hxxp://192[.]168[.]0[.]1

Resubmissions

27-03-2024 21:53

240327-1rlbzscd84 7

27-03-2024 21:52

240327-1ret7sfh6s 7

27-03-2024 21:51

240327-1qz4racd75 7

Analysis

max time kernel
8s
max time network
56s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27-03-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://192.168.0.1

Score

7^/10

antivm spyware stealer

Malware Config

Signatures

Changes its process name 64 IoCs

Processes:

firefox

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1668
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1668
Changes the process name, possibly in an attempt to hide itself	IPC I/O Parent	1668
Changes the process name, possibly in an attempt to hide itself	glean.dispatche	1667
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1673
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1673
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1672
Changes the process name, possibly in an attempt to hide itself	IPDL Background	1672
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1671
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1671
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1670
Changes the process name, possibly in an attempt to hide itself	Netlink Monitor	1670
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1674
Changes the process name, possibly in an attempt to hide itself	HTML5 Parser	1674
Changes the process name, possibly in an attempt to hide itself	Timer	1669
Changes the process name, possibly in an attempt to hide itself	Timer	1669
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1676
Changes the process name, possibly in an attempt to hide itself	JS Watchdog	1676
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1678
Changes the process name, possibly in an attempt to hide itself	BGReadURLs	1678
Changes the process name, possibly in an attempt to hide itself	Cache2 I/O	1679
Changes the process name, possibly in an attempt to hide itself	Cookie	1680
Changes the process name, possibly in an attempt to hide itself	Cookie	1680
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1681
Changes the process name, possibly in an attempt to hide itself	StreamTrans #1	1681
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #1	1683
Changes the process name, possibly in an attempt to hide itself	TaskCon~ller #0	1682
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1684
Changes the process name, possibly in an attempt to hide itself	BgIOThr~Pool #1	1684
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1690
Changes the process name, possibly in an attempt to hide itself	QuotaManager IO	1690
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1694
Changes the process name, possibly in an attempt to hide itself	IndexedDB #1	1694
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1697
Changes the process name, possibly in an attempt to hide itself	IPC Launch	1697
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1696
Changes the process name, possibly in an attempt to hide itself	SandboxReporter	1696
Changes the process name, possibly in an attempt to hide itself	Breakpad Server	1695
Changes the process name, possibly in an attempt to hide itself	Sandbox Forked	1698
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1699
Changes the process name, possibly in an attempt to hide itself	DOM Worker	1699
Changes the process name, possibly in an attempt to hide itself	Chroot Helper	1700
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1705
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1704
Changes the process name, possibly in an attempt to hide itself	StreamTrans #5	1705
Changes the process name, possibly in an attempt to hide itself	StreamTrans #4	1704
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1703
Changes the process name, possibly in an attempt to hide itself	StreamTrans #3	1703
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1702
Changes the process name, possibly in an attempt to hide itself	StreamTrans #2	1702
Changes the process name, possibly in an attempt to hide itself	MainThread	1698	firefox
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1706
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1706
Changes the process name, possibly in an attempt to hide itself	IPC I/O Child	1706
Changes the process name, possibly in an attempt to hide itself	FSBroker1698	1707
Changes the process name, possibly in an attempt to hide itself	FSBroker1698	1707
Changes the process name, possibly in an attempt to hide itself	Socket Process	1698	firefox
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1708
Changes the process name, possibly in an attempt to hide itself	Backgro~Pool #1	1708
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1709
Changes the process name, possibly in an attempt to hide itself	Socket Thread	1709
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1710
Changes the process name, possibly in an attempt to hide itself	ProfilerChild	1710
Changes the process name, possibly in an attempt to hide itself	Timer	1711

Reads user data of web browsers 56 IoCs

Reads stored browser data which can include saved credentials.

