Malware Analysis Report

2025-01-23 15:27

Sample ID 240417-gvjg1shb9t
Target https://trixxware.sellauth.com
Tags
antivm spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file https://trixxware.sellauth.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm spyware stealer

Changes its process name

Reads user data of web browsers

Checks CPU configuration

Reads CPU attributes

Writes file to tmp directory

Enumerates kernel/hardware configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-17 06:07

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-17 06:07

Reported

2024-04-17 06:07

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-04-17 06:07

Reported

2024-04-17 06:07

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-04-17 06:07

Reported

2024-04-17 06:07

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-17 06:07

Reported

2024-04-17 06:08

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

6s

Max time network

27s

Command Line

[firefox -new-tab https://trixxware.sellauth.com]

Signatures

Changes its process name

Description Indicator Process Target
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Parent N/A N/A
Changes the process name, possibly in an attempt to hide itself glean.dispatche N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself IPDL Background N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself Netlink Monitor N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself HTML5 Parser N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself JS Watchdog N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself BGReadURLs N/A N/A
Changes the process name, possibly in an attempt to hide itself Cache2 I/O N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself Cookie N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself TaskCon~ller #0 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself BgIOThr~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself QuotaManager IO N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IndexedDB #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC Launch N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself SandboxReporter N/A N/A
Changes the process name, possibly in an attempt to hide itself Breakpad Server N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself DOM Worker N/A N/A
Changes the process name, possibly in an attempt to hide itself Sandbox Forked N/A N/A
Changes the process name, possibly in an attempt to hide itself Chroot Helper N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #5 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #4 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #3 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself StreamTrans #2 N/A N/A
Changes the process name, possibly in an attempt to hide itself MainThread /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself IPC I/O Child N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1591 N/A N/A
Changes the process name, possibly in an attempt to hide itself FSBroker1591 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Process /usr/lib/firefox/firefox N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Backgro~Pool #1 N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Socket Thread N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself Timer N/A N/A
Changes the process name, possibly in an attempt to hide itself ProfilerChild N/A N/A

Reads user data of web browsers

spyware stealer
Description Indicator Process Target
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/broadcast-listeners.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/prefs.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/user.js /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/browser-extension-data/[email protected]/storage.js N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/2918063365piupsah.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/2918063365piupsah.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/datareporting/glean/deletion_request N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/protections.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cert_override.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/places.sqlite-wal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cookies.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/extension-preferences.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/places.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/extensions.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/webappsstore.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/logins-backup.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/ls-archive.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cert9.db N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/sessionstore-backups/previous.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/sessionstore-backups/recovery.baklz4 N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/permissions.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/pkcs11.txt /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cert9.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/search.json.mozlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cookies.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/ClientAuthRememberList.txt N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/sessionstore.js N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/sessionstore-backups/recovery.js N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/webappsstore.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/datareporting/glean/pending_pings N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/content-prefs.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cookies.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/key4.db N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cert9.db-journal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/temporary N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/system-extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/datareporting/glean/events N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/key4.db /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/SiteSecurityServiceState.txt N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/addonStartup.json.lz4 /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/shield-preference-experiments.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/datareporting/glean/pending_pings/2dee0818-985e-447c-a23b-b1a91aa40b3c N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/ExperimentStoreData.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/extensions /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/times.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/sessionstore-backups/recovery.bak N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/extension-settings.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/favicons.sqlite /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/logins.json N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/favicons.sqlite N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/places.sqlite-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/cert9.db-journal /usr/lib/firefox/firefox N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/datareporting/glean/pending_pings/f313f83b-43dc-44b2-b2ee-76b654298132 N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/sessionstore.jsonlz4 N/A N/A
File opened for reading /root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite-wal N/A N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo N/A N/A

