Malware Analysis Report

2025-01-23 15:26

Sample ID 240417-dfl3tadd3x
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Reads CPU attributes

Checks CPU configuration

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 02:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 02:57

Reported

2024-04-17 02:57

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

3s

Max time network

7s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1625 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1625 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/favicons.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/content-prefs.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/places.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/ls-archive.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/protections.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/favicons.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/sessionstore-backups/recovery.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/xulstore.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/places.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/key4.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/ExperimentStoreData.json N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/favicons.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/default N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/places.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/cookies.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/places.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/favicons.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/thumbnails N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/places.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/sessionCheckpoints.json N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/permissions.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/AlternateServices.txt N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/temporary N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/handlers.json /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/addons.json N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/content-prefs.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/zio5au8y.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1601/attr/current N/A N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1707/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1723/smaps N/A N/A
File opened for reading /proc/1589/cmdline N/A N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1644/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/fd/51 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1753/stat N/A N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/1601/status N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1701/smaps N/A N/A
File opened for reading /proc/self/task/1771/stat N/A N/A
File opened for reading /proc/1767/statm N/A N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/37 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/74 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/1673/cmdline N/A N/A
File opened for reading /proc/self/fd/111 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/1664/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal-gtk N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1730/stat N/A N/A
File opened for reading /proc/self/task/1591/stat N/A N/A
File opened for reading /proc/self/fd/35 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1632/stat N/A N/A
File opened for reading /proc/1649/cmdline N/A N/A
File opened for reading /proc/1701/statm N/A N/A
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/1750/statm N/A N/A
File opened for reading /proc/self/fd/107 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/75 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/1767/smaps N/A N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1723/statm N/A N/A
File opened for reading /proc/1653/cmdline N/A N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {9c7cee36-43de-4132-befb-35d5ef4bea5c} 1589 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {5977e67e-cf1a-42f0-9403-4e663c6fb168} 1589 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {babbd61c-a620-4bc2-bd97-8a675c52b13a} 1589 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {43ecc707-125f-482f-8cd6-700a2147c69c} 1589 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {06b0ebf1-f99c-4b41-a79d-769b770e57ac} 1589 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
NL 52.222.139.68:443 services.addons.mozilla.org tcp
NL 52.222.139.68:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.34.56.182:443 location.services.mozilla.com tcp
US 151.101.194.49:443 tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.google.com udp
US 1.1.1.1:53 www.google.com udp
NL 142.251.36.4:443 www.google.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 example.org udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozorg.moz.works udp
NL 18.239.17.158:443 www.mozilla.org tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
NL 142.251.36.4:443 www.google.com udp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
GB 195.181.164.18:443 tcp
US 34.117.188.166:443 spocs.getpocket.com udp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 b80330e530ca0b70a637e2ceb81575e2
SHA1 1320d13b8ad1480624fbb1465c2a7f911f3c897d
SHA256 429756c13dfe3b8bd3d081c285e63dd4d069b1b7f2da715a39118055301c880b
SHA512 f6318edce1eee2fc546afdb05ac451574682dbab76aa44b026b8ef1d21d2c0bc6bd6e58a610e18070b68910e90b37ec981cf722bf025d1c7a01052c8089a7063

/root/.mozilla/firefox/zio5au8y.default-release/times.json

MD5 cb9f64ee412187a9d950b3e44dcd85f5
SHA1 41b8712000dd708258370fb5034085e7ffd66dbf
SHA256 dc391c36ba106403f85841f3b2824c12af69e35fe2c699ad9a1b69cba8890405
SHA512 b9efde134d39f31329b2df41f114f496fedfb7d3b31790ae47fe38227120df2c528c5963b6c36b085d48b26b11ca0bee350bdda980d8f289c0a767c645fce2f3

/root/.mozilla/firefox/installs.ini

MD5 7a08574c9169ae40a9fdc4d68b3439b9
SHA1 c0116a0780441261976f2a885c5cfc191e9a0f02
SHA256 c613066fb6b6019d5768cc2ed3fdef288bc5e5c56ab4b443b2f9a023dce7d9bf
SHA512 66854d075ce9d01dd4c5d1a7147a7ab2b9c0f82adc9fa72e5108a07d41e8d083e3393da4ea7028a0c06afbef3a16aca0e9a18656062fd5e227ab728b9afc76c6

