Malware Analysis Report

2025-01-23 15:27

Sample ID 240417-bwsjesbd61
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Reads user data of web browsers

Changes its process name

Checks CPU configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 01:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 01:30

Reported

2024-04-17 01:30

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

3s

Max time network

5s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1599 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1599 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/places.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/places.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/content-prefs.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/ExperimentStoreData.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/extension-settings.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/places.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/1575/status N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1642/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1606/stat N/A N/A
File opened for reading /proc/1638/cmdline N/A N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1627/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1678/stat N/A N/A
File opened for reading /proc/1724/smaps N/A N/A
File opened for reading /proc/self/task/1565/stat N/A N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1741/statm N/A N/A
File opened for reading /proc/1575/attr/current N/A N/A
File opened for reading /proc/1697/statm N/A N/A
File opened for reading /proc/1697/smaps N/A N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/74 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1675/smaps N/A N/A
File opened for reading /proc/1724/statm N/A N/A
File opened for reading /proc/1623/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1704/stat N/A N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1741/smaps N/A N/A
File opened for reading /proc/1675/statm N/A N/A
File opened for reading /proc/self/fd/111 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1727/stat N/A N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1618/cmdline N/A N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/1647/cmdline N/A N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {a57bbb6b-3fa5-42e3-8584-1d850e21ea9f} 1563 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {47224091-1ec1-49d7-8f75-8230a264d4bf} 1563 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {8d780d41-b1e3-4a63-ba52-0a8002089bc5} 1563 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {03b894ec-5157-472b-8348-f1cd3c5e083e} 1563 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {516a29d6-5609-4357-8f3a-d3f834ba149a} 1563 true tab]

Network

Country Destination Domain Proto
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
US 151.101.130.49:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
NL 52.222.139.74:443 services.addons.mozilla.org tcp
NL 52.222.139.74:443 services.addons.mozilla.org tcp
GB 89.187.167.2:443 tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.25.6.244:443 location.services.mozilla.com tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
NL 195.181.172.27:443 1527653184.rsc.cdn77.org tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
NL 142.251.39.100:443 www.google.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozorg.moz.works udp
DE 13.32.119.185:443 www.mozilla.org tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
NL 142.251.39.100:443 www.google.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 714e8d5a753f54c69b3144a9d3c73a08
SHA1 8a64ca262340794bac7846f8107c13bdf61a301f
SHA256 80c834f66bd83068c47488bae6c1c1fb52e9580054151b58ca4b096482fca6e8
SHA512 81313b3db6b7e3bb8cd157580f49ad7434a0237be3bb9293eda7e4460d8ec7c182e09a7ffa3a2901a57c1bd6f84879ddcb8419a9d0403f01e3219aad51574741

/root/.mozilla/firefox/5526ysiv.default-release/times.json

MD5 7ef7acd6d089f0aed83b6d6535da0866
SHA1 a7d2647e0e388d59402a48634fd4b77f5d2d328c
SHA256 11147e35c9a03bc110b12465b898ac08949e9ad9c7a10a4ace646841fc9865c4
SHA512 b5262b57c8b156ee10f15ddbda46260ddd3b3df133ddeaa82d26e0a979e5cc8c9b0b1f9096c2dea6ca040fa8630544db14a3633f7d3601b1cf366de8a1ee36a8

/root/.mozilla/firefox/8cvz4oix.default/times.json

MD5 3aec44b4cc9c4c904ba31f10cda9bcee
SHA1 280a1925854acd59b42d4157f3c091a7be8a01fa
SHA256 bb7e43eed1f0eb2a1981cbffc38f7c1340ed190081ff4f98d1c1ffe11624b58e
SHA512 ea6472de83bad3f2c074a40b58f8f731873c82759decb1e303bf3325c5d94dfea70ae03042029d5aa4ad0342207563517734b39d97396b9c118fb5488b0ccfec

/root/.mozilla/firefox/installs.ini

MD5 9def42e7e44740645d27ef5eb8e313c7
SHA1 c13d98849da1bb1a4d95500b84bceb7cb822064b
SHA256 67c66513459e9a00a827b80d8a5e7b13ddb191e8b9b803e1cacd26741ba0ae53
SHA512 e69907ff3a84e78c9181cb5a42341fe33ea8e30952cc6d6c17d399f15e8bc82f3c4ca7ec8db8f1bde8e16c36d600b2f033cdbdf1ccbc96234140c39df8c51350