Reads CPU attributes

Description Indicator Process Target
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq N/A N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index2/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/online N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/present N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu/cpu0/cache/index3/size N/A N/A
File opened for reading /sys/devices/system/cpu/present /usr/lib/firefox/firefox N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
File opened for reading /sys/bus/pci/devices N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/irq N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/device N/A N/A
File opened for reading /sys/devices/system/cpu N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/uevent N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/resource N/A N/A
File opened for reading /sys/kernel/security/apparmor/features/dbus/mask /usr/bin/dbus-daemon N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/device N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/class N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/irq N/A N/A
File opened for reading /sys/devices/pci0000:00/0000:00:02.0/subsystem_device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:04.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/device N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/vendor N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.3/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:02.0/irq N/A N/A
File opened for reading /sys/devices/system/cpu /usr/lib/firefox/firefox N/A
File opened for reading /sys/bus/pci/devices/0000:00:03.0/irq N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:01.1/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:06.0/device N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:05.0/class N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/resource N/A N/A
File opened for reading /sys/bus/pci/devices/0000:00:00.0/class N/A N/A
File opened for reading /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us /usr/lib/firefox/firefox N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/38 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1706/stat N/A N/A
File opened for reading /proc/self/fd/104 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/48 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1730/stat N/A N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/1727/smaps N/A N/A
File opened for reading /proc/self/fd/36 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/40 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/42 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/46 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1677/smaps N/A N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-permission-store N/A
File opened for reading /proc/1639/cmdline N/A N/A
File opened for reading /proc/self/cgroup /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1556/stat N/A N/A
File opened for reading /proc/1610/cmdline N/A N/A
File opened for reading /proc/1746/statm N/A N/A
File opened for reading /proc/self/fd/50 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/6 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/86 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/127 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/task/1797/stat N/A N/A
File opened for reading /proc/self/task/1803/stat N/A N/A
File opened for reading /proc/1567/status N/A N/A
File opened for reading /proc/1619/cmdline N/A N/A
File opened for reading /proc/1630/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd-fuse N/A
File opened for reading /proc/self/fd/102 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/31 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/47 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1699/smaps N/A N/A
File opened for reading /proc/self/fd/33 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1677/statm N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1567/attr/current N/A N/A
File opened for reading /proc/self/fd/39 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-desktop-portal N/A
File opened for reading /proc/1634/cmdline N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1746/smaps N/A N/A
File opened for reading /proc/self/fd/111 /usr/lib/firefox/firefox N/A
File opened for reading /proc/sys/kernel/cap_last_cap N/A N/A
File opened for reading /proc/self/fd/49 /usr/lib/firefox/firefox N/A
File opened for reading /proc/filesystems /usr/libexec/xdg-document-portal N/A
File opened for reading /proc/self/task/1683/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/firefox/firefox N/A
File opened for reading /proc/1552/cmdline N/A N/A
File opened for reading /proc/self/fd/44 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/fd/76 /usr/lib/firefox/firefox N/A
File opened for reading /proc/1699/statm N/A N/A
File opened for reading /proc/self/fd/105 /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A
File opened for reading /proc/self/mountinfo N/A N/A
File opened for reading /proc/self/task/1598/stat N/A N/A
File opened for reading /proc/filesystems /usr/lib/gvfs/gvfsd N/A
File opened for reading /proc/self/maps /usr/lib/firefox/firefox N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/firefox/.parentlock /usr/lib/firefox/firefox N/A

Processes

/usr/bin/firefox

[firefox -new-tab https://trixxware.sellauth.com]

/usr/bin/which

[which /usr/bin/firefox]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -new-tab https://trixxware.sellauth.com]

/usr/bin/dbus-launch

[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-daemon

[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]

/usr/bin/lsb_release

[/usr/bin/lsb_release -idrc]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser {78762d0a-fc02-4037-a275-a6e6e9ded73d} 1552 true socket]

/usr/local/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/local/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/sbin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/bin/dbus-launch

[dbus-launch --autolaunch=11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]

/usr/libexec/xdg-desktop-portal

[/usr/libexec/xdg-desktop-portal]

/usr/libexec/xdg-document-portal

[/usr/libexec/xdg-document-portal]

/usr/libexec/xdg-permission-store

[/usr/libexec/xdg-permission-store]

/usr/libexec/xdg-desktop-portal-gtk

[/usr/libexec/xdg-desktop-portal-gtk]

/usr/lib/gvfs/gvfsd

[/usr/lib/gvfs/gvfsd]

/usr/lib/gvfs/gvfsd-fuse

[/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {744f766a-4e19-4ebd-8a87-3405a45fb283} 1552 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {98242dc2-6fe1-48da-b872-32a88bc5d1df} 1552 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {c820d2d6-abe0-4149-ae88-e0606065f26b} 1552 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 27881 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {98978214-047c-4716-a183-316de4589010} 1552 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 27471 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {721952e0-818c-4415-a707-82d109451717} 1552 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 6 -isForBrowser -prefsLen 27471 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {cca6e8b6-5d2f-4b1c-902b-9b6708a972b2} 1552 true tab]