spyware stealer

Processes:

firefox

description	ioc
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cookies.sqlite-journal	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-journal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/handlers.json	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/extensions	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore-backups/recovery.baklz4
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/shield-preference-experiments.json
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/times.json
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cert9.db
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/prefs.js	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-journal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/permissions.sqlite
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-wal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/search.json.mozlz4
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/extension-preferences.json
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage.sqlite-journal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cookies.sqlite	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cert9.db	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore-backups/recovery.bak
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/compatibility.ini	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore-backups/recovery.jsonlz4
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/pkcs11.txt	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionCheckpoints.json
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/xulstore.json	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/SiteSecurityServiceState.txt
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/AlternateServices.txt
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore.js
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/addonStartup.json.lz4	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/ls-archive.sqlite
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore.jsonlz4
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/ClientAuthRememberList.txt
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/permissions.sqlite-journal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cert9.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/key4.db	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore-backups/previous.jsonlz4
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/user.js	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cookies.sqlite-journal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage.sqlite
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/ls-archive.sqlite-journal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/key4.db
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/addons.json
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore-backups/recovery.js
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/sessionstore-backups/previous.js
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cert9.db-journal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cookies.sqlite
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/system-extensions	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/extensions.json
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/key4.db-journal	firefox
File opened for reading	/root/.mozilla/firefox/9lrm4k71.default-release/cert_override.txt	firefox

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

description ioc

File opened for reading /proc/cpuinfo

description	ioc
File opened for reading	/proc/cpuinfo

Reads CPU attributes 1 TTPs 10 IoCs

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefox

description	ioc
File opened for reading	/sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index2/size
File opened for reading	/sys/devices/system/cpu/cpu0/cache/index3/size
File opened for reading	/sys/devices/system/cpu/present
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox
File opened for reading	/sys/devices/system/cpu/present	firefox

Enumerates kernel/hardware configuration 1 TTPs 59 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery

T1082

Processes:

firefoxfirefoxfirefoxfirefoxfirefoxdbus-daemon

description	ioc
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_device
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/uevent
File opened for reading	/sys/devices/system/cpu
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/device
File opened for reading	/sys/devices/pci0000:00/0000:00:02.0/subsystem_vendor
File opened for reading	/sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/irq
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq
File opened for reading	/sys/devices/system/cpu	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/bus/pci/devices
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor
File opened for reading	/sys/devices/system/cpu	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

firefoxfirefoxxdg-document-portalsedxdg-desktop-portalfirefoxdbus-daemonsedsedfirefoxfirefoxsedgvfsd-fusexdg-desktop-portal-gtkgvfsdxdg-permission-storesed

description	ioc	process
File opened for reading	/proc/self/fd/76	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd/31	firefox
File opened for reading	/proc/1781/statm
File opened for reading	/proc/self/fd/38	firefox
File opened for reading	/proc/filesystems	xdg-document-portal
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	xdg-desktop-portal
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/39	firefox
File opened for reading	/proc/self/fd/43	firefox
File opened for reading	/proc/1737/cmdline
File opened for reading	/proc/1746/cmdline
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1661/cmdline
File opened for reading	/proc/self/task/1701/stat
File opened for reading	/proc/1781/smaps
File opened for reading	/proc/1798/statm
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/self/fd/37	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/mountinfo
File opened for reading	/proc/1576/attr/current
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/fd/40	firefox
File opened for reading	/proc/self/fd/49	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/1726/cmdline
File opened for reading	/proc/sys/kernel/cap_last_cap
File opened for reading	/proc/1566/cmdline
File opened for reading	/proc/self/task/1785/stat
File opened for reading	/proc/self/fd/41	firefox
File opened for reading	/proc/self/fd/45	firefox
File opened for reading	/proc/self/fd/48	firefox
File opened for reading	/proc/self/task/1807/stat
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/self/fd/34	firefox
File opened for reading	/proc/self/cgroup	firefox
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/self/task/1834/stat
File opened for reading	/proc/self/maps	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/42	firefox
File opened for reading	/proc/filesystems	gvfsd-fuse
File opened for reading	/proc/self/fd/35	firefox
File opened for reading	/proc/1595/cmdline
File opened for reading	/proc/1722/cmdline
File opened for reading	/proc/filesystems	xdg-desktop-portal-gtk
File opened for reading	/proc/filesystems	gvfsd
File opened for reading	/proc/self/fd/29	firefox
File opened for reading	/proc/1717/cmdline
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/fd/46	firefox
File opened for reading	/proc/self/fd/51	firefox
File opened for reading	/proc/filesystems	xdg-permission-store
File opened for reading	/proc/self/fd/93	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/1576/status
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd/47	firefox
File opened for reading	/proc/self/fd