/root/.mozilla/firefox/profiles.ini

MD5 0a32d5559989f18944a2ef655e569bfa
SHA1 2cc0effce66343a6f85fa9abf4336d1cd5892617
SHA256 8082906bd314700adde80984df298ee3a8fc0d1fc75654747c34b1cbf05ea44d
SHA512 2d4a12d350eaa907b60471622c19e53078d83f0936c88490085a811cef97e80baf5b85d855fa2426a41bdab8ba0ebfb5d42914623cf1a677a9099d9417d013db

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 5fd52356046ce75cca66c0433d68bcc0
SHA1 3845903f7bf3c454bd03216455b3d0e714d31fbd
SHA256 4d43cc88ab112a1ff74f37a7ec33ec5adc518b6c3da95731f394b3eec57e1811
SHA512 7c70be5ac954216d8a9929269a491ac4e79e616e5c0285ab30a32cc42259dfec48eba5a1de024b0c1de069e48595bfdb9c650a4ed581cf42bcdec37827b2d051

/root/.mozilla/firefox/5526ysiv.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/5526ysiv.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/5526ysiv.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/5526ysiv.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 97462d5c809e994abcc1068076ebafe1
SHA1 b8e5293811a615cd7698257cbcd0753510949e2d
SHA256 fea35f3e6dc27169d94d9a1546fab4c67344ecf050f8dab4be8633112ad6fd5f
SHA512 d3e30858faf66bb54c806c0f450eb84a8f254abcb1899095eaac6dcdbeae0c9de6d05b0ce95f596cde5bd24ee21872ec0cf8a11be48a44cc092fc3c8645cdf00

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 9f67a4e15f6d2267cccc2d0d38c5998e
SHA1 c10ff7a977f9475affedcfa2b35de55109bf3828
SHA256 a0932e9e4c38ea8cf40b81f3814a0ec46c6da239e01bf6cf11236b4f7598bb66
SHA512 c03e41c02f635ef0ec9f55b88d2a3fe5f88063b79e8003c18c91b317c930bfbc2e26272cfc35ac2fe3370ac53839e3eed97cc8113955283757cbea04d9a55ac6

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 000e7d04af73ad1fb5574a342a8a4cea
SHA1 3f61f738a242ca55b394be151e28c8019e580e7e
SHA256 e04140fc325c342426791e7b8b47f5e3b1f61e236364744a255d92cf272afa62
SHA512 662d773f386b7e37774ba038ef70b45509b481af8fc68efd7f8d73dbca6b859db8f3bc208364224a5373aef484cb165e6d87207e1655f9348c8f34434634b221

/root/.mozilla/firefox/5526ysiv.default-release/prefs.js

MD5 8e2938299741c9c3843702b1a32d58c2
SHA1 cbd8e8d83aa4e43bf41123c5537b6d2e045c07ea
SHA256 6c05042b77eafb98185729a3778377d390211fefcab3d533a6b48dc92872b35b
SHA512 d31f0191d42c0899565c174bd3ec559cba61e1b566e38473570446aa7540b3fba1b8771643bbea3791855fae1b14fd10c6cf321c3413c3cba849055bcb8f7999

/root/.cache/dconf/user

MD5 441077cc9e57554dd476bdfb8b8b8102
SHA1 3f29546453678b855931c174a97d6c0894b8f546
SHA256 b413f47d13ee2fe6c845b2ee141af81de858df4ec549a58b7970bb96645bc8d2
SHA512 80536c6170dd8626dc081af148d39ec2fd5d090cc578a76647e7903fd34bd02e4333ece57b0e24ff116f43429b6ff541834bd40ef0c8d3563acef5ed0fd254b8

/root/.mozilla/firefox/5526ysiv.default-release/permissions.sqlite

MD5 d14936a9d6974b952f264d030d6875c5
SHA1 5114f61eac483eba858091262af1fcec58d7f12e
SHA256 849c3a3b5dbfbed18a18f0ff6371078d661a40b917cfa1da738d8860965def72
SHA512 712b1562fe177a85957957020f394141ac6cc24292dcf91fd9f15d0372d1f394d71d3852130029fea72bd2312d5e8b47d60c4a13791b49ec873737960a653e24

/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js

MD5 0fd8cd9f7803045934c84ccb5f27586e
SHA1 ca4585d59b2b5c55b7b135f9bcbc097375b981ed
SHA256 882146e8372c19a3e77eb3c1c7b7276e2f3ad2540bdfc7c14dc7b6e2449e10f8
SHA512 8f2d38cdc95c4859ce994944875f1ca18d0b9690801c58f0477fdeba99007d17258df77e1208f3783ddf05285510d88684a75efc031b5e942b25d6fd6a94f43e