/usr/lib/firefox/firefox

[/usr/lib/firefox/firefox -contentproc -childID 7 -isForBrowser -prefsLen 27471 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser {85cbbe76-40b9-447b-bd96-e979e0ca96a9} 1552 true tab]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.194.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
US 1.1.1.1:53 services.addons.mozilla.org udp
US 1.1.1.1:53 services.addons.mozilla.org udp
GB 18.245.162.43:443 services.addons.mozilla.org tcp
GB 18.245.162.43:443 services.addons.mozilla.org tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 location.services.mozilla.com udp
US 1.1.1.1:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 52.34.56.182:443 location.services.mozilla.com tcp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 detectportal.firefox.com udp
US 1.1.1.1:53 trixxware.sellauth.com udp
US 1.1.1.1:53 trixxware.sellauth.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 www.mozilla.org udp
US 1.1.1.1:53 www.mozilla.org udp
US 104.21.64.71:443 trixxware.sellauth.com tcp
GB 195.181.164.17:443 tcp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 1.1.1.1:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 example.org udp
US 1.1.1.1:53 ipv4only.arpa udp
US 1.1.1.1:53 ipv4only.arpa udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 firefox.settings.services.mozilla.com udp
US 1.1.1.1:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 1.1.1.1:53 static.cloudflareinsights.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 1.1.1.1:53 getpocket.cdn.mozilla.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 spocs.getpocket.com udp
US 1.1.1.1:53 spocs.getpocket.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 shavar.services.mozilla.com udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 www.mozorg.moz.works udp
US 1.1.1.1:53 push.services.mozilla.com udp
US 1.1.1.1:53 shavar.prod.mozaws.net udp
US 1.1.1.1:53 autopush.prod.mozaws.net udp
US 52.10.78.57:443 shavar.services.mozilla.com tcp
GB 143.204.72.186:443 www.mozilla.org tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 incoming.telemetry.mozilla.org udp
US 1.1.1.1:53 telemetry-incoming.r53-2.services.mozilla.com udp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp

Files

/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052

MD5 75afe1c06362e671368758d5d739603c
SHA1 d47db20bf39891d0cf00bc4adb8690d57c52f453
SHA256 de2f473fedc84c631c13b6b86b0fa2a87854a0134d6622f9ca9759d89177fe19
SHA512 4905e95607229fd7cb4e62539edef55348146449d20f6ea9460bcf281736de2f0fc9df983b032e2228b8341399e262915b0f3ef214055d89e49310901866f695

/root/.mozilla/firefox/fnjqhvf3.default-release/times.json

MD5 05b648dd9c33f0a2f486d7be28e374e5
SHA1 d853458ab94bfadca3ba90226761682bdc29e534
SHA256 b89beb69957a3ca2bee43a0cbaa4e8f3bf20148ae70b06cca566badf6d0f7cd8
SHA512 0d47895c15ae814fc5c3575a570ba449286745b8caf56ca3f371d41f034afc5a1fc5f64f5b79e4a444cefcb6e01ef43142ea36ef87ddd0b75da758dacd03292d

/root/.mozilla/firefox/6fjdj0pi.default/times.json

MD5 c99fc760aff4c839e4c83ca7ec10e72e
SHA1 3c0346c4de19a34187d9196132b0b10411765c21
SHA256 c768bab1bbfd8f448170b83a1a33a79b4f15c9e1caec9e10ebb3bca55b839276
SHA512 120f7a9d9af1cb02df76263c3b9cee2d6fae2da333b15187468e289a7db24fd00b29f121b432701ff46765940b480d1abe74aa3b00aa7bcb223518d5abbc76a1

/root/.mozilla/firefox/installs.ini

MD5 48b894387519214986e2087b282b2fce
SHA1 d2f008175dbb03055ed2fa8ce1be3107e82cb290
SHA256 adfd69453bf270f1b18ad4be8c7deea126e00ce396f383b84c7888792a1f010e
SHA512 b159ab4e406fe1295b65f75bc4baa1fd3d34a9c215a3f248f83c3637fb27f4813b1506ff345c3d755f58d67201d452bad61b74a01fb7517dddba8d380ac4b5a8

/root/.mozilla/firefox/profiles.ini

MD5 43675bc08477ffc939615e5b696b59c7
SHA1 933dd2672b49fa9716e9c7b04391ba619d75a1d1
SHA256 1540721671675a7843bc884939ca6141a4ea5baf67322ce2542001806d9aaf77
SHA512 745bf850133100e8e18803665b8cd005860954aa302e0a7d9b0960c17d04f2ec6b08b52481e56771a0e4c97f1c3f3ab5674ff39488e104d94a35d64b3e022f95

/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0

MD5 86fc3e4f617cb23ed4662d0ad8d5287a
SHA1 c398dfc729a0a45baa1ccb1fc1a41c0d969a4a30
SHA256 a7a3a053f5538952bd171173c0ca9d217e0bbadd550e48d62e621dbe7abc84b9
SHA512 09eadb04cfb36e7b5b8196b497cb998a54d35abc7888d1fee9c510d056166c76df2b4867c0d76a8707edeb191783bf09dc711e09c96a1ae2b84526210932ca39

/root/.mozilla/firefox/fnjqhvf3.default-release/compatibility.ini

MD5 fe452b7294d5928a9a5863b89ee0a6bd
SHA1 a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256 d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512 dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

/root/.mozilla/firefox/fnjqhvf3.default-release/cookies.sqlite

MD5 9535f5fe817accc769c2c1d3354db39f
SHA1 6af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256 c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512 dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