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

firefox

description ioc process

File opened for modification /tmp/firefox/.parentlock firefox

description	ioc	process
File opened for modification	/tmp/firefox/.parentlock	firefox

/usr/bin/xdg-open
xdg-open http://192.168.0.1
1⤵
PID:1565

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
2⤵
PID:1566

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1567

/bin/grep
grep " = \\\"xfce4\\\"\$"
2⤵
PID:1578

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
2⤵
PID:1577

/bin/grep
grep -i "^xfce_desktop_window"
2⤵
PID:1583

/usr/bin/xprop
xprop -root
2⤵
PID:1582

/bin/grep
grep -q "^Enlightenment"
2⤵
PID:1585

/bin/uname
uname
2⤵
PID:1586

/bin/grep
grep -q "^file://"
2⤵
PID:1588

/bin/egrep
egrep -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1590

/usr/local/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1590

/usr/local/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1590

/usr/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1590

/usr/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1590

/sbin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1590

/bin/grep
grep -E -q "^[[:alpha:]+\\.\\-]+:"
2⤵
PID:1590

/usr/bin/xdg-mime
xdg-mime query default x-scheme-handler/http
2⤵
PID:1594

/usr/bin/dbus-send
dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
3⤵
PID:1595

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
4⤵
PID:1596

/bin/grep
grep " = \\\"xfce4\\\"\$"
3⤵
PID:1598

/usr/bin/xprop
xprop -root _DT_SAVE_MODE
3⤵
PID:1597

/bin/grep
grep -i "^xfce_desktop_window"
3⤵
PID:1600

/usr/bin/xprop
xprop -root
3⤵
PID:1599

/bin/grep
grep -q "^Enlightenment"
3⤵
PID:1602

/bin/uname
uname
3⤵
PID:1603

/usr/bin/which
which firefox
2⤵
PID:1649

/usr/bin/firefox
/usr/bin/firefox http://192.168.0.1
2⤵
PID:1661

/usr/bin/which
which /usr/bin/firefox
3⤵
PID:1662

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox http://192.168.0.1
2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1661

/usr/bin/dbus-launch
dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
3⤵
PID:1666

/usr/local/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1714

/usr/local/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1714

/usr/sbin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1714

/usr/bin/dbus-launch
dbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr
3⤵
PID:1714

/usr/bin/dbus-daemon
/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1571

/bin/sed
sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
1⤵
- Reads runtime system information
PID:1593

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1606

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1611

/usr/bin/head
head -n 1
1⤵
PID:1609

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1608

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1610

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1616

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1615

/usr/bin/head
head -n 1
1⤵
PID:1614

/bin/grep
grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
1⤵
PID:1613

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1621

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1620

/usr/bin/head
head -n 1
1⤵
PID:1619

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1618

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1626

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1625

/usr/bin/head
head -n 1
1⤵
PID:1624

/bin/grep
grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
1⤵
PID:1623

/usr/bin/cut
cut -d ";" -f 1
1⤵
PID:1631

/usr/bin/cut
cut -d "=" -f 2
1⤵
PID:1630

/usr/bin/head
head -n 1
1⤵
PID:1629

/bin/grep
grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
1⤵
PID:1628

/bin/sed
sed "s/:/ /g"
1⤵
- Reads runtime system information
PID:1634

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1637

/bin/sed
sed -e "s|-|/|"
1⤵
- Reads runtime system information
PID:1640

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1648

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1652

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1655

/usr/bin/cut
cut "-d=" -f 2-
1⤵
PID:1660

/usr/bin/lsb_release
/usr/bin/lsb_release -idrc
1⤵
PID:1677

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{ac7b8ee0-637a-45a7-93a1-009a366b7044}" 1661 true socket
1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1698

