119.185:443 | www.mozilla.org | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| NL | 142.251.39.100:443 | www.google.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
Files
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
| MD5 | 714e8d5a753f54c69b3144a9d3c73a08 |
| SHA1 | 8a64ca262340794bac7846f8107c13bdf61a301f |
| SHA256 | 80c834f66bd83068c47488bae6c1c1fb52e9580054151b58ca4b096482fca6e8 |
| SHA512 | 81313b3db6b7e3bb8cd157580f49ad7434a0237be3bb9293eda7e4460d8ec7c182e09a7ffa3a2901a57c1bd6f84879ddcb8419a9d0403f01e3219aad51574741 |
/root/.mozilla/firefox/5526ysiv.default-release/times.json
| MD5 | 7ef7acd6d089f0aed83b6d6535da0866 |
| SHA1 | a7d2647e0e388d59402a48634fd4b77f5d2d328c |
| SHA256 | 11147e35c9a03bc110b12465b898ac08949e9ad9c7a10a4ace646841fc9865c4 |
| SHA512 | b5262b57c8b156ee10f15ddbda46260ddd3b3df133ddeaa82d26e0a979e5cc8c9b0b1f9096c2dea6ca040fa8630544db14a3633f7d3601b1cf366de8a1ee36a8 |
/root/.mozilla/firefox/8cvz4oix.default/times.json
| MD5 | 3aec44b4cc9c4c904ba31f10cda9bcee |
| SHA1 | 280a1925854acd59b42d4157f3c091a7be8a01fa |
| SHA256 | bb7e43eed1f0eb2a1981cbffc38f7c1340ed190081ff4f98d1c1ffe11624b58e |
| SHA512 | ea6472de83bad3f2c074a40b58f8f731873c82759decb1e303bf3325c5d94dfea70ae03042029d5aa4ad0342207563517734b39d97396b9c118fb5488b0ccfec |
/root/.mozilla/firefox/installs.ini
| MD5 | 9def42e7e44740645d27ef5eb8e313c7 |
| SHA1 | c13d98849da1bb1a4d95500b84bceb7cb822064b |
| SHA256 | 67c66513459e9a00a827b80d8a5e7b13ddb191e8b9b803e1cacd26741ba0ae53 |
| SHA512 | e69907ff3a84e78c9181cb5a42341fe33ea8e30952cc6d6c17d399f15e8bc82f3c4ca7ec8db8f1bde8e16c36d600b2f033cdbdf1ccbc96234140c39df8c51350 |
/root/.mozilla/firefox/profiles.ini
| MD5 | 0a32d5559989f18944a2ef655e569bfa |
| SHA1 | 2cc0effce66343a6f85fa9abf4336d1cd5892617 |
| SHA256 | 8082906bd314700adde80984df298ee3a8fc0d1fc75654747c34b1cbf05ea44d |
| SHA512 | 2d4a12d350eaa907b60471622c19e53078d83f0936c88490085a811cef97e80baf5b85d855fa2426a41bdab8ba0ebfb5d42914623cf1a677a9099d9417d013db |
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
| MD5 | 5fd52356046ce75cca66c0433d68bcc0 |
| SHA1 | 3845903f7bf3c454bd03216455b3d0e714d31fbd |
| SHA256 | 4d43cc88ab112a1ff74f37a7ec33ec5adc518b6c3da95731f394b3eec57e1811 |
| SHA512 | 7c70be5ac954216d8a9929269a491ac4e79e616e5c0285ab30a32cc42259dfec48eba5a1de024b0c1de069e48595bfdb9c650a4ed581cf42bcdec37827b2d051 |
/root/.mozilla/firefox/5526ysiv.default-release/compatibility.ini
| MD5 | fe452b7294d5928a9a5863b89ee0a6bd |
| SHA1 | a5d4c245071fa96476ba48b4725bdae7f1b7940f |
| SHA256 | d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900 |
| SHA512 | dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e |
/root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite
| MD5 | 9535f5fe817accc769c2c1d3354db39f |
| SHA1 | 6af62cf08717cf3bfa84eb1a7b311acf522ce560 |
| SHA256 | c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5 |
| SHA512 | dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837 |
/root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite
| MD5 | 5caa766855d5613a999f71b7812d6451 |
| SHA1 | ad0d9a52a0d5cc7f11858301dbe47377ed99ee37 |
| SHA256 | 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27 |
| SHA512 | 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba |
/root/.mozilla/firefox/5526ysiv.default-release/storage/ls-archive.sqlite
| MD5 | e0c613bfd69956a19ce2dc5e925aa223 |
| SHA1 | 14accb230edcd6cb76967cdc6d4e5686db96b5df |