/root/.mozilla/firefox/fnjqhvf3.default-release/cookies.sqlite

MD5 5caa766855d5613a999f71b7812d6451
SHA1 ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA256 3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA512 17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/ls-archive.sqlite

MD5 e0c613bfd69956a19ce2dc5e925aa223
SHA1 14accb230edcd6cb76967cdc6d4e5686db96b5df
SHA256 0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA512 01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/ls-archive.sqlite

MD5 178d71e5529d637ac62f7e75fdd75896
SHA1 339f2b949cc4c207b66aea11137448ba28d36dcb
SHA256 7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512 ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/.metadata-v2-tmp

MD5 dc24f8ead9332ae5c1d2bbe83c7647d1
SHA1 28653350b5a4ad455d8a12b36ffc23d95e3815be
SHA256 7c6e8f5cbfc1f6af895260f870710e170de522ed471316cc9e8aad76a0a05dfb
SHA512 a6a5d2ec66c025680608771d7203ef2c2f57e72ab924eb7adfbf9195f4d26712c2aafe2b87d320af6e250ab65794f89f7fc818ce700e8aa4b19598ffceee147e

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 07a412e08825220262ad2890757ff779
SHA1 f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256 da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA512 0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 8d37adf434103e6404cbd956e9b42998
SHA1 59a6630182da8765b7aa96c705cbda473248dde3
SHA256 5c8a0e41a56ba3fc77c2dc5b02cf41e6ecb7950371fa346122b7ab86dedb1dd6
SHA512 af5b989a61c2322c0215223eacb30958fecc71a98f1b5f9edd654c37a3c437b3222657aec7203292759793f29a200f8689ee8d14e30fef68a19e6aaec7a9faf1

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 6c40911121be907fc7baeccc99260019
SHA1 34fd007b132806aa3e8c7ac4e99f084e9d562542
SHA256 0d392284493a1004136b819f0bcbd0e436e1d7c84589a577fb046377932bfe7a
SHA512 e3897b186d9ae0d75a695db6a6df25545527b0714ae9c60b9914df08672c19a070390e316a207dde2ab39a0ce860330f4cc23484c31847b4ab991b19da61cba0

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs.js

MD5 147769f77f75f5a43eef886ac99a4697
SHA1 0740b2c12261cdfc01a5fafdd4b1d9d3a1ece8da
SHA256 f0afd54159a4e03c2eeebf06952548f59260b6ae773535cc435e5ad63a133fc2
SHA512 d435d274a2a19b9dedf735e7f2c976511904b63a065a0ee3c999595049261a9ecba3c0bedfc01b0b4bb1c27c4f7d729e5d631f8fa440bb591ddf41fdbf5f2b89

/root/.cache/dconf/user

MD5 c4103f122d27677c9db144cae1394a66
SHA1 1489f923c4dca729178b3e3233458550d8dddf29
SHA256 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA512 5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

/root/.mozilla/firefox/fnjqhvf3.default-release/permissions.sqlite

MD5 232fbc22dd03a8ec41edde02bdbea61c
SHA1 6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256 d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512 055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs-1.js

MD5 6827b5e2c7461ce52843183ac30d9f1a
SHA1 b24568fb931ad42f1cf91f9b1dc5c77b46493645
SHA256 df5b940fcf75beb698ecc744e1529caf766235e74e4fd7c6c992c4466d26f473
SHA512 9617ea47cfa2a57c8f873b1dbe97616e16fff304fc331592496812506eb3c9c07f4d10f2edafeeffc8ef0c5d8880778d4adc43769c99a6fe36b7431e412cb677

/root/.mozilla/firefox/fnjqhvf3.default-release/times.json

MD5 2f7ce395ffc1bb1101648405cb9d33a6
SHA1 edd63b7c93b048e7bee72391e8a269e5aa38968e
SHA256 69c5684af6a41c4b2d269973eadcd954f3b1ab81fd6151d7243cde5f4e704955
SHA512 7e6d6adeb254500a96394523d6c491f3a5eae87b846db52c74cb9465f8f4e99551baaaf82886ce8dc3f079d2434799cb377156afe28be0912efd425b321b4c92

/root/.mozilla/firefox/fnjqhvf3.default-release/cert9.db

MD5 f5fa86513f4eba00dd5025b2a6e0d4b3
SHA1 f694d4e096800dcab049c9bf74150247e47a8fc8
SHA256 ebc7045b785fb4bce10edf9d075bfe1b7fd2a9f00df76d7fb81ebeba23e484c6
SHA512 4eceb22b485f06b6c6960139e4ea396083b9387eb11fbdaeefe4e50e2b265efe61df46039a963ba3f972cfb55e9764c65cdab0f941a75ca18974de2e77efd4aa

