Malware Analysis Report

2025-01-23 15:26

Sample ID 240417-cavx4aae67
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Reads CPU attributes

Checks CPU configuration

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 01:52

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 01:52

Reported

2024-04-17 01:53

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

2s

Max time network

14s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1583 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1583 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore-backups/previous.js N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/content-prefs.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/ExperimentStoreData.json N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/extension-settings.json N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/content-prefs.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/7zra3a1i.default-release/prefs.js /usr/lib/firefox/firefox N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/self/task/1731/stat N/A N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1626/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/1659/smaps N/A N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1602/cmdline N/A N/A
File opened for reading /proc/self/task/1688/stat N/A N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1590/stat N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/1611/cmdline N/A N/A
File opened for reading /proc/1559/attr/current N/A N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/94 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1607/cmdline N/A N/A
File opened for reading /proc/1631/cmdline N/A N/A
File opened for reading /proc/self/task/1713/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1549/stat N/A N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/1547/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/1622/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/1559/status N/A N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1665/stat N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {aeabaa26-e4e4-4b32-8253-76bbf9f1ed00} 1547 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {251fbeb6-760f-45b3-9b0c-625604a0eb1e} 1547 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {4caca8d6-6c27-47c1-80e5-4ba4c1538101} 1547 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {ed40e1e9-1fce-4245-a2e1-b5357ee2101b} 1547 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {0b86c7f9-9715-4f12-8643-d33017f53eb0} 1547 true tab]

Network

Country Destination Domain Proto
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
US 151.101.194.49:443 tcp
N/A 224.0.0.251:5353 udp
GB 195.181.164.20:443 tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
NL 52.222.139.46:443 services.addons.mozilla.org tcp
NL 52.222.139.46:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.34.56.182:443 location.services.mozilla.com tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
NL 142.250.179.164:443 www.google.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozorg.moz.works udp
DE 13.32.119.185:443 www.mozilla.org tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
NL 142.250.179.164:443 www.google.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 10027b38d5b3b2bd268551acfa0484a9
SHA1 663a7de8b66f9d1c61506ee1c375634c52f95cad
SHA256 5f86c55c49f5463c8fe14927e831d4b11ca33efc956343c77512e933b6d7e8ca
SHA512 72f7aa0e28fb77e045da9b461e9833ba0d4c12dc21be50a2d00953a4e25ea7a210958a7c31a57c876e241b33b003eb811fe42eb97dfa84e68aaab7dd6d11bcf3

/root/.mozilla/firefox/7zra3a1i.default-release/times.json

MD5 2ed9cf8866520010bf067c149c26b1fb
SHA1 09b7e0c1f02449926bb7b8e3d3b8caf0d20f2451
SHA256 a8f350e2c6d4fcc65ffbc6257fd4714e87270d39fd11b6b5fc1103a4d7f57d68
SHA512 631697e07f2f288b4bf766bf0bef876deca3b5f0be49e5897ee0cd51afbd144fa44fa0e1d72449dd144137f3c692fdbfaf5779b0c8675056f393fb6a84094869

/root/.mozilla/firefox/installs.ini

MD5 46896065ae223df61576b2e33db33344
SHA1 9092b99a2bf9bc43e1249b1d877f776d5fcfe35c
SHA256 f4bbcdfb23b66a30c9fcf6e8408bb7a6ca445fb942f3a5213a45281ebfb78ef1
SHA512 58adc116b2af89b2f87eb21e4b7b1c62786d67b54a3798200d794805aefc25e8cf821f97b9cc129a86dd8996178b7a7d545f3c81891f40fa4764f73bde9f6d56

/root/.mozilla/firefox/profiles.ini

MD5 5a5d41ccababaf722144d2a1574c4330
SHA1 ba4c40417710dfe23b1b120fd2355e45cf92b5dc
SHA256 e0b990799fb13ca06314538be6e5311d2eecafa9b3d46a0b85b4551391c46af6
SHA512 9dd86061fd0c977b50fb92155b24e2415e02969d5d6e56a932d34a1b10ba5214abbb48b2bb3d16844f638eb32044668e18a952f1bca470bb1f0d23a1a18d35ff

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 77bd4a1b85cff2a3bb9f0b4d687bc18a
SHA1 c3268678c74c4acd356ee661d08b98f480af5636
SHA256 3ae3e860000d4101421354f61928a599776ddfb73efc6f94a47e3f566a13c2f3
SHA512 55d6330c1c8ebdd49578c2da444d409e816efabcb65ebcd5a961d7cf7ef5b63c8bf0dbb69b67db9d4bb622c1bed889ecbed8ff3da71c182654bf92988c4315ff

/root/.mozilla/firefox/7zra3a1i.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/7zra3a1i.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/7zra3a1i.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/7zra3a1i.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/7zra3a1i.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 c53ba3043a20ef8f605d4a9d123c879d
SHA1 0c21f428d4f33e41d8b3bc4a40d96c93e9072d7c
SHA256 b3f8b6a0cd7ac9918c2e68c420446aae4a8b2a25a4354d3a4584f6524379049b
SHA512 bd7243c86439d36461057dfd33db10dce8589167af54b9f947798125ecaedfef9afc8f54f49a8bded4bf962f3a9c5ea4f488a70aa953ead39c21d73036049da4