| SHA256 | 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab |
| SHA512 | 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/ls-archive.sqlite
| MD5 | 178d71e5529d637ac62f7e75fdd75896 |
| SHA1 | 339f2b949cc4c207b66aea11137448ba28d36dcb |
| SHA256 | 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4 |
| SHA512 | ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/.metadata-v2-tmp
| MD5 | 97462d5c809e994abcc1068076ebafe1 |
| SHA1 | b8e5293811a615cd7698257cbcd0753510949e2d |
| SHA256 | fea35f3e6dc27169d94d9a1546fab4c67344ecf050f8dab4be8633112ad6fd5f |
| SHA512 | d3e30858faf66bb54c806c0f450eb84a8f254abcb1899095eaac6dcdbeae0c9de6d05b0ce95f596cde5bd24ee21872ec0cf8a11be48a44cc092fc3c8645cdf00 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 07a412e08825220262ad2890757ff779 |
| SHA1 | f46c127dbc070ded87a6078b3c1c761955f96de8 |
| SHA256 | da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4 |
| SHA512 | 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 9f67a4e15f6d2267cccc2d0d38c5998e |
| SHA1 | c10ff7a977f9475affedcfa2b35de55109bf3828 |
| SHA256 | a0932e9e4c38ea8cf40b81f3814a0ec46c6da239e01bf6cf11236b4f7598bb66 |
| SHA512 | c03e41c02f635ef0ec9f55b88d2a3fe5f88063b79e8003c18c91b317c930bfbc2e26272cfc35ac2fe3370ac53839e3eed97cc8113955283757cbea04d9a55ac6 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | 000e7d04af73ad1fb5574a342a8a4cea |
| SHA1 | 3f61f738a242ca55b394be151e28c8019e580e7e |
| SHA256 | e04140fc325c342426791e7b8b47f5e3b1f61e236364744a255d92cf272afa62 |
| SHA512 | 662d773f386b7e37774ba038ef70b45509b481af8fc68efd7f8d73dbca6b859db8f3bc208364224a5373aef484cb165e6d87207e1655f9348c8f34434634b221 |
/root/.mozilla/firefox/5526ysiv.default-release/prefs.js
| MD5 | 8e2938299741c9c3843702b1a32d58c2 |
| SHA1 | cbd8e8d83aa4e43bf41123c5537b6d2e045c07ea |
| SHA256 | 6c05042b77eafb98185729a3778377d390211fefcab3d533a6b48dc92872b35b |
| SHA512 | d31f0191d42c0899565c174bd3ec559cba61e1b566e38473570446aa7540b3fba1b8771643bbea3791855fae1b14fd10c6cf321c3413c3cba849055bcb8f7999 |
/root/.cache/dconf/user
| MD5 | 441077cc9e57554dd476bdfb8b8b8102 |
| SHA1 | 3f29546453678b855931c174a97d6c0894b8f546 |
| SHA256 | b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2 |
| SHA512 | 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8 |
/root/.mozilla/firefox/5526ysiv.default-release/permissions.sqlite
| MD5 | d14936a9d6974b952f264d030d6875c5 |
| SHA1 | 5114f61eac483eba858091262af1fcec58d7f12e |
| SHA256 | 849c3a3b5dbfbed18a18f0ff6371078d661a40b917cfa1da738d8860965def72 |
| SHA512 | 712b1562fe177a85957957020f394141ac6cc24292dcf91fd9f15d0372d1f394d71d3852130029fea72bd2312d5e8b47d60c4a13791b49ec873737960a653e24 |
/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js
| MD5 | 0fd8cd9f7803045934c84ccb5f27586e |
| SHA1 | ca4585d59b2b5c55b7b135f9bcbc097375b981ed |
| SHA256 | 882146e8372c19a3e77eb3c1c7b7276e2f3ad2540bdfc7c14dc7b6e2449e10f8 |
| SHA512 | 8f2d38cdc95c4859ce994944875f1ca18d0b9690801c58f0477fdeba99007d17258df77e1208f3783ddf05285510d88684a75efc031b5e942b25d6fd6a94f43e |
/root/.mozilla/firefox/5526ysiv.default-release/times.json
| MD5 | d90af5493f611921a2186f7fa7a4d146 |
| SHA1 | 241d0975271006c964664a110b08ec54fa35e5ce |
| SHA256 | 717d59279ae14736afc188f0c4b1893d28701af086e80e3c1c9213dd77065b63 |
| SHA512 | d59be5218b24c257135f843a90f1841058c6ce4fbbc38e829f39afcc794bca0abddb3223d613f18138412384d86f3293b24b0a4eff097c2b884c9cdcfef809b6 |