/root/.mozilla/firefox/fnjqhvf3.default-release/key4.db

MD5 abb40ad5cfa85268728cdf9799a7f7fd
SHA1 52e1ed1e20ca503276ccb750fbeddbb8b46a99c9
SHA256 228d7eb24b542338f097e55f91f7ba7d0672fdce95948a9e5f6266c040631a10
SHA512 70d8bbf6cb54843aeebec5b8d26a0325ae312000bb8fb351dec7cb43038e35bf85a26b84089bef0c9122921d350a555a8657942b01b0869bf61b69a3d6a066ca

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 759544297aaa61f5fef8ee42d0ae4393
SHA1 fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA256 1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA512 8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 2a0f04c18f834be01de20566eb949ed5
SHA1 a41b19c9eecfd37a586387f4c807b9e44e5a104b
SHA256 b053f4a3194aa0a62fad23f444df5436cb52dcbdfba3cf9906d77fb696b16c2b
SHA512 7932778c4dd2d7a0438a1f5969e13e648e47e85515b26c0362c7615a4dce4ac465bbe323e8c76b4a4e5c0e33dfd5f39401cdf3e51b66adf9090771b0776e2f85

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 dd3f6ba37c670af5953593535e435d04
SHA1 ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA256 5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA512 86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

/root/.cache/mozilla/firefox/fnjqhvf3.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F

MD5 6e412667cd050adc04ccf537e25094b9
SHA1 6c1cdd257b7c6784183128b5d51a0b0dc69be5ee
SHA256 c7e5846587a01f3f1d9291b84e54d2d576e5714e96882f80484f77d75067bc05
SHA512 c03fc51eb30372c2e717527bdb835be9c4545545e284fd6551f73c49841c5a70e998fcc24580e3c2c5af83bb4578f1169df94feb02303795203eb6577420c8c0

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs-1.js

MD5 1b47dad50484696c0f3227359f4dab0e
SHA1 eb09c626ef2065ff2e315609c55ca48a47954939
SHA256 6c7561691c23a87beb7fcc685e613ea10fd0e9d5132c3bf97050f95402604b03
SHA512 93b9eda85c88edba45ab87689c02d60e208445370ea15d7d8d27e2f3f0b7c040f8c76dffec94a3d463027f38d96f8d222778c393a906974527e0ba5d56d203ef

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 a8dd7ebaad5528b23f82ccb1534cea18
SHA1 600daceacfb5cf9df0b66ba7dce4516b2ac4df70
SHA256 e5b0d02c18ae36c4a220f41fd97c66060c17aaafcbb324a57ccdc2707c44c4ec
SHA512 67f867a8e2b37fb6bececd5ebc570ca594ea329142badd63d1281d5e735f515a5e329abc6eb9a9d3465aab0a08541b4888018d859964f160a52345ab93532bff

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 ebd2bdc885d3165d5f4c1b80be624796
SHA1 0d50701f956b8aaa85002302daf8ae099b4fc2e5
SHA256 a124a5932676ee83af8820b9a1e021581ccf9129d33c8c9702b3213df9b9d132
SHA512 3677216e8076c1ca40c4913b23cade96bfb3c887c94865ac95e091dd5838dfb9da19bf31da635c4b32a1d2ce3d5682613af6b2c2fc4d4d06b02e6ea778d5dcd6

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 7352c8848e88edc39b7fb5e663888187
SHA1 8c3dffe25cc56c7aec1b782292d6fceed81e6304
SHA256 7a462086a26978809c719e57a7ea6a25568767fb7532014e8531fda94b660e0a
SHA512 f2a0dbbab5c2c1702b03bce15a47739481f523e127d1372b40534db9a20b2bc99fb53710ee0e5d44176188817cac704cf4f98cdf087e7e89d244281fcfc3b280

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1657114595AmcateirvtiSty.sqlite

MD5 b6f57973e9077a4b2bb79c0a922ee7df
SHA1 8f65098d8310b7c091e0322d438c13ff690668fd
SHA256 ad41cff86ca0e3f28ebc39eb98641582ca5defdd1a506b1e93cbc8b48ef9d3b2
SHA512 10ba07ec1470e5284d37e9e3626ba92ddbbf5b5a5b9a1a6c12426929f56d4b63e474c0855dfa39c116a3e04b1b75e82171a0015fbdd5df7e2c2a12f321777964

/root/.mozilla/firefox/fnjqhvf3.default-release/cert9.db

MD5 7d4ae7e7315d13b23725f02319028a6e
SHA1 0352c346f323807203302a50368fc822fe3d9625
SHA256 2f2456de462ff499be40ec87eae6d13e5c3ea14e4d55d23f4bf7103f8178e4b8
SHA512 72683c93ab4e8008851b24bd83d841dc5cc8f16e09655cd3d8c5a3aca542f90d7d0fdbf5eff4ddce380d8efb6bc07d1170b09975ba37c54cad0d1bba114251b9

