Malware Analysis Report

2025-01-23 15:27

Sample ID 240417-dfznxadd4t
Target https://www.google.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://www.google.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Reads user data of web browsers

Changes its process name

Checks CPU configuration

Reads CPU attributes

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 02:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 02:57

Reported

2024-04-17 02:59

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

8s

Max time network

61s

Command Line

[firefox -new-tab https://www.google.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/storage.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/storage.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/compatibility.ini /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release/cookies.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/glgioyh5.default-release N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/filesystems /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/fd/29 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/41 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/45 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1569/stat N/A N/A
File opened for reading /proc/self/stat N/A N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/mounts /usr/bin/dbus-daemon N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1567/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1586/attr/current N/A N/A
File opened for reading /proc/self/fd/34 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd N/A N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/1586/status N/A N/A
File opened for reading /proc/self/fd/43 /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://www.google.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://www.google.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 151.101.129.91:443 tcp
GB 195.181.164.19:443 tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 44.240.56.209:443 location.services.mozilla.com tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozorg.moz.works udp
NL 18.239.17.158:443 www.mozilla.org tcp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
NL 104.97.14.24:80 a1887.dscq.akamai.net tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.117.188.166:443 spocs.getpocket.com udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 1.1.1.1:53 content-signature-2.cdn.mozilla.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 44.239.14.124:443 shavar.services.mozilla.com tcp
NL 104.97.14.49:80 a1887.dscq.akamai.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.cdn.mozilla.net udp
US 1.1.1.1:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 firefox-settings-attachments.cdn.mozilla.net udp
US 1.1.1.1:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 1.1.1.1:53 fp2e7a.wpc.phicdn.net udp
US 1.1.1.1:53 turbobit.net udp
US 1.1.1.1:53 turbobit.net udp
NL 212.192.240.178:443 turbobit.net tcp
NL 104.97.14.49:80 a1887.dscq.akamai.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 212.192.240.178:80 turbobit.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 support.mozilla.org udp
US 1.1.1.1:53 us-west1.prod.sumo.prod.webservices.mozgcp.net udp
NL 212.192.240.178:443 turbobit.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
NL 212.192.240.178:443 turbobit.net tcp
US 1.1.1.1:53 turbo.to udp
US 1.1.1.1:53 turbo.to udp
US 1.1.1.1:53 hif.to udp
US 1.1.1.1:53 hif.to udp
US 1.1.1.1:53 app.turbobit.net udp
US 1.1.1.1:53 app.turbobit.net udp
NL 5.61.56.172:443 turbo.to tcp
NL 212.192.240.178:443 app.turbobit.net tcp
NL 212.192.240.178:443 app.turbobit.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
NL 5.45.70.250:443 hif.to tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
NL 5.45.70.250:80 hif.to tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 1.1.1.1:53 vo.turbocap.net udp
US 1.1.1.1:53 vo.turbocap.net udp
FI 135.181.208.216:443 vo.turbocap.net tcp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 cdn.jsdelivr.net udp
US 1.1.1.1:53 counter.yadro.ru udp
US 1.1.1.1:53 counter.yadro.ru udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 151.101.193.229:443 cdn.jsdelivr.net udp
US 1.1.1.1:53 s.o333o.com udp
US 1.1.1.1:53 s.o333o.com udp
FI 135.181.208.216:443 vo.turbocap.net tcp
DE 85.10.205.45:443 s.o333o.com tcp
US 1.1.1.1:53 turbobita.net udp
US 1.1.1.1:53 turbobita.net udp
NL 5.61.48.58:443 turbobita.net tcp
US 1.1.1.1:53 mc.yandex.ru udp
US 1.1.1.1:53 mc.yandex.ru udp
RU 93.158.134.119:443 mc.yandex.ru tcp
US 1.1.1.1:53 i.gyazo.com udp
US 1.1.1.1:53 i.gyazo.com udp
US 104.18.24.163:443 i.gyazo.com tcp
US 104.18.24.163:443 i.gyazo.com tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
NL 52.222.139.46:443 services.addons.mozilla.org tcp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 aus5.mozilla.org udp
US 1.1.1.1:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 1.1.1.1:53 normandy.cdn.mozilla.net udp
US 1.1.1.1:53 normandy-cdn.services.mozilla.com udp
US 35.201.103.21:443 normandy.cdn.mozilla.net tcp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 a1887.dscq.akamai.net udp
US 1.1.1.1:53 archive.mozilla.org udp
US 1.1.1.1:53 archive.mozilla.org udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 1.1.1.1:53 classify-client.services.mozilla.com udp
US 34.117.35.28:443 archive.mozilla.org tcp
US 1.1.1.1:53 prod-classifyclient.normandy.prod.cloudops.mozgcp.net udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 1.1.1.1:53 ciscobinary.openh264.org udp
US 34.98.75.36:443 classify-client.services.mozilla.com tcp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 4c82541b68a03e418053d087712d080f
SHA1 722b87f0f2f5c0c0b59c7bd28a1ea21990edcd02
SHA256 434a1afd12836ccadc1a4eaa2ffe97de1b4ea5f4c0d65af1f8974d08211dc66d
SHA512 d4340b4f3d33d4c7f4665b857cd6f4d2968dd5a2222b7c3e3ceabcd5cff9bc3f92f2a3747813b4b15703ffaeec6a944bf39d6fed7c18a3aab8a74a7ec809893b