/usr/libexec/xdg-desktop-portal
/usr/libexec/xdg-desktop-portal
1⤵
- Reads runtime system information
PID:1717

/usr/libexec/xdg-document-portal
/usr/libexec/xdg-document-portal
1⤵
- Reads runtime system information
PID:1722

/usr/libexec/xdg-permission-store
/usr/libexec/xdg-permission-store
1⤵
- Reads runtime system information
PID:1726

/usr/libexec/xdg-desktop-portal-gtk
/usr/libexec/xdg-desktop-portal-gtk
1⤵
- Reads runtime system information
PID:1737

/usr/lib/gvfs/gvfsd
/usr/lib/gvfs/gvfsd
1⤵
- Reads runtime system information
PID:1741

/usr/lib/gvfs/gvfsd-fuse
/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes
1⤵
- Reads runtime system information
PID:1746

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21807 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{66c84f46-e129-4fbd-9014-9c056e1d73eb}" 1661 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1781

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21475 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{4fa0102a-fea8-4416-b2e9-665b0748d143}" 1661 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1798

/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 21824 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{129f1c8e-3891-4662-b5cd-0d67fdfee8cb}" 1661 true tab
1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
PID:1831

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/root/.cache/dconf/user
Filesize
2B

MD5
c4103f122d27677c9db144cae1394a66

SHA1
1489f923c4dca729178b3e3233458550d8dddf29

SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7

SHA512
5ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54

Download Submit
/root/.cache/mozilla/firefox/9lrm4k71.default-release/cache2/entries/3D1E19D09F398691ABF62061591970855193B42F
Filesize
13KB

MD5
fb91761747853322e8b72540a0391015

SHA1
59934f5e8f009b69ef50f3c6a65fdc0a333fee4f

SHA256
5c8350b81325d9587b0d524be2c41f7c616026774a5095c56b59f241bf68120e

SHA512
bce966949588b096a8126b8b58702e3bcee6daa4b26447b14baf95aa1c135f71c8629265d9ef5a1d224a552920943e4ba3a92d527b66f86eeeb9e81e88323572

Download Submit
/root/.dbus/session-bus/11c67417355f45d397f6be11f62e85a6-0
Filesize
466B

MD5
f6cf3a671d3459d6335a506b41b9b85c

SHA1
d76a3fa3fefce173da1cbb5c5a5c6c4ea3185a00

SHA256
15d599b8daea32f3a285ded1ffa81d5c6191e2ed2c1b697ce498cbe1ac5a2100

SHA512
a72f4c31e0b8759bac27a556919c99f847682fb389afa394d55eed93a6cfb387a70b4a89daf462ffc319d1ae2528706ac37b4df27d08ddf689fbb2a1160d56c9

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/cert9.db
Filesize
224KB

MD5
f2e56cee4840d5114fcf9839c9a365dc

SHA1
c1269c75e49796f9eb6fa4023aa44546bbc57738

SHA256
7381502702aa56c345e8d308021b43c55e12af37bb64d180a0a40228e13d17fa

SHA512
5f317a414a058eb955a6b08ccaa19a4a27cb7eec7683491c620f203cccdeb6a379c8a2406f6239bfe316a763a327eeb0b042238e4d1f9cad29f8b172b9eb196f

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/cert9.db
Filesize
224KB

MD5
2a6a900eddcb1a82b82ee7641b6fbf86

SHA1
c9e8fcd0ed8a9b464e824ece054f9b31ac1728ae

SHA256
f9ab344f366b0f7f08b3cc51733fc304140908b7592b2983b3528491de0feff6

SHA512
cf54cbcdbd8fb746eb4a8ae076e2c6924623841a584f7e7f6b34fe4cf7027a8d898134dec8c5166d23c424cc2c90168bb23a38c0376954f8e5e3b51c3d9f725c

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/compatibility.ini
Filesize
163B

MD5
fe452b7294d5928a9a5863b89ee0a6bd

SHA1
a5d4c245071fa96476ba48b4725bdae7f1b7940f

SHA256
d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900

SHA512
dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/cookies.sqlite
Filesize
96KB