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs-1.js

MD5 4f4cda6dadf24421e22e0e32eb912694
SHA1 9e52aa23fc22ac1a167fb94ec032b7360d4f2bd0
SHA256 799203e8d0cf3e572c2d83310a1e1152e526904b598f4974ffd64c338243883a
SHA512 e692e1a491b24e195fc43d1fd42d64dc3890268731fe1559c5d37066d7d22a48f09ac94e420d1351fe08fbddab41b1a0c118e667be227b3ff41bac80a22cf3b0

/root/.mozilla/firefox/fnjqhvf3.default-release/places.sqlite

MD5 2a9194391e3ddf4510cf84bfc5cad1a7
SHA1 7fcc7a7790af5f4b71885ba9c753b0f45887a143
SHA256 cbc2230cac8ed16117bbd3d154be539da04a7cb8cb4d23dd93a391735ca8336b
SHA512 8ecdabcb252d0be1aa976b3d44ea4eb2ebcd64279b8362c3c2a27ddc124dbb38935da27c7facee0f186ac97858adf00caf43fecc7000252bb3e3ea1a831b826b

/root/.mozilla/firefox/fnjqhvf3.default-release/favicons.sqlite

MD5 3c0a1ec298284608bfa51081ea539be3
SHA1 e51b58f6fe89d45fd8a1d935b51da172d5f6f32e
SHA256 34c4fe7ab2d3e44f193b489ebe84c17d67b336546af9ef231897ec09d7ff16f2
SHA512 8550f530377f7a98c46a6989bec2c43ed644274509a5b987e8e0d034bf867b3315dcc75a2c851a5ac43a45b40bf51c789d828a9a69c02157b3e900467341a28f

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 02dab7dd59ab6ccf75cd73d0d4ca7cc0
SHA1 28c0b9bd95f09a1674260e501e9ec9cdcb0eb6c4
SHA256 92c0cfde3837ce37353c3c54839c7f7a067622c886131a99b9b74eed837df00e
SHA512 9da3abe0c6fad322aaf28dca0ef5964006f435a7b1505c474762c98bd6ac71f07ee83df881aa97f3991c17b528f45e3a27f3a7060977e1f76ae9a5afaaa01a5e

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs-1.js

MD5 24b53c0a3b8ca3abec1bacc22cddb86e
SHA1 f45190ef6d4d7729456c204239a46db0f3bc4f3d
SHA256 52d2cbffedb9f55abc307ebf0830388bf47e382652afaa8460d40b9801093d44
SHA512 79b7406f212dd14fc040207d00d38187947fc94052a90fb1e9ca080a56a261bca0156506cebd4e198a91580752193a6d7700a4d64a1cabfb4f4f858a5c26f5cf

/root/.mozilla/firefox/fnjqhvf3.default-release/protections.sqlite

MD5 c7cc11494c34e02565df83d17beb33b3
SHA1 f379ad7c0fa73476d3828d8a89ef843046332c12
SHA256 7ca17bb171e22b4ec498c1d20587b30d62d773b114d0e66bb00ec874506eb85f
SHA512 0cfcb15a985a35e917c9652721b516e2d1c358c6db3dca4452e866d250b6269c4cc69773277f5ddd5a0c5a338f95d9f6134224f0097df194985161cd3d47cfd6

/root/.mozilla/firefox/fnjqhvf3.default-release/content-prefs.sqlite

MD5 1fc2e7b7fe2c5be305dfa9a2bbb60771
SHA1 4967389dea050001cb1af3ec799edb7805c3abb8
SHA256 1953edcac737d1ad3de6fbf69671163882fdc0be5bd21d00378d8d8c753c757a
SHA512 fba536378ab9b5f04d92f1029b92d255c7da445a29e2527647bc16e57d02c179de1e78a2de11db1b00cc54c24d3715980c84c0cde103f47c6150f2e7bb8f93d5

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite

MD5 261db6a17346c4169e72de2237f3e4cd
SHA1 7bfdd347dac0bbd4bd4b1cc9037597a0626443c3
SHA256 dd166080564b25213c3a56a13c4933bcaf84fdf3aaef9f794038e99bef7605e1
SHA512 8c2e431dbed059089b1d8e55911bf4b3e1ad23238185fc2677d51fec06caaddca6bb5c6d53d0d4743b0a5d999f9459261b177eeea9f2370c5d7b765d856d818b

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 54ceab89632ebe4077bbbfa42ae36c49
SHA1 462aa637a3623662ca31b189aee140c9b8faf8e5
SHA256 efb093220d84a5e8546a800c2ccfe2ce8624fa5fa022cd73abf92dfde37560bd
SHA512 d2ebd6327df4df2d46b4cac68206dd1011f58341a4acbc26650c0e68827715cbdb0f1b8e3b7188bd1f3331678513176290eacf102606fc48b826cdf5ba407b10

/root/.cache/mozilla/firefox/fnjqhvf3.default-release/cache2/entries/FDF6FBAB5B1CCD07E7820021F108FB180A6DDF67