/root/.mozilla/firefox/profiles.ini

MD5 0a9c96fd4b3dd0a9cfb498b96cb42a96
SHA1 deabfb72816d1b272ebeed614f7b0d22aa7be6e8
SHA256 2fcb61216f01aaf4d13bb47475319b2eb382dbe8e635bded8fe9fd972e8a3286
SHA512 fdfc685ec3c3a6633afbcdddcfb2673d6c9eea05d9f1eb27d62d9c5daee0c943f84a940efe71bcad0e275834c2df6ef62f67079237e5951cc88d073cc2d9311e

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 9c70fa169fdaa85fa9afeb60f296a968
SHA1 f6d1ced3627c6a2a03a5fc5a342e9aceedf8c5b6
SHA256 b4df7eaa111219fb8d2fcab0f071a66d48295791aa59fa3bc552b8ebfb5f460f
SHA512 8a067bea5e42ce8252229c4f0438664da224cd819dedc413a991c2ba24f290bd784bd1d64b1ad5d611b6cc731032e2902f4d4a49efa4db5e87833e09173fa196

/root/.mozilla/firefox/zio5au8y.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/zio5au8y.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/zio5au8y.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/zio5au8y.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/zio5au8y.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 332bf76609130a6d680918664539f2f3
SHA1 007ca59994c228c910d6530990b587ec9cf794b0
SHA256 1c721c01d2e1dd8163d2679a229ff14850ea6eb2bf1305410a5ee8ef2e65e8b8
SHA512 5487368a8dbbe7ab36f42d97ae45e416b9b14c2206ac8279f76a419793e17ac0f06e259e415371978d3c54eb0e00ec392e671e58571613cb7bb904bcfa44f883

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 f8122b2f8898340a22059158c3f8b815
SHA1 415b65dae773c7faefeaceaf66cad309d14a17fb
SHA256 9c953987fda4d76ef39723ddc8f177cce1d22d4197fa2ee50bbb244be6880822
SHA512 3c5528932db2bbb21fc6dc4d7d9d7a92b4d8e46a7d2efa368f3e09336264d4d5950c42583b17bfce93957f1845540e4c58f0fcea6d9a751f69889e05b43ac7b1

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 db4e61a986f02e6b30418a15a890ff9d
SHA1 1976c594382b08be0ecb269152c5e11769912241
SHA256 d23945577913d3ef76e8e2e9b29ffe503356fb4aa8a8e483261038e862583511
SHA512 02e1c4cd7b8485e6ffb6aa7db5e5df0b48f86c4280fc45a9b8d0e2a090e3465bb09c56134f85cf9c9fb2f2bd978953b8172c174d4c828b02a7905cba58f24570

/root/.mozilla/firefox/zio5au8y.default-release/prefs.js

MD5 b506d742c5adb6b4da1cfba1951272b9
SHA1 6b0102e2ee89c8f446660bc8182914b79f7ee57b
SHA256 584f88d88dd6b48a9b17733d115d964345fbca21366094f91557b9516c1811a1
SHA512 596f8343d1fd8d813c91191eda8e66069a7d71b044ed698ae9f8c1ff363641956456ef14b9d7219b1dba876a9247c4a64d4355d91e6c17a02a3eab510910b696

/root/.cache/dconf/user

MD5 2a3c836f7030763db528e5aa5ac71f82
SHA1 dff8acc1481fd233214feb7f715baf24c9c5d6f8
SHA256 4cf5af027d9a949a881e505bd7c7b14c5eb61ff47d159b585a331d690501d13d
SHA512 e898976101a6e6d2507e036df5c300f9bc79fb3c0509f73ab0a38f64edfc2387e119d6385ed399862cc3c8b66890cfb100a2a97b75e05dfb76359240cd67c615

/root/.mozilla/firefox/zio5au8y.default-release/permissions.sqlite

MD5 bc787bc04267e945769f70d71ce78eff
SHA1 04c3045b74938a1613c0ad2ba52c11f04009438f
SHA256 c68b5439527a650b7eb2d12a3d6031eeb7af8e2dc53e6bca0f02032e4c2b40b7
SHA512 9b4bcc9bc8dce7e6a7bce873ac326ea0e02941c3d70e16d74d1e791b4e875dd7c35f543531ddd68ce6d9ec0217fd1f980aeb9cd42ae9fbf2c0f8dbdc5ff22db5

/root/.mozilla/firefox/zio5au8y.default-release/prefs-1.js

MD5 f7d90caba96767dd29b005c43dbed3aa
SHA1 cd61a5cfeb83b6cabc7c3f644574af595b89d897
SHA256 4cb175ed47d1b6fc2b9fa25803100908699258b72c4646002a5955335baf9ebe
SHA512 bc35d8e456bfc2fbdd1c7892426ca674e35456f23f27e63aa7e92359c1a67593ed4381f81a62ea53802345a9aea83408ee5ff8abc2a9fa8f7125ce048f46f64f