/root/.mozilla/firefox/5526ysiv.default-release/times.json

MD5 d90af5493f611921a2186f7fa7a4d146
SHA1 241d0975271006c964664a110b08ec54fa35e5ce
SHA256 717d59279ae14736afc188f0c4b1893d28701af086e80e3c1c9213dd77065b63
SHA512 d59be5218b24c257135f843a90f1841058c6ce4fbbc38e829f39afcc794bca0abddb3223d613f18138412384d86f3293b24b0a4eff097c2b884c9cdcfef809b6

/root/.mozilla/firefox/5526ysiv.default-release/cert9.db

MD5 9086fd32cb78fd8a144dd2cf02b71f72
SHA1 96ae7c5e8254ddccd1b1e20bd2acd48a4c3d952b
SHA256 71d906399d1bf1dbad7a3e6c3f40b1f7c37e90ac8c4f5825b9b9cf82bdc0f234
SHA512 7da9721277126bec9b409191b0cac21350fe8f12168a2b7b6085c821d2220ad8eada118e215e7be4f6fd715c223480f7edc94819f785f8c58354fcf17ab2814e

/root/.mozilla/firefox/5526ysiv.default-release/key4.db

MD5 d30d690dfaa5599d4af66b05815dadc6
SHA1 18f14ecb62439073c9846d48dc879f7ab9c22d8d
SHA256 45d188734f05fd07f043ce9b6541acf664548f2a819349764259ccce1141ae6b
SHA512 6f9c502c2753e435c91247c79876285fec3d504192975bb467672819254dc0fe4bcda513c5a5a661f66827dd62818a1955cbb4e3b5cb58f49da7b4a7ca3f9f57

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 b632e3135756eff80cd34e5417a079c4
SHA1 346877a10c52154ff3897b5317e754951151a5a4
SHA256 281251bc463f8fa63d4030c4d7e01f7a839da0833495f752e65a63c3c3bae358
SHA512 fb09dae5fa079671fc8e1da6756549f4131580865599fdefed68571e671be5912c0dcb407899732eb29468ea1d2a548235d56a5fad9bd041f1659994e30fbb42

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js

MD5 b78ebda6987b04a4bbf518bc42a5366c
SHA1 ef56bb96d129eb69d860b79a579a432446f03675
SHA256 655e3fb5d325b55cde5f76ab14802872ddd1321f427ffe678e20b470df77eeb5
SHA512 7c46d7de4b40d78397d54167d12caa963dea6af1d8d9a1667157fb3226f27a821c9006bffd1a9df67f00f03fb0d6900f026617f6fd4def6d36ef3fbba2da3b5a

/root/.cache/mozilla/firefox/5526ysiv.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 3996497202dcaf65a05b697e903e9921
SHA1 c06c8a65c900ae73fbddb38a64410a9e6a00a0b1
SHA256 a85f3a345bc08803ea39e3da126c86776e163de4f41b3d4c9f010dfd9e1b939e
SHA512 b92acda265d64cc94fadf6d650e4853e132e6dd31918113f398f0aaa2efa6d6acd365d691866a15d5b3eb8136e637ff4df80da13c34205c6684dba6ce752e668

/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js

MD5 e6c71d02b61ac9daa3a64d981b431f01
SHA1 eb43f39f3e26242776527333a234a4ac5ac7d5ae
SHA256 296d0591d530457192e279b5f150aa36b297d47778161055eed56163dfb9dd00
SHA512 b8aa35bf0389696830891ef4951088850248760417b40f05e6086b1731b6a8fe68434e760c3b129dbe573d23306bf4a8710b8699c68e5491d180fcf27edf99de

/root/.mozilla/firefox/5526ysiv.default-release/cert9.db

MD5 8a7c7135d8f21c490a19b1ec8417c238
SHA1 67dd317fbb64727eefa3b94a31250ba4234d50f4
SHA256 11039925a91f1818a3f9ce9f8038e8596219326fb23c27cbda14215f3b8ef37c
SHA512 1af8e84df93d8651e3014e6c6cb495a8ec7ac2d999b0041942067559d43c749bc9ec14b6dba9f72473f5b12389869a324d95a862aef48be7bdf937ff511939be