MD5
9535f5fe817accc769c2c1d3354db39f

SHA1
6af62cf08717cf3bfa84eb1a7b311acf522ce560

SHA256
c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5

SHA512
dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/cookies.sqlite
Filesize
96KB

MD5
5caa766855d5613a999f71b7812d6451

SHA1
ad0d9a52a0d5cc7f11858301dbe47377ed99ee37

SHA256
3a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27

SHA512
17bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/key4.db
Filesize
288KB

MD5
1a8fb9c79d382fe632bd75ed34bc8224

SHA1
d805fb005526b5db5dc2a4a0619c9977cad14dbb

SHA256
72b513bcee7efe5369ba54ab049465367bacb88f4fc0f7f2ff19b830cc778590

SHA512
7553ac8a5cf47e8a185b2a138cc377ded74158edb8df1228a7365a374fd71beb70e29554e6aa554c4a2f1f3d027eb6d61c7bd6b9d9505d7b95da6e2d63ca23d5

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/permissions.sqlite
Filesize
96KB

MD5
232fbc22dd03a8ec41edde02bdbea61c

SHA1
6ab4b39bca95418c52f7f861fd39e5fddb9cc7b6

SHA256
d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0

SHA512
055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/prefs-1.js
Filesize
1KB

MD5
eab77bc94d225c9e3af8e1e253938af1

SHA1
1d1f72c3935ad9bab64b1f11b450967c6c992d80

SHA256
6e9a36e277ee17e929fc4c67564464f922fdd795aa836a96eafc24c816813c73

SHA512
a9020a0666eccdf7c23452f7217ec505e50bc0b2c81895197bb7fc130dbdf2ceea774f50756d8a62c5c2cf2863d57afb65e60208a72a9f1bcb1500e976f39913

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/prefs-1.js
Filesize
1KB

MD5
1b5912e38cf3a3700f8daa590da05b91

SHA1
f117db1cc20b83db4793f22fdc7c7cee684ece8c

SHA256
1aea69c17d84eab50439f4de0026de92f8e1f95aaf47c1b584f58f6f6b896fd2

SHA512
a38102520c68d78b06cdd92e3e142280b1ee67502db2ae8bab61dc271b7f92ea309055ff78a9265b46e81a3bdd664a2fa429bdc0c11a2240fe94f5e732092416

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/prefs-1.js
Filesize
2KB

MD5
50e55b7fae9d99d5e71abf13ffc3f0f9

SHA1
784e13792a7f00c146f1b495eb43580c3ea88f86

SHA256
12106f5e287bf3c9c712aafce0e581338318379cf01494e85c5c9231f4ce12ae

SHA512
7811b5e5963787302125550399c978bda4fbae83269f144832fd5310a8dc7d4ae34ccb36846172face7569f9702a343e51eca664d57fa3c6d4109a680b81f046

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/prefs-1.js
Filesize
2KB

MD5
5823f1bd7b928bda9344aa5d76979fd5

SHA1
ea4ffd2a478692edc49ed4b51d8ee1d1025302a7

SHA256
62bc6586f69b64e45e740b8f14f5c19f281e175be168dc75b74c2b003e213379

SHA512
f4fa12a09f417d7af3620c75414d33b7cdcd9c6aee32d92cfdaa287d33ffe8022419f72877c9f4e4fce423d6af864a16c202723efe3f86bac86a3fdf53ee0519

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/prefs-1.js
Filesize
2KB

MD5
0d7908cad9ce8ee3b17d339d21366e90

SHA1
07e5e19b6bb46410b015ee19055cc8329e378a9f

SHA256
3fa9ce875b6b3f3b76a1c93815b7f68a52be105646864b78b9f204237404aaca

SHA512
b217eb3937d719b881b7dfab6654d1a3ef5e56543c1d7b345a5939bbf3ea8bb2efa06db7cade2da8c75960cbcc274cfcace415b181be9647a6ba460241fcaacf