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 52c6495dbda22e1c5cf55d3d842ce978
SHA1 a30a2d2971d649c6b5833a1955d91961fb1c1913
SHA256 02e901eb6a93698e7843ed7cf6afc22b723cd71640c42b31328d7f502465896a
SHA512 566ca412f8f1c1cc72766d1ceba86ab8a59d3ebf9a45fc168733563faa5b1f725f28525d161cdb5b76da6bdf781cc00742af4aa21e971e3bfd946d3b81fddae7

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dbe238b073c3d72a0ead7f7fd526b882
SHA1 99a3de66d1fbb9ce3fdb1116d7ef9689e30d5375
SHA256 6e21b20bd587ec0b67aa604ddec8aa7a8694afa3fe6fda0bd53976b6abcdf685
SHA512 27f3185685166596c918f0e18e8b034d9d656cca7920aa2cb4a224c5a28ba6f1401e576f893223b6d12cc94e6e62b36301b1de24b30a813a4a36fc25faff4cee

/root/.mozilla/firefox/7zra3a1i.default-release/prefs.js

MD5 1d66fca0013f84fa4f9085e843d8b3eb
SHA1 c6d843120a60ab8f2a8cb5411a3677291b4bd24a
SHA256 154d11aa553317566dff91f8a163a0fddbedb0d4d2a7bfa33692890a6fa2564f
SHA512 e0d1835e7f9423626e17fd158e0965c633f5a406990767514b4a685f2ec9e553278e2c1beb7b89fb2b36e082f91a4e65f9c57386c74d876ee43b764e8f8238c8

/root/.cache/dconf/user

MD5 2015eb238d706eceefc784742928054f
SHA1 f901e1e2064b9b049ef3581c27bebacfc24976aa
SHA256 2824a7ccda2caa720c85c9fba1e8b5b735eecfdb03878e4f8dfe6c3625030bc4
SHA512 4bc50c9b0d8515d3eaae1e74b29a95804346c491ee1a95bf25e4aab854a6a6511eeb73387f96b0e7536830664b9073e66e2ff2b9962377379304860aefb5e9c5

/root/.mozilla/firefox/7zra3a1i.default-release/permissions.sqlite

MD5 914afc167db5859144ffff1d8bc432e6
SHA1 09f8c9b9cd2b158a9d65d6b63cb90127a2ca90f0
SHA256 f7c183af28be397cd544b93c766e3d8ccc0ab2a05813827c116a3e3c265a5a56
SHA512 c77dfe9dacb58768d2613e5d3b7c5d42a7df6713a5704e9848232000093ac4d0dd754a16e96133f6b06da4fda102b6c9b908c0ef0f36ec8fa05240b72ee93dab

/root/.mozilla/firefox/7zra3a1i.default-release/prefs-1.js

MD5 1bebd3f00192a3e31e2d9d3628dd1ea5
SHA1 321019da02b81c795b00d39ea96cf12a695d9df0
SHA256 e40c158007aebf8b25297cbf7d9f642dedfed2205176c6fbcf4ce87583f718d7
SHA512 54ae95de04bfb16f42c84a8b9965b624eb866ac92dd22666e622317c2fcbfde0a80283810ff592f3b8db29757bda1e6a20dc0c9dd903176336d6b68d40a26dff

/root/.mozilla/firefox/7zra3a1i.default-release/times.json

MD5 f9125bf774970e4a8a778de0348a6e2c
SHA1 61ba7b9f66d94acc928b4bc0a3ca4f26d51756bf
SHA256 e05997db7aeaeffcf3f0b7206fc5df8683d446af497370bc24db7baa30ab25c6
SHA512 555148837f726a7de28c50148cc59463a5123f76bb49fd0ca5dcf5f3216b9a239549c964232b2c3ed0a1c46eb7e498023e8b8031648c3ab7e5f9ed48861e16c8

/root/.mozilla/firefox/7zra3a1i.default-release/cert9.db

MD5 1ee4dae828ece78719bc76f6e284fbb9
SHA1 ed47998e0ca01b182236f970ae20d5a2f269ce01
SHA256 b1ace2ac04616e8c3c1cb14a3aebdc21687aaedce7fcc4353c20f59e17b1b92c
SHA512 c5023d4a9e1f30ed717a6e6fa0c7cdae9a4d413bd0e51cf4faa9265b9f1ec5ebcb74b7e0a877d6da5af559241c3de966e60346d52351ebd24e7cb8499aaf090a

/root/.mozilla/firefox/7zra3a1i.default-release/key4.db

MD5 3002abd7624dc777d0b2a80fce298ab9
SHA1 22dabec4ce527319b4a79803a13156cb5b950a0c
SHA256 83472e49aeb7ebb6dfd43a96fed31ac583f5330a27c2a9219ac9b492d3baa6fe
SHA512 0ed603ed7433c4149c79ee9dd019e5f983a8ede48af74bb204f273255bbfaa6ba9cfd0936f340504cb8e4dd986d56b98268051b24d3a3a4cff99fd1502576eab