/root/.mozilla/firefox/glgioyh5.default-release/times.json

MD5 1ad9738d886cde94b708bdd985294400
SHA1 48e3a4202c1d9cabb4dbe10ab2ec75e812bc3a80
SHA256 c05243eca6e6d9598ddd435a1d85ede30f1a10ab60a7e31afbab15aa1dd08b59
SHA512 e4a176ed553e49c89f34f0168d483684c0936ef8bf96969b6c03ec8a5b0c4a6bb8bf3a2cd6436458bcf8ae05c386a9c48f161084ecb721c7cc60445dc8ddafaa

/root/.mozilla/firefox/40r4p28g.default/times.json

MD5 8d7acbd7755a0f3b78870a95a7586f86
SHA1 e800391d70035c96a9981a9c7dbc6f7d89113cc5
SHA256 f05b0e5c0a4270968f0ec71586e5a23a45caafb809c7e543fcf8cde821973133
SHA512 0df5544893f3bca7c329df4c8cbfe048505755cf471c4b8344ebfd003cb4fb6d6144d8f4a8f27da76fffd0e2601dea023061511d2ee7df710146a5908ae42888

/root/.mozilla/firefox/installs.ini

MD5 294bbe84f888802a7c4c087c48db5834
SHA1 1c2479330f0f580b6c5a9a9a1dc3982c4bf0e9be
SHA256 173927d87d73de68c4151431526d87904363e8e19c3065b89ac2f32ee77ec7e8
SHA512 f820ddaaeacf8928063852dd193a5ba32d8eb739ac697c3e49798f140c96314a409d7794f1bee40e30d33ef0b010ae5f0a3286dd4236f2d83c85bb7f93e9a875

/root/.mozilla/firefox/profiles.ini

MD5 8b266c8c52ff6dcd5c2749ca72bf5276
SHA1 b39139ccb4cd58c2a9271897e4b7c1586b081a28
SHA256 e158ec25d48c73d9a7d96e0640f7ddae90e9c1ffca4b92b098565944fca358d7
SHA512 aabe0d474457b62b9dc17ecc120ef57a3b2ef775d59f24ac3581dc5c4f1340300930aa0d182c3405c885e3ef06b82840c125eb47270bfa06c0ee24e969088a2f

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 d74b9640394742726fa1063a89e7ef0c
SHA1 593822aea2318be3335fb31ccd20bbf8575045ea
SHA256 8bfff5d9372bb422e153ec30fc1953bc0944fbe4b6926ed4bb8399ad95ea0579
SHA512 9ac62ccd3989de725460c2f22a470ffd094ef8408e7ad7b330b83969cddb98a3c802c570f5389dd267dbeb6a7f2a14bb7ac1277068580b80163f1f835d68e91d

/root/.mozilla/firefox/glgioyh5.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/glgioyh5.default-release/prefs.js

MD5 d34fb2a881ab573f25392470f99d3012
SHA1 bf1ec3f7af3a996f98fced512454b69330ad6288
SHA256 5ee86b18d6f18c385c7ea2773033b65eff8dc21cc2c7c30c49f3695d6636bb13
SHA512 70461a9d525c840863829ad4a6b72e1416fcbf2f9ee2b5cf6533adc245a5d51f4d3dc3318dc47194bae3512361baef430d9fb900d81ef75b9ecb084f615107ca