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/prefs-1.js
Filesize
3KB

MD5
fc3f2b9b8d2151f52eaf2403f0a539ac

SHA1
8a3308c7aa82160330e8bf13110ea6ab95ae14ee

SHA256
e24f46827784d7ea3605288f518d958dec770e7c68d6797985feb0d83a153576

SHA512
505f1b6571e8f0fb42089124b6b26916a9225f05041aeccceb865105bf5a11b21b78ef05135dc48de87dcaa87b2163e0df4acd2e3642f4837f54180587434773

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/prefs.js
Filesize
1KB

MD5
f472b6de2256ec8d74803f0b40b520b0

SHA1
6b035a2f90b9b7b6df3f40da9c85eaba29499012

SHA256
763cc2647b22cb6347751a0176b1ba52d7541c2c67615f5bc0f7a64cb8659cb1

SHA512
fe254b35b170fdfb6a2e8fa7395b8f4b5392464409bd9dbace5f6e63d365ec72477156fbbe53b56d6ee3f232fa1fbc4176fe6399c978f5ea368125318209a059

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/ls-archive.sqlite
Filesize
96KB

MD5
e0c613bfd69956a19ce2dc5e925aa223

SHA1
14accb230edcd6cb76967cdc6d4e5686db96b5df

SHA256
0d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab

SHA512
01643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/ls-archive.sqlite
Filesize
128KB

MD5
178d71e5529d637ac62f7e75fdd75896

SHA1
339f2b949cc4c207b66aea11137448ba28d36dcb

SHA256
7b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4

SHA512
ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/.metadata-v2-tmp
Filesize
42B

MD5
0381dbb4af793470ac2a7506cdec6436

SHA1
3c514921991a21cfd28fb62a0ae2df7735ef74e7

SHA256
3f3a0af1730ccc1643df6120f3880817485304f1872fc6912fe417bbf4f26026

SHA512
6fc546fc3e0c1df4d450b4c2ba725dfc955b14a082857bbdf1d7536030d684c8779840a05ae85764d19969e328d6ba432e88d3258d39abd31a877876b2e846bd

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
44KB

MD5
759544297aaa61f5fef8ee42d0ae4393

SHA1
fc2d66f6e60409e3e8d38623ce5f817fc7f571e0

SHA256
1bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5

SHA512
8aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
12KB

MD5
eaa150b68d9168929336519a31854749

SHA1
5c7a368a01d293bc2a01d5a577a3e15bc226161b

SHA256
ca8abc78e372efae1baca6c77b907b93c73046a1494d282a4a2f70fc79f6efb8

SHA512
211c9b3b211bbcdf5f425043f47092cba4bc36db84bc09faf99f7d36d3721aae2ef71f3b7f395d83565c1a13a93fdd903722caed17ce3544e41567937c14a9b8

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
Filesize
16KB

MD5
3ab45094a3103b5f3823347831c9d9f9

SHA1
a1ef1da09a918cd621a4406eec9bb74d2c992902

SHA256
a05ff8da7d21f3dc07bc281c334b547303a450f57792484f672e2e613b7bfced

SHA512
31cad135a4d77f50a75dc87bcc4b89a97c111fd5de8f4feb2e9066347a3543c5a3569c7d8a2045980a176d20565062280354e27637828c19c6d0dcd91ab5d9fd

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
44KB

MD5
07a412e08825220262ad2890757ff779

SHA1
f46c127dbc070ded87a6078b3c1c761955f96de8

SHA256
da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4

SHA512
0134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
12KB

MD5
67ababe99092caf33fcf94830b32fb0b

SHA1
0ae4c3fb2f7621470e11b5795fbdb9f1d2a04634

SHA256
732e69e0dc943a3d845c144855bc103035ab28f9cf764a1136d0fd031b9b532f

SHA512
b3e25b717514e46d3395dbc92ea7bd3292722163f3805fdddf71b5a7ec5d7501fa6f6b0894c75906e5f2b4798b817d42ea240a034aa7b1b591d341dff3e44363