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 083185202e5fb07dce09f25b1081ff16
SHA1 11f3e82e5935eada009bed417d90d3fbcb4a99a0
SHA256 71aa41c5117dab682647b2c01810cbe2d95905b768149b2eccc70a2a300f0d9b
SHA512 30f435a15aab0f1bd5d410e43b7d9b6189d7063e5f918d8ef484a003de12440be456caaad9ccff03c5e5fd18aea899e3b4aa63d551a71c663db773e542ac9ee1

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 0bd83e5b331134fe65de9ee5374a9424
SHA1 02935e0c619565aeebe56e87b4c368ce295289cd
SHA256 de186f641415762473f47c547e153220b882e677253040790fa9cca4cadc00c0
SHA512 951dd8ed233d381f880ab17276e9f97b7d489690045bc0b98e79422bee277490e4d1e86358feb587706c4db3a91e0889dbdbbd35e3cee0eb91174d79a6b95844

/root/.mozilla/firefox/5526ysiv.default-release/prefs-1.js

MD5 0f9bc337b0012d79a2b526661ca5efef
SHA1 04ab29af8f231e899e01c4455e1146cd6b9d1871
SHA256 316207967bb485771c4dfcc12f74cfe41574d6bbb7024055bcf80e4eb2faad2d
SHA512 4fbff1c72b60d382878e29c39b21bace195d2f1461dad6814db00fcfabd91194c1c4b3a19925a25e49220fd0920923562019fa87b45e5c24f8713b93eeb15f87

/root/.mozilla/firefox/5526ysiv.default-release/cert9.db

MD5 9134336f3dea7ddf2084bf5fad3c84e4
SHA1 04e3f8b64aea2ef1584a9d677eba098a1b6497a8
SHA256 7999ab6f4da59c5f38fb0e6aab6a345ae895f814819ca8141d41dad6bfa48afe
SHA512 ee4b01cf88948577dc54aff0d1cbb7926155be27059c0494132625d87e39aa9d334d0f85ae21a9ab39ec16b23a67b027052f9dd500f6878e9b6ebf8595eaf954

/root/.mozilla/firefox/5526ysiv.default-release/cert9.db

MD5 e352d9fe58ab685c0528d624295aa1cd
SHA1 22c40357cadadb28ef7cc0f320036df057d5e8e6
SHA256 a878768ceb06bd4ad5ec70f1baef289716ffe7ac1ff0295281dde037257948ee
SHA512 18c813ce7320ccdf7ac36e99db5f6d034dc0b88c7818f9bb626c551cd689eb2b4fad812178c96e76f6abcdcf5a302e65545900058389a755635b701166bdebb6

/root/.mozilla/firefox/5526ysiv.default-release/places.sqlite

MD5 8cc596ec65e6df7f6e181cb62321c61e
SHA1 5d1ae51bd01f18a0a6db5a428f95df739def1377
SHA256 0e49c0e9f43eedd6340049cf1ae2240c76ae3be50c1eb90991a74d5f582bd243
SHA512 cff05c2da7d99fdf84a5d5ed1f3c0cbbefa6fdcafc34bb9fd3445f41339c4b5e4182e938c4b3098f20057edfa6166635584057fc2afebdbecbd701a549a93325

/root/.mozilla/firefox/5526ysiv.default-release/favicons.sqlite

MD5 3c0a1ec298284608bfa51081ea539be3
SHA1 e51b58f6fe89d45fd8a1d935b51da172d5f6f32e
SHA256 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2
SHA512 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 e87498f20e6ffb24c100b389c9186fd6
SHA1 919ac3ffd22845e2ed3bf53ff974ab495d0a7c73
SHA256 98fb2b81377690e84819f72cb58f02505856485830b2bb98c5f1e3b4804013d0
SHA512 706619b456d5beba0308ca27ff3e011c844aea05ad99ae3a572748c8dbb20e9992be624609ca1cb56ff82f29181c9b1e95b9ce7032601db4c24d2e13e5d454e7

/root/.mozilla/firefox/5526ysiv.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 acf01119af3ee0d161b6e1049e26f195
SHA1 8bc33819ec10dae13e2ff134ad511eab20b6c1cd
SHA256 e1998c974705b8d904597e177b52c35f5d66b635fe71441941000bc7cfc675f2
SHA512 cb015e43fb40912970f77491b51c56099fb889e4eea4920e758081e207589a13c7c65ef556735ad7ca5fd90fef9ed3e86907f7f12570d07f8fc83f313fbef2dc