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 c4e5f61776d1f360cde20a2a1bfe0328
SHA1 4377e5cdd14c02e01d5b441279de4ba254392619
SHA256 3d2bb9b40a55de04a7f1e8037210da163fca248556fbcaf930eead7d337c0626
SHA512 99d8d76fbef03e5cc9e55d41b323c61fdfb29a5a5d29050d1272480d3c3f729b6646d08b065a7600883c99867e5036350c62ddcc3e900e54f6e983943a6c1018

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/7zra3a1i.default-release/prefs-1.js

MD5 6f58e9eae0b390f63c71b276cabc667b
SHA1 ce51daa9619f74c479adde91e228422ced3edd47
SHA256 aac47be52f297a8cc00a20d2520a297dae8e2088576009114b616329bb2ece7a
SHA512 46a9568bae7dd96a30320fe44fb98b773d7c8b3f148f081f2fe54cd73705ccc8b77112e919aeb077be51bc965a34e0171f64c3b358e4ab8c83099598f49810a5

/root/.cache/mozilla/firefox/7zra3a1i.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 e0dae45f5320b50d420e591db5fd14e5
SHA1 edda801a7a373fe537d1c284b7ab3ecd68c00faa
SHA256 ebebec286995fddf9604566a0cf05ea74ea94a0e6620c71fd360e0183662b69a
SHA512 10756ae8a855a27033b46f06e9e1bf34b56265879910460a71df3183cb58c1a0349a0bd4cc9249310aec043f7c144779ad97f9cb7355cef9afa863d16ba6b81c

/root/.mozilla/firefox/7zra3a1i.default-release/prefs-1.js

MD5 86feb761e70056b2b7204baff794f82e
SHA1 a4f55f3de157fe407bf80bb1afe4ec19c122f0ad
SHA256 055ba13259a13547a9c3de0bd0da5c6cd105c29d1f9a2257544e5951f9e2188b
SHA512 5bdd993afddb93260a286a8e00c5cc49504ae7e9f44cfcb8effe1eb1d0d059ca1d1b68ddfe2afd895e8091798572ee34d33779fa415c0cafd4c5bbcce8764c27

/root/.mozilla/firefox/7zra3a1i.default-release/prefs-1.js

MD5 baf5c4ef367bd8e905cc4606b309f3dc
SHA1 0bcb068d12722875d63a46c727844a40583255c5
SHA256 fcb83dca64a62a25715c47961308e29a23ae7a9bca68491463853adade8ecda1
SHA512 10d3f31dd88b2acbb773f4ec537119bbed4902896f40353164db9204edd1d0ed6355d699f0f95e1c105221fb29423f234a095b4262341d22e3f2b68bd7935dbd

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 ed1965fd4177438dfdedce98c5ba606a
SHA1 8738bb121899bbfa2a405a65102ac7011b2de36d
SHA256 b37ca13ebffc169831e86ae2c22a9d3eb42d562b9494871a47be552e33fdd2e3
SHA512 890fc67d3fe2d7c830fc96b82c443584d0bcb3ca750e6db9f882554ecd1f0d049b51dc1b9ad78bc244aa5903c913662384451f63d8181e778f8570f28d4c1ad8

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/7zra3a1i.default-release/cert9.db

MD5 fbda706eaa8bca451839dba4963ff32b
SHA1 b1e75ab0060bc091bf64317b7640e0b73577c24b
SHA256 f48e41af6a2dc1d0bd064f7a3fff161fce8945e527c934b6afb6cccc622d9052
SHA512 14127e87ba6c964239ff0e851a72dc8c2c3fa8a3a0ae27449fc24b71d8516fe23c2b13eb455967a99b01104af3a689d24d906db3998ea583f184bf2a9246a413

/root/.mozilla/firefox/7zra3a1i.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 5f32a70a4967ec8c73152f070496490d
SHA1 f12d7d77a3c92c7d60673977d2a352bf7798136d
SHA256 ea74c5260223ae90ddffd06dc8bc1f96da500223969ed0c17e2483f1ef9f51a0
SHA512 dc761ac718eef559b36e3d5c67089456964cb7e7a2e33b43d75ffe1b609ae2a9cdb69309f910498729e94098fbdc1141e5e4579602827e951b415d875f76c67a

/root/.mozilla/firefox/7zra3a1i.default-release/cert9.db

MD5 b885034200877c003d05ea779dd833c6
SHA1 e60fff5b96c87c51a4cc3bf019c6a3d4d99cd0c0
SHA256 b6e128719cd9800fc39111a7fbc8f09cbcc95067b0be82d7f63ecfefe0300d16
SHA512 7f5909bc7ae5ee121c569cae97c322f89c097a79d1aaced54af22fda24fb28e1c2f71c1024f01be87c204e8eee58b1220105373abdfa619a5ce778ef18901794