/root/.mozilla/firefox/5526ysiv.default-release/cert9.db
| MD5 | 9086fd32cb78fd8a144dd2cf02b71f72 |
| SHA1 | 96ae7c5e8254ddccd1b1e20bd2acd48a4c3d952b |
| SHA256 | 71d906399d1bf1dbad7a3e6c3f40b1f7c37e90ac8c4f5825b9b9cf82bdc0f234 |
| SHA512 | 7da9721277126bec9b409191b0cac21350fe8f12168a2b7b6085c821d2220ad8eada118e215e7be4f6fd715c223480f7edc94819f785f8c58354fcf17ab2814e |
/root/.mozilla/firefox/5526ysiv.default-release/key4.db
| MD5 | d30d690dfaa5599d4af66b05815dadc6 |
| SHA1 | 18f14ecb62439073c9846d48dc879f7ab9c22d8d |
| SHA256 | 45d188734f05fd07f043ce9b6541acf664548f2a819349764259ccce1141ae6b |
| SHA512 | 6f9c502c2753e435c91247c79876285fec3d504192975bb467672819254dc0fe4bcda513c5a5a661f66827dd62818a1955cbb4e3b5cb58f49da7b4a7ca3f9f57 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | 759544297aaa61f5fef8ee42d0ae4393 |
| SHA1 | fc2d66f6e60409e3e8d38623ce5f817fc7f571e0 |
| SHA256 | 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5 |
| SHA512 | 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
| MD5 | b632e3135756eff80cd34e5417a079c4 |
| SHA1 | 346877a10c52154ff3897b5317e754951151a5a4 |
| SHA256 | 281251bc463f8fa63d4030c4d7e01f7a839da0833495f752e65a63c3c3bae358 |
| SHA512 | fb09dae5fa079671fc8e1da6756549f4131580865599fdefed68571e671be5912c0dcb407899732eb29468ea1d2a548235d56a5fad9bd041f1659994e30fbb42 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | dd3f6ba37c670af5953593535e435d04 |
| SHA1 | ecfe4e650a050bce77e8ff7468de04c1b8acc9a4 |
| SHA256 | 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561 |
| SHA512 | 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3 |
/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js
| MD5 | b78ebda6987b04a4bbf518bc42a5366c |
| SHA1 | ef56bb96d129eb69d860b79a579a432446f03675 |
| SHA256 | 655e3fb5d325b55cde5f76ab14802872ddd1321f427ffe678e20b470df77eeb5 |
| SHA512 | 7c46d7de4b40d78397d54167d12caa963dea6af1d8d9a1667157fb3226f27a821c9006bffd1a9df67f00f03fb0d6900f026617f6fd4def6d36ef3fbba2da3b5a |
/root/.cache/mozilla/firefox/5526ysiv.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
| MD5 | 3996497202dcaf65a05b697e903e9921 |
| SHA1 | c06c8a65c900ae73fbddb38a64410a9e6a00a0b1 |
| SHA256 | a85f3a345bc08803ea39e3da126c86776e163de4f41b3d4c9f010dfd9e1b939e |
| SHA512 | b92acda265d64cc94fadf6d650e4853e132e6dd31918113f398f0aaa2efa6d6acd365d691866a15d5b3eb8136e637ff4df80da13c34205c6684dba6ce752e668 |
/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js
| MD5 | e6c71d02b61ac9daa3a64d981b431f01 |
| SHA1 | eb43f39f3e26242776527333a234a4ac5ac7d5ae |
| SHA256 | 296d0591d530457192e279b5f150aa36b297d47778161055eed56163dfb9dd00 |
| SHA512 | b8aa35bf0389696830891ef4951088850248760417b40f05e6086b1731b6a8fe68434e760c3b129dbe573d23306bf4a8710b8699c68e5491d180fcf27edf99de |
/root/.mozilla/firefox/5526ysiv.default-release/cert9.db
| MD5 | 8a7c7135d8f21c490a19b1ec8417c238 |
| SHA1 | 67dd317fbb64727eefa3b94a31250ba4234d50f4 |
| SHA256 | 11039925a91f1818a3f9ce9f8038e8596219326fb23c27cbda14215f3b8ef37c |
| SHA512 | 1af8e84df93d8651e3014e6c6cb495a8ec7ac2d999b0041942067559d43c749bc9ec14b6dba9f72473f5b12389869a324d95a862aef48be7bdf937ff511939be |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | a8dd7ebaad5528b23f82ccb1534cea18 |
| SHA1 | 600daceacfb5cf9df0b66ba7dce4516b2ac4df70 |
| SHA256 | e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec |
| SHA512 | 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite
| MD5 | 083185202e5fb07dce09f25b1081ff16 |
| SHA1 | 11f3e82e5935eada009bed417d90d3fbcb4a99a0 |
| SHA256 | 71aa41c5117dab682647b2c01810cbe2d95905b768149b2eccc70a2a300f0d9b |
| SHA512 | 30f435a15aab0f1bd5d410e43b7d9b6189d7063e5f918d8ef484a003de12440be456caaad9ccff03c5e5fd18aea899e3b4aa63d551a71c663db773e542ac9ee1 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | 7352c8848e88edc39b7fb5e663888187 |
| SHA1 | 8c3dffe25cc56c7aec1b782292d6fceed81e6304 |
| SHA256 | 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a |
| SHA512 | f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite
| MD5 | 0bd83e5b331134fe65de9ee5374a9424 |
| SHA1 | 02935e0c619565aeebe56e87b4c368ce295289cd |
| SHA256 | de186f641415762473f47c547e153220b882e677253040790fa9cca4cadc00c0 |
| SHA512 | 951dd8ed233d381f880ab17276e9f97b7d489690045bc0b98e79422bee277490e4d1e86358feb587706c4db3a91e0889dbdbbd35e3cee0eb91174d79a6b95844 |
/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js
| MD5 | 0f9bc337b0012d79a2b526661ca5efef |
| SHA1 | 04ab29af8f231e899e01c4455e1146cd6b9d1871 |
| SHA256 | 316207967bb485771c4dfcc12f74cfe41574d6bbb7024055bcf80e4eb2faad2d |
| SHA512 | 4fbff1c72b60d382878e29c39b21bace195d2f1461dad6814db00fcfabd91194c1c4b3a19925a25e49220fd0920923562019fa87b45e5c24f8713b93eeb15f87 |
/root/.mozilla/firefox/5526ysiv.default-release/cert9.db
| MD5 | 9134336f3dea7ddf2084bf5fad3c84e4 |
| SHA1 | 04e3f8b64aea2ef1584a9d677eba098a1b6497a8 |
| SHA256 | 7999ab6f4da59c5f38fb0e6aab6a345ae895f814819ca8141d41dad6bfa48afe |
| SHA512 | ee4b01cf88948577dc54aff0d1cbb7926155be27059c0494132625d87e39aa9d334d0f85ae21a9ab39ec16b23a67b027052f9dd500f6878e9b6ebf8595eaf954 |
/root/.mozilla/firefox/5526ysiv.default-release/cert9.db
| MD5 | e352d9fe58ab685c0528d624295aa1cd |
| SHA1 | 22c40357cadadb28ef7cc0f320036df057d5e8e6 |
| SHA256 | a878768ceb06bd4ad5ec70f1baef289716ffe7ac1ff0295281dde037257948ee |
| SHA512 | 18c813ce7320ccdf7ac36e99db5f6d034dc0b88c7818f9bb626c551cd689eb2b4fad812178c96e76f6abcdcf5a302e65545900058389a755635b701166bdebb6 |
/root/.mozilla/firefox/5526ysiv.default-release/places.sqlite
| MD5 | 8cc596ec65e6df7f6e181cb62321c61e |
| SHA1 | 5d1ae51bd01f18a0a6db5a428f95df739def1377 |
| SHA256 | 0e49c0e9f43eedd6340049cf1ae2240c76ae3be50c1eb90991a74d5f582bd243 |
| SHA512 | cff05c2da7d99fdf84a5d5ed1f3c0cbbefa6fdcafc34bb9fd3445f41339c4b5e4182e938c4b3098f20057edfa6166635584057fc2afebdbecbd701a549a93325 |
/root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite
| MD5 | 3c0a1ec298284608bfa51081ea539be3 |
| SHA1 | e51b58f6fe89d45fd8a1d935b51da172d5f6f32e |
| SHA256 | 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2 |
| SHA512 | 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | e87498f20e6ffb24c100b389c9186fd6 |
| SHA1 | 919ac3ffd22845e2ed3bf53ff974ab495d0a7c73 |
| SHA256 | 98fb2b81377690e84819f72cb58f02505856485830b2bb98c5f1e3b4804013d0 |
| SHA512 | 706619b456d5beba0308ca27ff3e011c844aea05ad99ae3a572748c8dbb20e9992be624609ca1cb56ff82f29181c9b1e95b9ce7032601db4c24d2e13e5d454e7 |
/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
| MD5 | acf01119af3ee0d161b6e1049e26f195 |
| SHA1 | 8bc33819ec10dae13e2ff134ad511eab20b6c1cd |
| SHA256 | e1998c974705b8d904597e177b52c35f5d66b635fe71441941000bc7cfc675f2 |
| SHA512 | cb015e43fb40912970f77491b51c56099fb889e4eea4920e758081e207589a13c7c65ef556735ad7ca5fd90fef9ed3e86907f7f12570d07f8fc83f313fbef2dc |