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
164KB

MD5
957e716e3b13cbece93eea82e771610a

SHA1
738fd8d17eb05be4a1c610320ecb137724c0b708

SHA256
4eae942940efff758f3ae0c3d02b33dd1142e0309a811e8696a618dc52674e26

SHA512
4f3facb0627ca4f916683f980d0da22fead21d93f5019d39157f9abfc457824171b494e0cb949bd497c6a02c95dec4411f3681a22bd83d338b60a7e514fa463f

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
Filesize
148KB

MD5
dd3f6ba37c670af5953593535e435d04

SHA1
ecfe4e650a050bce77e8ff7468de04c1b8acc9a4

SHA256
5cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561

SHA512
86e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/times.json
Filesize
50B

MD5
13db0e576b3f5dc01895bf84e42725c0

SHA1
8c9f5ea7c81bfba161cb9bfb5ab1d33431df11ea

SHA256
e7816dcf877b74bcec347c4a727b3e3cce7d306ba8df4f8b890aea60711abcb0

SHA512
a93903be9e365ffd2e832881bb0f02b7b68c4c7bf46034863b9a5bc4e618b4cf14dd5636d8cc12f4057a0c2ebb25335352cedb4a9e2775eb59ba5cea4f6a5037

Download Submit
/root/.mozilla/firefox/9lrm4k71.default-release/times.json
Filesize
47B

MD5
931628601ad0da89c1d4cad24e078197

SHA1
7919e793716871ca1ac8ebfe9f265e329bd920c2

SHA256
856cab7d85cf8ad89dab1c7f08694578d295c3dd6b9dde6f832501422e28b4bd

SHA512
0a5f88ba5a7944a2dd04dc9d970bdd8ca1feb309c43242fa164879a3877ea813c77565038fe39046c0ea961ff00b8b8a0869059e33ed90a6bd60f1977df58e5d

Download Submit
/root/.mozilla/firefox/Crash Reports/InstallTime20230522134052
Filesize
10B

MD5
042185f3a4a68977f24ad33abae1752a

SHA1
874a153395b23ff7ae4bc137df404954d607027d

SHA256
d0a314dbd97e3b7a306bed6f66e53d2237b5b41ff1a2fdff9f174977f7233433

SHA512
ba3b3372ca39a717a6fb5aa55e6a55a8f8812c021a3d78bc0fa4fef69698f670715a19cde548c9623aaba1ba31a5709492cf894e38b2ecdf6dd72b74ef69cf1e

Download Submit
/root/.mozilla/firefox/installs.ini
Filesize
62B

MD5
01bec5ae868f35ebde5c3d38364af107

SHA1
adf8102a205db5957356fbd0398b5153204d701f

SHA256
f70a910f8d74ef6773105c8ae380f806a257d436e3671015adb608d49d0f72d2

SHA512
ecda5e68f4e9253e0036eb076e515ac6d393183b8dd696f186ba376ca4bd7307fab3f6da32d2296101da73f3d585aa96cfcfc7206598478182c43124e049fb30

Download Submit
/root/.mozilla/firefox/profiles.ini
Filesize
259B

MD5
9bdfe279a23d611a32a08008a997b628

SHA1
5506b46a4785bf682aaf4215aa70c1bb00a547eb

SHA256
c0aded045551b59597b4d3cc9d7952320c90f28f7c27302f79f1823b8cd13595

SHA512
dfb0b9222d0f531864257619e0da435b75e9fff897500c4d72e53caccc859448641ec1e7a3ae0631be40e252631e9d6a61fb6b82cb1ab8d5a09d029c2333e657

Download Submit
/root/.mozilla/firefox/ugatamup.default/times.json
Filesize
47B

MD5
9cccb900b04eda50ed4836dcfb51a874

SHA1
1d81db1c0e8c48b3c2b382e9314c2db1cc8da1fc

SHA256
96b51faef9ed6d93257aabde3c76095d96ef05fede7fdb96046483331eed1f5a

SHA512
b8ab73d629fcac8553f9617f98cf74bc924ab734b61d82e72bc8f7f533e0d0edc9e1007d8bcb9276911ebd3cd6f672d2378184cdb0512934d14d7f90353106c6

Download Submit