MD5 86c693b4ef7497ec0f411e8338116550
SHA1 1a12cf3a27c9cd254443b4e708a8eb6d0c63658f
SHA256 4a18d1574992d97e3b85c3e3ce95bc0a165c43611e768db9a0f0a60d772c0f9f
SHA512 917babf09762c93ba8fd483c2de6204b08eb87249d23ba231346fdff2dd62ca8ca936c7771294265597b9fbda1c72aaaa2dd29e3063023402699f90a8e3337d5

/root/.mozilla/firefox/fnjqhvf3.default-release/cert9.db

MD5 2a3a9d54fd2c4cfaa5c5c648dd0cd3a1
SHA1 a0706e7c59299b2ae642976c7f53010e83569d65
SHA256 ae3ff4260d2320f6762e2a0039f6e50c1a051d655553619d3232ed03ff3f9ede
SHA512 24b13a61bc0ddc7b17d4636cc5e8dd0e8e84597e1966ce73c370662a53d20b22b21399350e920fd8b683f347d9eb6742a71f81d6c469b73db81919fd601c75fd

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs-1.js

MD5 f3eb902b03a193f7d75a235cf3a9b4ea
SHA1 e2edf226778a4000f8aef1bd5f816861da91065f
SHA256 c938c3ab16386c0dd4b54e38ebdf9e7314a1dac82cc6e472de820865e749f29d
SHA512 9980e55692a6ed417425b95fa021e8d8ae35fadd0003488fba4f5df3b284eaf8a165af9ceab9712f99149fb2abde4c01a17520f3e47a87a217f67c0f5f46da63

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 b2be2b10378b4cfd267eb8e1a152ce9c
SHA1 6191e14a8af12c18252d02fa583db54befbdfcb5
SHA256 f6f0652a70385da6febf210bb532b2a042690172017b76e4302b174624214f48
SHA512 df0a179a09a8c1925b0c5f16e13995c6f0e6445298dbc192c46b40dacccb6d729c196eff856e53d202ec28ea110563ba1d50ae5ec7a45d6295caecbd5a08b227

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 e56ef65998f7b8491e35aa4da59e11de
SHA1 c54e6c67e523d5d518e07e14af3282cc5356da10
SHA256 bed728b92318279715efcb4c3192c2a9abc0cab7ca439b81bf1dd8a84e601c58
SHA512 ab65a1804fb38c82434d37f454c27c84156478688d1d7fccc4858ba8c6c806d26193c93aea8d1fe903b3cde0189e91717cd061a017c63e665f2bff0fdd73cff5

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/1451318868ntouromlalnodry--epcr.sqlite

MD5 284f64b4451ac66d2f125b74e8397252
SHA1 152d5c43bca69e48f00ed6e11eaba4f4f59dcf6d
SHA256 a4c593487059c1e174153cdc6f96b810393b890d635fa00b6d4ed652f00ba0aa
SHA512 55aa6d2d0e8677fcbf29ce445e3fc6e85ff81700e171e928a455ecba101c9345377c76ffbb914d2d6231e1e39fe32aa7f6a978ac5c82c775d026332744c3dd24

/root/.mozilla/firefox/fnjqhvf3.default-release/webappsstore.sqlite

MD5 41c22c9f81a84b1b0e5ee7ec2ff7c545
SHA1 d12424cba9e4e9124bf3f15e556c562b95c9b6a3
SHA256 4ffdc78433817da79ad2e84b26a2ffaf62d8c1baf80421751d752c3d8723328f
SHA512 8b690c55ae0b25aeede62a09dea1ef6b7daa9880ca63c6d4ce192160daded05fe0dc44b115216ce10523e2ec45991873c249f159fe8608712818f5ead327897b

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs-1.js

MD5 2dc896cdab2acada8f3700b6f50b1b46
SHA1 c5c37617ec661c5a24a65c7bc4457103c82340a9
SHA256 cded9a648cb063284f2fe4772c6839d9317593bafb2db84615730619c6c9c83c
SHA512 6727f388202be8bb093d9ebd2879962d7f87a12ba7a9b83abe3a08e043ab85f576dc9e4d84a890fbe9391830cb55a5e5457e5f6cad0c3fb474153bc9c8e7f026

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/2918063365piupsah.sqlite

MD5 d7797ca7ca0770758ec1843310528201
SHA1 d020a9f6711f0ec3a75a4506ec5441bfe85f43a8
SHA256 ba1e9e93d2fec406890ce6d8f57e8ca65007990857e09911d49fc21956d77401
SHA512 5425339a68a436fea01bd910e9533a20ea7089010ba1174c9bc4d0b602fbadd685100522941fb61e52f3eb68e68a5734b367e8e154c96a4a27b6df81070bd016