/root/.mozilla/firefox/zio5au8y.default-release/times.json

MD5 e5fcfcbc576880b0ec629bb5c401e080
SHA1 e37c2e2e7f41bb47bd14b6610e92630b79e41341
SHA256 a73990601971b309d780a257d5a48d61323578463dd5b27dad469018d6b96d60
SHA512 fab5a0802eff3927b27c7703d0851bfaf33f1b7f001aa9b79d5314078aac2f78d099fb515de77ba9583b96fb4e2bc0fda32b0a1158e0c0af43818329ea9416d7

/root/.mozilla/firefox/zio5au8y.default-release/cert9.db

MD5 594f6356cc9b65f0b90cf17759a53181
SHA1 65bef28eaa4a4fe2b06faf04285f7ddb6c06b676
SHA256 64f1b97476aa10a7b3ce86df62e04555faa680aa465fe0046e1eb1c06d460d02
SHA512 2130b67e20c1d206100f40990d441190396849a1d4b4c654daa8fa786dba3f23bb9443745389c3d0e12beb85f1abf0a0686df5243088a46291d4f2cf4a69a330

/root/.mozilla/firefox/zio5au8y.default-release/key4.db

MD5 8a3c67deb68057b6ac6a73aec1ae9887
SHA1 6e96e13b0d14075de286ce6dfac4bb57ca6f1f64
SHA256 70d2490f169a17f9196fcf65cff05adf40f75aaec6f2de2ad7a9c4b7a95378d3
SHA512 32a3c5e82fb63c107fbeb4e3382264b61d00e2fbb226633ad33983584bf7bba7646027e651b29c7b1eae47462805d075140d8710f97dd704c4775c788a3c9bef

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 abed3b47f5b5a0f69d00ef506cd26c38
SHA1 309e495135939ed4ccae5aca7046779ea51cf6e1
SHA256 d347b9268f5b34f0b992e629473e98b25a3de943c8b87dc482307c0fa2f9c06b
SHA512 fe9ca66633b6fbab73ea6c6ee4da45f594305ab054ff5c02e63f8e16452ac12d4332a83a8fb7c2b15421faaa714787a8204887f0267c1e4c898acf871c3c2b19

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.mozilla/firefox/zio5au8y.default-release/prefs-1.js

MD5 8f4dd925c31655ee4aa006f593118fe6
SHA1 6280be3514fd4795132c85624552c6bbe50b64f4
SHA256 a6ddef8faa076b089a2ca7b519e7893c616f46c1db4a58f7e69c8dd0b09f0430
SHA512 16509b26f501fe931924ea050010f76a2fab9624b4bd4577376dfc249ba22a96129053952ad0897c3bced3823faa04cfc26edebd94ac46c7daa09a7bfc8a8b2d

/root/.cache/mozilla/firefox/zio5au8y.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 ccfe19ba64b8c23baf70b68549cfb8e4
SHA1 dc2bb8d83d59b23a55d3259c62ef6dde9dce836d
SHA256 33ba15a2c54b53c161e42efa53b9fcaccdc7e7481c1bb95c1bf26131c3adb35e
SHA512 5c7f5aba64e88a72f9e61edb6c19544521a54fa9ac2a1bcda882d7bc466ee7decdb74c9b1fc23dc814d092054c23c52ee5e06333a7ada541e1ced281e77a93a0

/root/.mozilla/firefox/zio5au8y.default-release/prefs-1.js

MD5 de174d374824073146bc433b5fadd98a
SHA1 92509a896116ca6e091c9479c91d5216a85c61ef
SHA256 7deefd36b782aa6e846093d938fee894df78a49d496af202ca3cbdf15758476e
SHA512 de0c843b6f41eaaa367767fc7b39e5a1e9763fd75ca5f9cf2d6d18cc86e97cab66c628c1bfe09830ef1c75db9ee3636c67ffa9ae15574cdb679b89923487a7e8

/root/.mozilla/firefox/zio5au8y.default-release/cert9.db

MD5 c73921272cc11f52013bd736b3f1b8ab
SHA1 5676f6afba6a1747da95620ff97a928663e663e8
SHA256 8a9b92c953b1ccbc232b1612fe5203f946d73d45eb30d8677663a468977977e4
SHA512 f6cf9f2254b944001a86a58e8c44bd941bdb57598a6c469ce6e3232d8f0d2a92d0b0663dac99cf55f8a01cc7acd2d4af6a18da4774dcca23deabbf0bd093cb4f

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 99c57d01a3c38779e1f4bd5dd93dc927
SHA1 0cd641e68a30d6ad64f48d98b2b1d8420b695e23
SHA256 529c5cd062c03e8199691c61ad527f8950bb52184d1029285c55b2e6c3763c3c
SHA512 7be092b2266cecaa3565bbdbdbe96a26556d540e83dc743a7099887a635ae8a4315c3e83c69d20b2065d22b4847ce29d06c2ff1042b13dba93cd48968e5233ae

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 e456170c21762760e00cd427ccf8407c
SHA1 ea4f9452e0834b85efcefce207200fd2ad804911
SHA256 31725e90088cba27665a705c8f00bc7a5f70a1ef594c84f12a0a1180bd424efd
SHA512 7fad30b32fe8b43f69f07597c4ed76c3d82f24d413d92106f6a3ed4b1572f632242a99fbb10450e1356f5fe500c9134d7588a4e8b3b9034c584a395dfeb2bc78

/root/.mozilla/firefox/zio5au8y.default-release/cert9.db

MD5 27c863833372a94c8d58e2a6df13e2fd
SHA1 2cdb202e919f586e395cd921ffc410506f1df2a1
SHA256 5acb0a1126f2697f45595b7ae5e6a227a3e88cdaba41351ef022d8bef8ce64d8
SHA512 dfe1da4afd01dff3b240842fc613336c2d4bdb7bb92b77aa8bb002a184dc1b444f6cf9eded77f112ee6e69c49b2fa8c25f771d57abfdf9d5f471d3224fe66ace

/root/.mozilla/firefox/zio5au8y.default-release/prefs-1.js

MD5 c9a1a1df048fa87c80b4ecd0c3caf02c
SHA1 56166379bc4cccdac9a98c33ff8672e4e68010d1
SHA256 9bd4b5a7dd204c01f89b176965a9f95e81831751f1f2590ed2f6cfb0009307ba
SHA512 96523a2c91dc499dbbad70aba505c01157a7703632917c619cf2f393b99090d7eaa84cdd54b59955c314161368bbee08e726d51879eb6d9cc0b3e14d90ea7526

/root/.mozilla/firefox/zio5au8y.default-release/cert9.db

MD5 620406fed072aa36ef338c56b42a5a52
SHA1 542e381a326ac47558e3f45280c00078c012b0be
SHA256 f60eb8fa206fb73114a87e478527aed013d1649d40121b89de78e1aea07b3eb3
SHA512 7c93ecfd41e4f48838b3e86f094928b7fe8c0a1448a3b355166ae6bee0e7ec93469ccbf18ac382e3bc13ab778be9afc129ac5448ff6f0b25f68e041bcea7e94f

/root/.mozilla/firefox/zio5au8y.default-release/places.sqlite

MD5 da3f4461ed481c1f76df8abb2790a427
SHA1 44c28184c26f2bec3c6b8e8413034782121bbf03
SHA256 82ff9a719ec4874ed9ee278e544028a54bd6795f528f5cd28c3e0dd631c64b34
SHA512 cdfdd958018867b037c4a60acea5d5bdc3fd616783418d5c0b4a121244fc4f1edc8221c423891a591e7a6a55ca3f9af9cd45230ebd53c529565198c5b3962fef

/root/.mozilla/firefox/zio5au8y.default-release/favicons.sqlite

MD5 3c0a1ec298284608bfa51081ea539be3
SHA1 e51b58f6fe89d45fd8a1d935b51da172d5f6f32e
SHA256 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2
SHA512 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

/root/.cache/mozilla/firefox/zio5au8y.default-release/cache2/entries/82F4CDEDC8A08E6BCE520A4114F15825F2E886F6

MD5 e130cbcbe7d0f8ec6426dabcaa0e0193
SHA1 d016605ab6753950efadf7adcda8fe0daa20fd72
SHA256 9ec3bb5dd76a42a578a0e723474fa9e0db843f3a2b17f50641fe3b0fe8e5d6e2
SHA512 630c503bdae5feb4d50699b77965fd4d7f5f9bb904e4371f9247b6125b453fe537a237511f65c92d2fc9dc5798583a4c752ef06d97d920aa3552f7f52045ef68

/root/.mozilla/firefox/zio5au8y.default-release/prefs-1.js

MD5 c8bfc105e61d2ba3cf9c551da9601325
SHA1 8251a242a5767a79f5cdd8351ed02ecbeef12eea
SHA256 9a3f4ac8b5fd31a8ed3363355bba2ca72f45ac981debdf88435a233b3d7754bb
SHA512 eb67c84e25b4aee4116651d8cc7ff6e09f806f031419f3c8ce1212bc66efbb9b19f358a31f639bdbe0a540827676f626fb75b96aff07e07fecc9d53d3b54cc07