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/2918063365piupsah.sqlite

MD5 f5f5c0ba16bff1a53dae27c25fd0a33c
SHA1 d2f6875fd8b82e6df422e0eb728a61b851845b96
SHA256 e63116dac95fd38ebfef4b53f9f3c0e75d4c56541e832b33c5387e982159bcd3
SHA512 63b462223158bd5872ca3ba4485ae7b01dc7219fc4c768994d50b5eccc2ab5501b83bee3717b5eb068cbc2e93772a74e0d281f949f20b0eca7dfbab9f0c9e386

/root/.mozilla/firefox/fnjqhvf3.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite

MD5 3f5684571105d13df6d9e7f39d2e3dab
SHA1 e989b7da13283ff6b021ba50e3cc0c75b7a35650
SHA256 7ae176a17526d27b7fadce064fcd79c183a5da7b0b6c542cf4db25c213e60069
SHA512 63bf40f37464e072a34811e71c40ed5e8bb372426634630efb265d3470417c4b92d8ed7f9a4ff3a4699a7d40104f2b1b5a1044513b4587141897b19974e30e7a

/root/.mozilla/firefox/fnjqhvf3.default-release/datareporting/glean/tmp/f313f83b-43dc-44b2-b2ee-76b654298132

MD5 3410941e9290145b51650caa883076c2
SHA1 3ea212748a05f60afe57aa1e8efcaf72c71436da
SHA256 fbb92faf0d24f91f019657c0e9676e5bce92e4320d9da7579a5ab125c5efabda
SHA512 a28aae224dd02a12146dce0d532b771a704ca94b0a31258d75cbe4879f5b6282a5ef188581ad11e720bd11fd8b11e193c81e4f86baff4f9ae7c1996b045e55ee

/root/.mozilla/firefox/fnjqhvf3.default-release/datareporting/glean/tmp/2dee0818-985e-447c-a23b-b1a91aa40b3c

MD5 7144e1b9df7aee856b6cb0615f423bd9
SHA1 80945903b74b346b7580c5db84e6493468667481
SHA256 fa435ca75e7eb308beced63c1f44fab82e2c3edf8d5672dd447cf7d36676c265
SHA512 21254dc6f5c42d6c2057605d62de69d06ef46ee76f6bd722e56266bca1a3e9220277d8ad75e513806aa8316375688f11c838e235acad6d036ce1c2ac242511e6

/root/.cache/mozilla/firefox/fnjqhvf3.default-release/cache2/entries/67E31D2E75E07799ADB8A11719B45B66094BFC42

MD5 f481e0a9c45884423e33ed75eb33ec8b
SHA1 2a739e0f4832f712f51f34f25ce78e03f1834c40
SHA256 7aa44b0754ca78088b2f575e70180bb99077a303814711d4926a6068a41cbfd2
SHA512 add6e8adb72b3e69c9c9eaa72791bc76b0d1ff01c671f6b3f992745e8131c3ea439bccc084c1fddfc78f2be52770e8cb8178c1d4e8e43108b8456d16884d69ff

/root/.cache/mozilla/firefox/fnjqhvf3.default-release/cache2/entries/6D12244A9BF17C9F443B26A86005A88DC08BD52D

MD5 34658fdaac072b345fced3bb5cee1c0a
SHA1 4eab29e21a6297254971f596e8e1889ebc83b383
SHA256 b3d26bd9fee6ce3a0dd2adfbd3faacb07a2d7b3747a5ae394f427cb10a635738
SHA512 05e5aaab9fb56c811b67285217468b7e483211dad7a1a9f5efb434817ef62cdcbc6ddc885e0c5f2839fc53921ed919f884f769e945ce33bce89680f59aa1f6e0

/root/.mozilla/firefox/fnjqhvf3.default-release/prefs-1.js

MD5 1a3e0cffa0143fa755990595738d051b
SHA1 be7134f377cd1c04fd1b32e48583e38f0d7a3f76
SHA256 7f5d603afe15ceebd999c7be72f126eefa96784e265d597737555385e7226bc5
SHA512 ffeb3e012e6307db34d1628d2f009e75ef4b11df77d11373050ba1b14dab7edc3bb88f06b2f804bce5b772fc2f2f3fbbb51d7b311e511f6a0078f5fb7637a0fd

/root/.cache/mozilla/firefox/fnjqhvf3.default-release/cache2/entries/6D89348819C8881868053197CA0754F36784BF5F

MD5 7931f2e560e23315c7aad7764d095d13
SHA1 7bd814eaddef4ff0dd64009a36e67b229530a76b
SHA256 b135379b24db0711a33f7fd978c0b10ea4bf3d1e74b3bb45f0190f30082b80a8
SHA512 fb8f1d95e6341cc248e8b73ec57c6478bde9165fccc2a381f27a56ba17c934578e4f51f4a972d688414f66fc1ec6b6df71f9a8d07653943a9a470a5f319065fa