/root/.mozilla/firefox/zio5au8y.default-release/content-prefs.sqlite

MD5 1fc2e7b7fe2c5be305dfa9a2bbb60771
SHA1 4967389dea050001cb1af3ec799edb7805c3abb8
SHA256 1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a
SHA512 fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 9066b3ef59bd776b4951d091de3302e4
SHA1 c4eb16f9f7b80674bb79e8fb0c3913694473b47a
SHA256 8894bfb90b5440d0b7d77d47bf5f2d6ec4d94dcfc24471cf9348567cb37d30dd
SHA512 71ee1a3f0b6a86613409047b9ff2e0c8c4ebc301fcfebb4b4f671bb4dca6ae8b4d91b55762ca19c0de9c49697d5616f9374d6e991e8b4f47ae29d1795d328e1f

/root/.cache/mozilla/firefox/zio5au8y.default-release/cache2/doomed/1687300281

MD5 75563e9fdbd69a48b46669de954838ca
SHA1 8f79a7e937db8397d79d6f81becaa3d3a8c2c933
SHA256 e56db6162d898fa2ea584574deb7d684baeeb2990f0f24d204c952a97bb2959a
SHA512 5c57ca841fb7f5732361917dde9ebbceceddb58d0f49561f9300a5ece34cb14b6fe80fd7858991919ee4c7d297cb422ed0f92a158b23f83e05e82637e2023bc2

/root/.cache/mozilla/firefox/zio5au8y.default-release/cache2/entries/6D89348819C8881868053197CA0754F36784BF5F

MD5 06bc5c22d9eb7cbc2f29a4669588578e
SHA1 ff783037f042c0f0181786eb2c65580c5c1a746d
SHA256 f83f7e53adae3d0037ceb37d566de96ae558a6530c8e58027fa87c6c5fe5a2f1
SHA512 440087e79656b72e3168d6e0f12284b93b53e1514bc398a95b4720402f04ce9aed3426c7979bafbe4180380e425b11b7563327c5b7473e3f657aeb2a6814da8d

/root/.cache/mozilla/firefox/zio5au8y.default-release/cache2/entries/099EB2BF8827A4F91EAB3E38B14650D0205226F2

MD5 4d44542652b7af0cb65b317029baf759
SHA1 6494f620037fb9b71f79244c2175a1c9184c62a7
SHA256 860ebf4652adea6d5d3065717c581f3c4e3814a821d03004f463f9371fd2777f
SHA512 894f45c11eed4d504b38494802565f234577095821eaf051a35731268bf41c08949a3a73432e1f7b66f84d6510c30c190d608726a505fd0cd4021bdc61c78112

/root/.cache/mozilla/firefox/zio5au8y.default-release/cache2/entries/44230749A38B6989F56217B435A03E84CCADE62D

MD5 684a58bf8bd250833f4741a22158bcf4
SHA1 aa01c643e3ec6fe474a9960ad21324afd7279eee
SHA256 6db935af0a3dce25cdcd973e6152a6403a3277364739bd6007b2aa7db9361619
SHA512 a06f53d03918d969936c31caa3c43529cc05e150e9eb166ac41ed5e152e809081fcd79ebd3f1a05d643c0087793df6b44020055948e3aa7a6857fb54865a6912

/root/.mozilla/firefox/zio5au8y.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 5b7b627e833d3499e0ed0309a3692043
SHA1 e8fb00374e766d43c4e440771ecc41e91eb9ca4e
SHA256 a5b4811219a54db7d85cd26f4d1764448e66015470d4c8d5cc74205b967bf82e
SHA512 babbecfa166903d705abfe51c8efa6497bff0d32f6d735b8568fafdd2e427d657a46f348abac0b97fc8274ec56094e35d53dedf372642f9250cc08a99a43c85b

/root/.cache/mozilla/firefox/zio5au8y.default-release/cache2/entries/3E2001B369B8D3A5943D3B7112C89FA55150B4F7

MD5 60549be3abc753792c9b67c348566ea9
SHA1 426a2d5d29d6bed8b51683e4d73651e99c14eae6
SHA256 7744a5d84e70266fcff97fbfe50e192d9b97031b8dc2de3ea4c688877b8427df
SHA512 47186da78a341a07d51a6c7584cce6079198976fa6df3dcd19529ad3d72566910189ab0073709258c4a864abc2a6a6b5976c64fe70052897e62b0199ba363244